Merge branch 'dev' into server_admin_pages

- Removed complicated optimisation steps that didn't seem to optimise anything
- Delete Yarn cache after installation

After this, it should be back to the previous pre-Yarn size.

.dockerignore

@@ -1,12 +1,19 @@
+_mydocs/
+_releases/
+.git/
+.yarn/cache/
+**/.DS_Store
 **/node_modules
 Assets/
-.git/
-_releases/
-packages/app-desktop
-packages/app-cli
-packages/app-mobile
-packages/app-clipper
-packages/generator-joplin
-packages/plugin-repo-cli
+docs/
+lerna-debug.log
+packages/app-cli/
+packages/app-clipper/
+packages/app-desktop/
+packages/app-mobile/
+packages/generator-joplin/
+packages/plugin-repo-cli/
 packages/server/db-*.sqlite
-packages/server/temp
+packages/server/dist/
+packages/server/logs/
+packages/server/temp/

.github/workflows/close-stale-issues.yml

@@ -15,6 +15,7 @@ jobs:
           stale-issue-message: "Hey there, it looks like there has been no activity on this issue recently. Has the issue been fixed, or does it still require the community's attention? This issue may be closed if no further activity occurs. You may comment on the issue and I will leave it open. Thank you for your contributions."
           days-before-stale: 30
           days-before-close: 7
+          operations-per-run: 1000
           exempt-issue-labels: 'good first issue,upstream,backlog,high,medium,spec,cannot reproduce'
           stale-issue-label: 'stale'
           close-issue-message: 'Closing this issue after a prolonged period of inactivity. If this issue is still present in the latest release, feel free to create a new issue with up-to-date information.'

.yarn/patches/markdown-it-multimd-table-npm-4.1.1-47e334d4bd

@@ -0,0 +1,43 @@
+diff --git a/index.js b/index.js
+index 85d89900d5fe575dd0c19430209fb1703b03554e..5fa68cc9a4bd2b21a7188bd263262fd9b1604ac6 100644
+--- a/index.js
++++ b/index.js
+@@ -145,7 +145,8 @@ module.exports = function multimd_table_plugin(md, options) {
+         colspan, leftToken,
+         rowspan, upTokens = [],
+         tableLines, tgroupLines,
+-        tag, text, range, r, c, b;
++        tag, text, range, r, c, b, t,
++        blockState;
+ 
+     if (startLine + 2 > endLine) { return false; }
+ 
+@@ -315,18 +316,26 @@ module.exports = function multimd_table_plugin(md, options) {
+ 
+         /* Multiline. Join the text and feed into markdown-it blockParser. */
+         if (options.multiline && trToken.meta.multiline && trToken.meta.mbounds) {
+-          text = [ text.trimRight() ];
++          // Pad the text with empty lines to ensure the line number mapping is correct
++          text = new Array(trToken.map[0]).fill('').concat([ text.trimRight() ]);
+           for (b = 1; b < trToken.meta.mbounds.length; b++) {
+             /* Line with N bounds has cells indexed from 0 to N-2 */
+             if (c > trToken.meta.mbounds[b].length - 2) { continue; }
+             range = [ trToken.meta.mbounds[b][c] + 1, trToken.meta.mbounds[b][c + 1] ];
+             text.push(state.src.slice.apply(state.src, range).trimRight());
+           }
+-          state.md.block.parse(text.join('\n'), state.md, state.env, state.tokens);
++          blockState = new state.md.block.State(text.join('\n'), state.md, state.env, []);
++          blockState.level = trToken.level + 1;
++          // Start tokenizing from the actual content (trToken.map[0])
++          state.md.block.tokenize(blockState, trToken.map[0], blockState.lineMax);
++          for (t = 0; t < blockState.tokens.length; t++) {
++            state.tokens.push(blockState.tokens[t]);
++          }
+         } else {
+           token          = state.push('inline', '', 0);
+           token.content  = text.trim();
+           token.map      = trToken.map;
++          token.level    = trToken.level + 1;
+           token.children = [];
+         }
+ 

Assets/WebsiteAssets/css/site.css

@@ -728,6 +728,23 @@ footer .bottom-links-row p {
 	}
 }
 
+/*****************************************************************
+ MEDIUM VIEW
+ - Make menu bar elements smaller and closer to each others
+   so that everything fit.
+*****************************************************************/
+
+@media (max-width: 990px) {
+	#nav-section > .container {
+		max-width: 960px;
+	}
+
+	#nav-section .button-link {
+		padding: 4px 12px;
+		font-size: 15px;
+	}
+}
+
 /*****************************************************************
  NARROW VIEW
  - Top right menu is displayed
@@ -740,6 +757,23 @@ footer .bottom-links-row p {
 		padding-bottom: 130px;
 	}
 
+	#menu-mobile .social-links {
+		display: flex;
+		justify-content: center;
+		margin-top: 20px;
+	}
+
+	#menu-mobile .social-links a {
+		margin-left: 15px;
+		font-size: 20px;
+	}
+
+	#menu-mobile .social-links .social-link-mastodon,
+	#menu-mobile .social-links .social-link-reddit,
+	#menu-mobile .social-links .social-link-patreon {
+		display: none;
+	}
+
 	.front-page h1 {
 		font-size: 2.5em;
 	}
@@ -857,7 +891,7 @@ footer .bottom-links-row p {
 	}
 
 	#menu-mobile .button-link {
-		padding: 10px 15px;
+		padding: 4px 12px;
 		font-size: 16px;
 		margin-left: 0px;
 	}

Assets/WebsiteAssets/templates/partials/footer.mustache

@@ -1,15 +1,6 @@
 <footer class="darkblue-bg">
 	<div class="container">
-		<div class="row">
-			<div class="col-12 col-md-12 social-links">
-				<a href="https://twitter.com/joplinapp" title="Joplin Twitter feed"><i class="fab fa-twitter"></i></a>
-				<a href="https://mastodon.social/@joplinapp" title="Joplin Mastodon feed"><i class="fab fa-mastodon"></i></a>
-				<a href="https://www.patreon.com/joplin" title="Joplin Patreon"><i class="fab fa-patreon"></i></a>
-				<a href="https://discord.gg/VSj7AFHvpq" title="Joplin Discord chat"><i class="fab fa-discord"></i></a>
-				<a href="https://www.reddit.com/r/joplinapp/" title="Joplin Subreddit"><i class="fab fa-reddit"></i></a>
-				<a href="https://github.com/laurent22/joplin/" title="Joplin GitHub repository"><i class="fab fa-github"></i></a>
-			</div>
-		</div>
+		{{> socialFeeds}}
 
 		<div class="row bottom-links-row">
 			<div class="col-12 col-md-6">

Assets/WebsiteAssets/templates/partials/navbar.mustache

@@ -12,7 +12,8 @@
 				</a>
 			</div>
 			<div class="col-9 text-right d-none d-md-block">
-				<a href="{{baseUrl}}/news/" class="fw500">What's New</a>
+				<a href="https://twitter.com/joplinapp" title="Joplin Twitter feed" class="fw500"><i class="fab fa-twitter"></i></a>
+				<a href="{{baseUrl}}/news/" class="fw500">News</a>
 				<a href="{{baseUrl}}/help/" class="fw500">Help</a>
 				<a href="{{forumUrl}}" class="fw500">Forum</a>
 				{{#showJoplinCloudLinks}}
@@ -43,7 +44,7 @@
 						</div>
 
 						<div class="text-center menu-mobile-top">
-							<a href="{{baseUrl}}/news/" class="fw500 mobile-menu-link">What's New</a>
+							<a href="{{baseUrl}}/news/" class="fw500 mobile-menu-link">News</a>
 							<a href="{{baseUrl}}/help/" class="fw500 mobile-menu-link">Help</a>
 							<a href="{{forumUrl}}" class="fw500 mobile-menu-link">Forum</a>
 						</div>
@@ -59,6 +60,8 @@
 					{{#showToc}}
 						<div id="toc-mobile">{{{tocHtml}}}</div>
 					{{/showToc}}
+
+					{{> socialFeeds}}
 					
 					<div>
 						<p class="light-blue mobile-menu-link-bottom text-center">

Assets/WebsiteAssets/templates/partials/socialFeeds.mustache

@@ -0,0 +1,10 @@
+<div class="row">
+	<div class="col-12 col-md-12 social-links">
+		<a class="social-link-twitter" href="https://twitter.com/joplinapp" title="Joplin Twitter feed"><i class="fab fa-twitter"></i></a>
+		<a class="social-link-mastodon" href="https://mastodon.social/@joplinapp" title="Joplin Mastodon feed"><i class="fab fa-mastodon"></i></a>
+		<a class="social-link-patreon" href="https://www.patreon.com/joplin" title="Joplin Patreon"><i class="fab fa-patreon"></i></a>
+		<a class="social-link-discord" href="https://discord.gg/VSj7AFHvpq" title="Joplin Discord chat"><i class="fab fa-discord"></i></a>
+		<a class="social-link-reddit" href="https://www.reddit.com/r/joplinapp/" title="Joplin Subreddit"><i class="fab fa-reddit"></i></a>
+		<a class="social-link-github" href="https://github.com/laurent22/joplin/" title="Joplin GitHub repository"><i class="fab fa-github"></i></a>
+	</div>
+</div>

BUILD.md

@@ -20,7 +20,7 @@ There are also a few forks of existing packages under the "fork-*" name.
 
 - Install node 16+ - https://nodejs.org/en/
   - [Enable yarn](https://yarnpkg.com/getting-started/install): `corepack enable`
-- macOS: Install Cocoapods - `brew install cocoapods`
+- macOS: Install Cocoapods - `brew install cocoapods`. Apple Silicon [may require libvips](https://github.com/laurent22/joplin/pull/5966#issuecomment-1007158597) - `brew install vips`.
 - Windows: Install Windows Build Tools - `yarn install -g windows-build-tools --vs2015`
 - Linux: Install dependencies - `sudo apt install build-essential libnss3 libsecret-1-dev python rsync`
 

Dockerfile.server

@@ -8,66 +8,36 @@ RUN apt-get update \
 # Enables Yarn
 RUN corepack enable
 
-RUN echo "Node: $(node --version)"
-RUN echo "Npm: $(npm --version)"
-RUN echo "Yarn: $(yarn --version)"
+RUN echo "Node: $(node --version)" \
+    && echo "Npm: $(npm --version)" \
+    && echo "Yarn: $(yarn --version)"
 
 ARG user=joplin
 
 RUN useradd --create-home --shell /bin/bash $user
 USER $user
 
-ENV NODE_ENV development
+ENV NODE_ENV production
+ENV RUNNING_IN_DOCKER 1
+EXPOSE ${APP_PORT}
 
 WORKDIR /home/$user
 
-RUN mkdir /home/$user/logs
+RUN mkdir /home/$user/logs \
+    && mkdir /home/$user/.yarn
 
-# Install the root scripts but don't run postinstall (which would bootstrap
-# and build TypeScript files, but we don't have the TypeScript files at
-# this point)
-
-COPY --chown=$user:$user package*.json ./
-COPY --chown=$user:$user .yarn ./.yarn
+COPY --chown=$user:$user .yarn/patches ./.yarn/patches
+COPY --chown=$user:$user .yarn/plugins ./.yarn/plugins
+COPY --chown=$user:$user .yarn/releases ./.yarn/releases
+COPY --chown=$user:$user package.json .
 COPY --chown=$user:$user .yarnrc.yml .
 COPY --chown=$user:$user yarn.lock .
 COPY --chown=$user:$user gulpfile.js .
-
-RUN yarn install --inline-builds --mode=skip-build
-
-# To take advantage of the Docker cache, we first copy all the package.json
-# and package-lock.json files, as they rarely change, and then bootstrap
-# all the packages.
-#
-# Note that bootstrapping the packages will run all the postinstall
-# scripts, which means that for packages that have such scripts, we need to
-# copy all the files.
-#
-# We can't run boostrap with "--ignore-scripts" because that would
-# prevent certain sub-packages, such as sqlite3, from being built
-
-COPY --chown=$user:$user packages/fork-sax/package*.json ./packages/fork-sax/
-COPY --chown=$user:$user packages/fork-uslug/package*.json ./packages/fork-uslug/
-COPY --chown=$user:$user packages/htmlpack/package*.json ./packages/htmlpack/
-COPY --chown=$user:$user packages/renderer/package*.json ./packages/renderer/
-COPY --chown=$user:$user packages/tools/package*.json ./packages/tools/
-COPY --chown=$user:$user packages/lib/package*.json ./packages/lib/
 COPY --chown=$user:$user tsconfig.json .
-
-# The following have postinstall scripts so we need to copy all the files.
-# Since they should rarely change this is not an issue
-
 COPY --chown=$user:$user packages/turndown ./packages/turndown
 COPY --chown=$user:$user packages/turndown-plugin-gfm ./packages/turndown-plugin-gfm
 COPY --chown=$user:$user packages/fork-htmlparser2 ./packages/fork-htmlparser2
 COPY --chown=$user:$user packages/server/package*.json ./packages/server/
-
-# Then bootstrap only, without compiling the TypeScript files
-
-RUN yarn install --inline-builds --mode=skip-build
-
-# Now copy the source files. Put lib and server last as they are more likely to change.
-
 COPY --chown=$user:$user packages/fork-sax ./packages/fork-sax
 COPY --chown=$user:$user packages/fork-uslug ./packages/fork-uslug
 COPY --chown=$user:$user packages/htmlpack ./packages/htmlpack
@@ -76,21 +46,23 @@ COPY --chown=$user:$user packages/tools ./packages/tools
 COPY --chown=$user:$user packages/lib ./packages/lib
 COPY --chown=$user:$user packages/server ./packages/server
 
-# Finally build everything, in particular the TypeScript files. We can't just
-# run `yarn run build` because that wouldn't run the postinstall scripts in
-# dependencies (for example the sqlite3 native module would not be built). So
-# instead we run `yarn install`, which is going to install again all the
-# packages (but because it's already done it should be fast), and then run the
-# postinstall scripts, as well as build scripts.
+# For some reason there's both a .yarn/cache and .yarn/berry/cache that are
+# being generated, and both have the same content. Not clear why it does this
+# but we can delete it anyway. We can delete the cache because we use
+# `nodeLinker: node-modules`. If we ever implement Zero Install, we'll need to
+# keep the cache.
+#
+# Note that `yarn install` ignores `NODE_ENV=production` and will install dev
+# dependencies too, but this is fine because we need them to build the app.
 
-RUN BUILD_SEQUENCIAL=1 yarn install --inline-builds
+RUN BUILD_SEQUENCIAL=1 yarn install --inline-builds \
+    && yarn cache clean \
+    && rm -rf .yarn/berry
 
-ENV RUNNING_IN_DOCKER=1
-EXPOSE ${APP_PORT}
-
-# Not clear what's the equivalent of "--prefix" in Yarn 3, so keep using npm for
-# now.
-CMD [ "npm", "--prefix", "packages/server", "start" ]
+# Call the command directly, without going via npm:
+# https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#cmd
+WORKDIR "/home/$user/packages/server"
+CMD [ "node", "dist/app.js" ]
 
 # Build-time metadata
 # https://github.com/opencontainers/image-spec/blob/master/annotations.md

README.md

@@ -300,7 +300,6 @@ To add a **Bucket Policy** from the AWS S3 Web Console, navigate to the **Permis
         {
             "Sid": "VisualEditor0",
             "Effect": "Allow",
-            "Principal": "*",
             "Action": [
                   "s3:ListBucket",
                   "s3:GetBucketLocation",

package.json

@@ -78,5 +78,8 @@
     "node-gyp": "^8.4.1",
     "nodemon": "^2.0.9"
   },
-  "packageManager": "yarn@3.1.1"
+  "packageManager": "yarn@3.1.1",
+  "resolutions": {
+    "markdown-it-multimd-table@4.1.1": "patch:markdown-it-multimd-table@npm:4.1.1#.yarn/patches/markdown-it-multimd-table-npm-4.1.1-47e334d4bd"
+  }
 }

packages/app-desktop/app.ts

@@ -446,8 +446,9 @@ class Application extends BaseApplication {
 
 		await this.checkForLegacyTemplates();
 
-		// Note: Auto-update currently doesn't work in Linux: it downloads the update
-		// but then doesn't install it on exit.
+		// Note: Auto-update is a misnomer in the code.
+		// The code below only checks, if a new version is available.
+		// We only allow Windows and macOS users to automatically check for updates
 		if (shim.isWindows() || shim.isMac()) {
 			const runAutoUpdateCheck = () => {
 				if (Setting.value('autoUpdateEnabled')) {

packages/app-desktop/gui/ClipperConfigScreen.tsx

@@ -56,7 +56,7 @@ class ClipperConfigScreenComponent extends React.Component {
 
 		const containerStyle = Object.assign({}, theme.containerStyle, {
 			overflowY: 'scroll',
-			padding: theme.configScreenPadding,
+			// padding: theme.configScreenPadding,
 			backgroundColor: theme.backgroundColor3,
 		});
 

packages/app-desktop/gui/EditFolderDialog/Dialog.tsx

@@ -1,5 +1,5 @@
 import * as React from 'react';
-import { useCallback, useState } from 'react';
+import { useCallback, useState, useRef, useEffect } from 'react';
 import { _ } from '@joplin/lib/locale';
 import DialogButtonRow, { ClickEvent } from '../DialogButtonRow';
 import Dialog from '../Dialog';
@@ -22,6 +22,7 @@ interface Props {
 export default function(props: Props) {
 	const [folderTitle, setFolderTitle] = useState('');
 	const [folderIcon, setFolderIcon] = useState<FolderIcon>();
+	const titleInputRef = useRef(null);
 
 	const isNew = !props.folderId;
 
@@ -41,6 +42,14 @@ export default function(props: Props) {
 		});
 	}, [props.dispatch]);
 
+	useEffect(() => {
+		titleInputRef.current.focus();
+
+		setTimeout(() => {
+			titleInputRef.current.select();
+		}, 100);
+	}, []);
+
 	const onButtonRowClick = useCallback(async (event: ClickEvent) => {
 		if (event.buttonName === 'cancel') {
 			onClose();
@@ -90,7 +99,7 @@ export default function(props: Props) {
 				<div className="form">
 					<div className="form-input-group">
 						<label>{_('Title')}</label>
-						<StyledInput type="text" value={folderTitle} onChange={onFolderTitleChange}/>
+						<StyledInput type="text" ref={titleInputRef} value={folderTitle} onChange={onFolderTitleChange}/>
 					</div>
 
 					<div className="form-input-group">

packages/app-desktop/gui/KeymapConfig/styles/index.ts

@@ -5,7 +5,7 @@ export default function styles(themeId: number) {
 		return {
 			container: {
 				...theme.containerStyle,
-				padding: theme.configScreenPadding,
+				// padding: theme.configScreenPadding,
 				backgroundColor: theme.backgroundColor3,
 			},
 			actionsContainer: {

packages/app-desktop/gui/NoteEditor/NoteBody/CodeMirror/CodeMirror.tsx

@@ -67,7 +67,7 @@ function CodeMirror(props: NoteBodyEditorProps, ref: any) {
 
 	usePluginServiceRegistration(ref);
 
-	const { resetScroll, editor_scroll, setEditorPercentScroll, setViewerPercentScroll, editor_resize,
+	const { resetScroll, editor_scroll, setEditorPercentScroll, setViewerPercentScroll, editor_resize, getLineScrollPercent,
 	} = useScrollHandler(editorRef, webviewRef, props.onScroll);
 
 	const codeMirror_change = useCallback((newBody: string) => {
@@ -576,9 +576,14 @@ function CodeMirror(props: NoteBodyEditorProps, ref: any) {
 		const arg0 = args && args.length >= 1 ? args[0] : null;
 
 		if (msg.indexOf('checkboxclick:') === 0) {
-			const newBody = shared.toggleCheckbox(msg, props.content);
+			const { line, from, to } = shared.toggleCheckboxRange(msg, props.content);
 			if (editorRef.current) {
-				editorRef.current.updateBody(newBody);
+				// To cancel CodeMirror's layout drift, the scroll position
+				// is recorded before updated, and then it is restored.
+				// Ref. https://github.com/laurent22/joplin/issues/5890
+				const percent = getLineScrollPercent();
+				editorRef.current.replaceRange(line, from, to);
+				setEditorPercentScroll(percent);
 			}
 		} else if (msg === 'percentScroll') {
 			const percent = arg0;

packages/app-desktop/gui/NoteEditor/NoteBody/CodeMirror/utils/useScrollHandler.ts

@@ -7,6 +7,7 @@ export default function useScrollHandler(editorRef: any, webviewRef: any, onScro
 	const ignoreNextEditorScrollTime_ = useRef(Date.now());
 	const ignoreNextEditorScrollEventCount_ = useRef(0);
 	const delayedSetEditorPercentScrollTimeoutID_ = useRef(null);
+	const lastResizeHeight_ = useRef(NaN);
 
 	// Ignores one next scroll event for a short time.
 	const ignoreNextEditorScrollEvent = () => {
@@ -90,8 +91,7 @@ export default function useScrollHandler(editorRef: any, webviewRef: any, onScro
 	}, [scheduleOnScroll]);
 
 	const editor_scroll = useCallback(() => {
-		if (isNextEditorScrollEventIgnored()) return;
-
+		const ignored = isNextEditorScrollEventIgnored();
 		const cm = editorRef.current;
 		if (isCodeMirrorReady(cm)) {
 			const editorPercent = Math.max(0, Math.min(1, cm.getScrollPercent()));
@@ -104,7 +104,9 @@ export default function useScrollHandler(editorRef: any, webviewRef: any, onScro
 				// calculates GUI-independent line-based percent
 				const percent = translateScrollPercentE2L(cm, editorPercent);
 				scrollPercent_.current = percent;
-				setViewerPercentScroll(percent);
+				if (!ignored) {
+					setViewerPercentScroll(percent);
+				}
 			}
 		}
 	}, [setViewerPercentScroll]);
@@ -117,13 +119,29 @@ export default function useScrollHandler(editorRef: any, webviewRef: any, onScro
 	}, []);
 
 	const editor_resize = useCallback((cm) => {
-		if (cm) {
-			restoreEditorPercentScroll();
+		if (isCodeMirrorReady(cm)) {
+			// Only when resized, the scroll position is restored.
+			const info = cm.getScrollInfo();
+			const height = info.height - info.clientHeight;
+			if (height !== lastResizeHeight_.current) {
+				restoreEditorPercentScroll();
+				lastResizeHeight_.current = height;
+			}
+		}
+	}, []);
+
+	const getLineScrollPercent = useCallback(() => {
+		const cm = editorRef.current;
+		if (isCodeMirrorReady(cm)) {
+			const ePercent = cm.getScrollPercent();
+			return translateScrollPercentE2L(cm, ePercent);
+		} else {
+			return scrollPercent_.current;
 		}
 	}, []);
 
 	return {
-		resetScroll, setEditorPercentScroll, setViewerPercentScroll, editor_scroll, editor_resize,
+		resetScroll, setEditorPercentScroll, setViewerPercentScroll, editor_scroll, editor_resize, getLineScrollPercent,
 	};
 }
 

packages/app-desktop/gui/SearchBar/SearchBar.tsx

@@ -15,6 +15,7 @@ export const Root = styled.div`
 	position: relative;
 	display: flex;
 	width: 100%;
+	min-width: 30px;
 `;
 
 interface Props {

packages/app-desktop/gui/TagItem.jsx

@@ -1,14 +1,15 @@
 const React = require('react');
 const { connect } = require('react-redux');
 const { themeStyle } = require('@joplin/lib/theme');
+const CommandService = require('@joplin/lib/services/CommandService').default;
 
 class TagItemComponent extends React.Component {
 	render() {
 		const theme = themeStyle(this.props.themeId);
 		const style = Object.assign({}, theme.tagStyle);
-		const title = this.props.title;
+		const { title, id } = this.props;
 
-		return <span style={style}>{title}</span>;
+		return <button style={style} onClick={() => CommandService.instance().execute('openTag', id)}>{title}</button>;
 	}
 }
 

packages/app-desktop/gui/TagList.tsx

@@ -42,6 +42,7 @@ function TagList(props: Props) {
 		for (let i = 0; i < tags.length; i++) {
 			const props = {
 				title: tags[i].title,
+				id: tags[i].id,
 				key: tags[i].id,
 			};
 			output.push(<TagItem {...props} />);

packages/app-desktop/main.scss

@@ -151,7 +151,7 @@ General classes
 
 body, button {
 	color: var(--joplin-color);
-	font-size: 16px;
+	font-size: 13px;
 }
 
 div, span, a {
@@ -159,7 +159,7 @@ div, span, a {
 }
 
 h2 {
-	font-size: 24px;
+	font-size: 20px;
 
 	&.-no-top-margin {
 		margin-top: 0;
@@ -193,7 +193,7 @@ div.form,
 
 p {
 	&.-small {
-		font-size: 13px;
+		font-size: 11px;
 	}
 }
 

packages/app-desktop/runForTesting.sh

@@ -10,6 +10,12 @@
 
 # ./runForTesting.sh 1 createUsers,createData,reset,e2ee,sync && ./runForTesting.sh 2 reset,e2ee,sync && ./runForTesting.sh 1
 
+# ----------------------------------------------------------------------------------
+# First user has E2EE, but second one doesn't:
+# ----------------------------------------------------------------------------------
+
+# ./runForTesting.sh 1 createUsers,createData,reset,e2ee,sync && ./runForTesting.sh 2 reset,sync && ./runForTesting.sh 1
+
 # ----------------------------------------------------------------------------------
 # Without E2EE:
 # ----------------------------------------------------------------------------------

packages/generator-joplin/generators/app/templates/package_TEMPLATE.json

@@ -10,6 +10,9 @@
   "keywords": [
     "joplin-plugin"
   ],
+  "files": [
+    "publish"
+  ],
   "devDependencies": {
     "@types/node": "^14.0.14",
     "chalk": "^4.1.0",

packages/lib/SyncTargetAmazonS3.js

@@ -98,14 +98,14 @@ class SyncTargetAmazonS3 extends BaseSyncTarget {
 	// We could implement that here, but the above workaround saves some code.
 
 	static async checkConfig(options) {
-		const fileApi = await SyncTargetAmazonS3.newFileApi_(SyncTargetAmazonS3.id(), options);
-		fileApi.requestRepeatCount_ = 0;
-
 		const output = {
 			ok: false,
 			errorMessage: '',
 		};
 		try {
+			const fileApi = await SyncTargetAmazonS3.newFileApi_(SyncTargetAmazonS3.id(), options);
+			fileApi.requestRepeatCount_ = 0;
+
 			const headBucketReq = new Promise((resolve, reject) => {
 				fileApi.driver().api().send(
 

packages/lib/commands/synchronize.ts

@@ -35,7 +35,7 @@ export const runtime = (): CommandRuntime => {
 					return 'auth';
 				}
 
-				reg.logger().info('Not authentified with sync target - please check your credential.');
+				reg.logger().error('Not authenticated with sync target - please check your credentials.');
 				return 'error';
 			}
 
@@ -43,8 +43,13 @@ export const runtime = (): CommandRuntime => {
 			try {
 				sync = await reg.syncTarget().synchronizer();
 			} catch (error) {
-				reg.logger().info('Could not acquire synchroniser:');
-				reg.logger().info(error);
+				reg.logger().error('Could not initialise synchroniser: ');
+				reg.logger().error(error);
+				error.message = `Could not initialise synchroniser: ${error.message}`;
+				utils.store.dispatch({
+					type: 'SYNC_REPORT_UPDATE',
+					report: { errors: [error] },
+				});
 				return 'error';
 			}
 

packages/lib/components/shared/note-screen-shared.js

@@ -248,7 +248,7 @@ shared.toggleIsTodo_onPress = function(comp) {
 	comp.setState(newState);
 };
 
-shared.toggleCheckbox = function(ipcMessage, noteBody) {
+function toggleCheckboxLine(ipcMessage, noteBody) {
 	const newBody = noteBody.split('\n');
 	const p = ipcMessage.split(':');
 	const lineIndex = Number(p[p.length - 1]);
@@ -281,7 +281,18 @@ shared.toggleCheckbox = function(ipcMessage, noteBody) {
 	} else {
 		line = line.replace(/- \[x\] /i, '- [ ] ');
 	}
+	return [newBody, lineIndex, line];
+}
 
+shared.toggleCheckboxRange = function(ipcMessage, noteBody) {
+	const [lineIndex, line] = toggleCheckboxLine(ipcMessage, noteBody).slice(1);
+	const from = { line: lineIndex, ch: 0 };
+	const to = { line: lineIndex, ch: line.length };
+	return { line, from, to };
+};
+
+shared.toggleCheckbox = function(ipcMessage, noteBody) {
+	const [newBody, lineIndex, line] = toggleCheckboxLine(ipcMessage, noteBody);
 	newBody[lineIndex] = line;
 	return newBody.join('\n');
 };

packages/lib/components/shared/side-menu-shared.js

@@ -105,7 +105,7 @@ shared.synchronize_press = async function(comp) {
 			return 'auth';
 		}
 
-		reg.logger().info('Not authentified with sync target - please check your credential.');
+		reg.logger().error('Not authenticated with sync target - please check your credentials.');
 		return 'error';
 	}
 
@@ -113,8 +113,13 @@ shared.synchronize_press = async function(comp) {
 	try {
 		sync = await reg.syncTarget().synchronizer();
 	} catch (error) {
-		reg.logger().info('Could not acquire synchroniser:');
-		reg.logger().info(error);
+		reg.logger().error('Could not initialise synchroniser: ');
+		reg.logger().error(error);
+		error.message = `Could not initialise synchroniser: ${error.message}`;
+		comp.props.dispatch({
+			type: 'SYNC_REPORT_UPDATE',
+			report: { errors: [error] },
+		});
 		return 'error';
 	}
 

packages/lib/models/Setting.ts

@@ -1190,7 +1190,7 @@ class Setting extends BaseModel {
 			},
 
 
-			autoUpdateEnabled: { value: true, type: SettingItemType.Bool, storage: SettingStorage.File, section: 'application', public: platform !== 'linux', appTypes: [AppType.Desktop], label: () => _('Automatically update the application') },
+			autoUpdateEnabled: { value: true, type: SettingItemType.Bool, storage: SettingStorage.File, section: 'application', public: platform !== 'linux', appTypes: [AppType.Desktop], label: () => _('Automatically check for updates') },
 			'autoUpdate.includePreReleases': { value: false, type: SettingItemType.Bool, section: 'application', storage: SettingStorage.File, public: true, appTypes: [AppType.Desktop], label: () => _('Get pre-releases when checking for updates'), description: () => _('See the pre-release page for more details: %s', 'https://joplinapp.org/prereleases') },
 			'clipperServer.autoStart': { value: false, type: SettingItemType.Bool, storage: SettingStorage.File, public: false },
 			'sync.interval': {

packages/lib/onedrive-api.ts

@@ -89,6 +89,7 @@ export default class OneDriveApi {
 			scope: 'files.readwrite offline_access sites.readwrite.all',
 			response_type: 'code',
 			redirect_uri: redirectUri,
+			prompt: 'login',
 		};
 		return `https://login.microsoftonline.com/common/oauth2/v2.0/authorize?${stringify(query)}`;
 	}

packages/lib/services/plugins/api/JoplinCommands.ts

@@ -17,7 +17,7 @@ import { Command } from './types';
  *
  * * [Main screen commands](https://github.com/laurent22/joplin/tree/dev/packages/app-desktop/gui/MainScreen/commands)
  * * [Global commands](https://github.com/laurent22/joplin/tree/dev/packages/app-desktop/commands)
- * * [Editor commands](https://github.com/laurent22/joplin/tree/dev/packages/app-desktop/gui/NoteEditor/commands/editorCommandDeclarations.ts)
+ * * [Editor commands](https://github.com/laurent22/joplin/tree/dev/packages/app-desktop/gui/NoteEditor/editorCommandDeclarations.ts)
  *
  * To view what arguments are supported, you can open any of these files
  * and look at the `execute()` command.

packages/lib/theme.ts

@@ -227,6 +227,7 @@ function addExtraStyles(style: any) {
 		justifyContent: 'center',
 		marginRight: 8,
 		borderRadius: 100,
+		borderWidth: 0,
 	};
 
 	style.toolbarStyle = {

packages/server/jest.config.js

@@ -16,4 +16,6 @@ module.exports = {
 		'jest-expect-message',
 		`${__dirname}/jest.setup.js`,
 	],
+
+	bail: true,
 };

packages/server/public/css/main.css

@@ -61,7 +61,8 @@ ul li {
 	list-style-type: disc;
 }
 
-ul.pagination-list li {
+ul.pagination-list li,
+ul.menu-list li {
 	list-style-type: none;
 }
 

packages/server/readme/CLA.md

@@ -0,0 +1,116 @@
+# Individual Contributor License Agreement
+
+Thank you for your interest in Joplin Server, owned by Cozic Ltd (the
+"Company"). In order to clarify the intellectual property license granted with
+Contributions from any person or entity, the Company must have a Contributor
+License Agreement ("CLA") on file that has been signed by each Contributor,
+indicating agreement to the license terms below. This license is for your
+protection as a Contributor as well as the protection of the Company and its
+users; it does not change your rights to use your own Contributions for any
+other purpose.
+
+Please complete and sign this Agreement, and then email a copy to
+cla@joplinapp.org only (do not copy any other persons or lists). Read this
+document carefully before signing and keep a copy for your records.
+
+- Full name: **FULL NAME**
+
+- Postal Address: **POSTAL ADDRESS**
+
+- Country: **COUNTRY**
+
+- E-Mail: **EMAIL**
+
+- GitHub username: **GITHUB USERNAME**
+
+You accept and agree to the following terms and conditions for Your present and
+future Contributions submitted to the Company. In return, the Company shall not
+use Your Contributions in a way that is contrary to the public benefit or
+inconsistent with its bylaws in effect at the time of the Contribution. Except
+for the license granted herein to the Company and recipients of software
+distributed by the Company, You reserve all right, title, and interest in and to
+Your Contributions.
+
+1. Definitions.
+
+   * "You" (or "Your")
+
+     "You" (or "Your") shall mean the copyright owner or legal entity authorized
+     by the copyright owner that is making this Agreement with the Company. For
+     legal entities, the entity making a Contribution and all other entities
+     that control, are controlled by, or are under common control with that
+     entity are considered to be a single Contributor. For the purposes of this
+     definition, "control" means (i) the power, direct or indirect, to cause the
+     direction or management of such entity, whether by contract or otherwise,
+     or (ii) ownership of fifty percent (50%) or more of the outstanding shares,
+     or (iii) beneficial ownership of such entity.
+
+   * "Contribution"
+
+     "Contribution" shall mean any original work of authorship, including any
+     modifications or additions to an existing work, that is intentionally
+     submitted by You to the Company for inclusion in, or documentation of, any
+     of the products owned or managed by the Company (the "Work"). For the
+     purposes of this definition, "submitted" means any form of electronic,
+     verbal, or written communication sent to the Company or its
+     representatives, including but not limited to communication on electronic
+     mailing lists, source code control systems, and issue tracking systems that
+     are managed by, or on behalf of, the Company for the purpose of discussing
+     and improving the Work, but excluding communication that is conspicuously
+     marked or otherwise designated in writing by You as "Not a Contribution."
+
+2. Grant of Copyright License. Subject to the terms and conditions of this
+   Agreement, You hereby grant to the Company and to recipients of software
+   distributed by the Company a perpetual, worldwide, non-exclusive, no-charge,
+   royalty-free, irrevocable copyright license to reproduce, prepare derivative
+   works of, publicly display, publicly perform, sublicense, and distribute Your
+   Contributions and such derivative works.
+
+3. Grant of Patent License. Subject to the terms and conditions of this
+   Agreement, You hereby grant to the Company and to recipients of software
+   distributed by the Company a perpetual, worldwide, non-exclusive, no-charge,
+   royalty-free, irrevocable (except as stated in this section) patent license
+   to make, have made, use, offer to sell, sell, import, and otherwise transfer
+   the Work, where such license applies only to those patent claims licensable
+   by You that are necessarily infringed by Your Contribution(s) alone or by
+   combination of Your Contribution(s) with the Work to which such
+   Contribution(s) was submitted. If any entity institutes patent litigation
+   against You or any other entity (including a cross-claim or counterclaim in a
+   lawsuit) alleging that your Contribution, or the Work to which you have
+   contributed, constitutes direct or contributory patent infringement, then any
+   patent licenses granted to that entity under this Agreement for that
+   Contribution or Work shall terminate as of the date such litigation is filed.
+
+4. You represent that you are legally entitled to grant the above license. If
+   your employer(s) has rights to intellectual property that you create that
+   includes your Contributions, you represent that you have received permission
+   to make Contributions on behalf of that employer, that your employer has
+   waived such rights for your Contributions to the Company, or that your
+   employer has executed a separate Corporate CLA with the Company.
+
+5. You represent that each of Your Contributions is Your original creation (see
+   section 7 for submissions on behalf of others). You represent that Your
+   Contribution submissions include complete details of any third-party license
+   or other restriction (including, but not limited to, related patents and
+   trademarks) of which you are personally aware and which are associated with
+   any part of Your Contributions.
+
+6. You are not expected to provide support for Your Contributions, except to the
+   extent You desire to provide support. You may provide support for free, for a
+   fee, or not at all. Unless required by applicable law or agreed to in
+   writing, You provide Your Contributions on an "AS IS" BASIS, WITHOUT
+   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including,
+   without limitation, any warranties or conditions of TITLE, NON- INFRINGEMENT,
+   MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+7. Should You wish to submit work that is not Your original creation, You may
+   submit it to the Company separately from any Contribution, identifying the
+   complete details of its source and of any license or other restriction
+   (including, but not limited to, related patents, trademarks, and license
+   agreements) of which you are personally aware, and conspicuously marking the
+   work as "Submitted on behalf of a third-party: **NAME HERE**".
+
+8. You agree to notify the Company of any facts or circumstances of which you
+   become aware that would make these representations inaccurate in any respect.
+
+Please sign: **SIGNATURE**          Date: **DATE**

packages/server/src/app.ts

@@ -24,6 +24,7 @@ import { RouteResponseFormat, routeResponseFormat } from './utils/routeUtils';
 import { parseEnv } from './env';
 import storageConnectionCheck from './utils/storageConnectionCheck';
 import { setLocale } from '@joplin/lib/locale';
+import checkAdminHandler from './middleware/checkAdminHandler';
 
 interface Argv {
 	env?: Env;
@@ -160,7 +161,7 @@ async function main() {
 					});
 				} catch (anotherError) {
 					ctx.response.set('Content-Type', 'application/json');
-					ctx.body = JSON.stringify({ error: error.message });
+					ctx.body = JSON.stringify({ error: `${error.message} (Check the server log for more information)` });
 				}
 			} else {
 				ctx.response.set('Content-Type', 'application/json');
@@ -196,6 +197,7 @@ async function main() {
 
 	app.use(apiVersionHandler);
 	app.use(ownerHandler);
+	app.use(checkAdminHandler);
 	app.use(notificationHandler);
 	app.use(clickJackingHandler);
 	app.use(routeHandler);

packages/server/src/config.ts

@@ -66,7 +66,7 @@ function mailerConfigFromEnv(env: EnvVariables): MailerConfig {
 		enabled: env.MAILER_ENABLED,
 		host: env.MAILER_HOST,
 		port: env.MAILER_PORT,
-		secure: env.MAILER_SECURE,
+		security: env.MAILER_SECURITY,
 		authUser: env.MAILER_AUTH_USER,
 		authPassword: env.MAILER_AUTH_PASSWORD,
 		noReplyName: env.MAILER_NOREPLY_NAME,
@@ -120,6 +120,7 @@ export async function initConfig(envType: Env, env: EnvVariables, overrides: any
 		stripe: stripeConfigFromEnv(stripePublicConfig, env),
 		port: appPort,
 		baseUrl,
+		adminBaseUrl: `${baseUrl}/admin`,
 		showErrorStackTraces: env.ERROR_STACK_TRACES,
 		apiBaseUrl,
 		userContentBaseUrl: env.USER_CONTENT_BASE_URL ? env.USER_CONTENT_BASE_URL : baseUrl,

packages/server/src/env.test.ts

@@ -0,0 +1,46 @@
+import { afterAllTests, beforeAllDb, beforeEachDb, expectThrow } from './utils/testing/testUtils';
+import { parseEnv } from './env';
+
+describe('env', function() {
+
+	beforeAll(async () => {
+		await beforeAllDb('env');
+	});
+
+	afterAll(async () => {
+		await afterAllTests();
+	});
+
+	beforeEach(async () => {
+		await beforeEachDb();
+	});
+
+	it('should parse env values', async function() {
+		const result = parseEnv({
+			DB_CLIENT: 'pg',
+			POSTGRES_PORT: '123',
+			MAILER_ENABLED: 'true',
+			SIGNUP_ENABLED: 'false',
+			TERMS_ENABLED: '0',
+			ACCOUNT_TYPES_ENABLED: '1',
+		});
+
+		expect(result.DB_CLIENT).toBe('pg');
+		expect(result.POSTGRES_PORT).toBe(123);
+		expect(result.MAILER_ENABLED).toBe(true);
+		expect(result.SIGNUP_ENABLED).toBe(false);
+		expect(result.TERMS_ENABLED).toBe(false);
+		expect(result.ACCOUNT_TYPES_ENABLED).toBe(true);
+	});
+
+	it('should overrides default values', async function() {
+		expect(parseEnv({}).POSTGRES_USER).toBe('joplin');
+		expect(parseEnv({}, { POSTGRES_USER: 'other' }).POSTGRES_USER).toBe('other');
+	});
+
+	it('should validate values', async function() {
+		await expectThrow(async () => parseEnv({ POSTGRES_PORT: 'notanumber' }));
+		await expectThrow(async () => parseEnv({ MAILER_ENABLED: 'TRUE' }));
+	});
+
+});

packages/server/src/env.ts

@@ -1,7 +1,13 @@
 // The possible env variables and their defaults are listed below.
 //
 // The env variables can be of type string, integer or boolean. When the type is
-// boolean, set the variable to "0" or "1" in your env file.
+// boolean, set the variable to "true", "false", "0" or "1" in your env file.
+
+export enum MailerSecurity {
+	None = 'none',
+	Tls = 'tls',
+	Starttls = 'starttls',
+}
 
 const defaultEnvValues: EnvVariables = {
 	// ==================================================
@@ -66,8 +72,8 @@ const defaultEnvValues: EnvVariables = {
 
 	MAILER_ENABLED: false,
 	MAILER_HOST: '',
-	MAILER_PORT: 587,
-	MAILER_SECURE: true,
+	MAILER_PORT: 465,
+	MAILER_SECURITY: MailerSecurity.Tls,
 	MAILER_AUTH_USER: '',
 	MAILER_AUTH_PASSWORD: '',
 	MAILER_NOREPLY_NAME: '',
@@ -120,7 +126,7 @@ export interface EnvVariables {
 	MAILER_ENABLED: boolean;
 	MAILER_HOST: string;
 	MAILER_PORT: number;
-	MAILER_SECURE: boolean;
+	MAILER_SECURITY: MailerSecurity;
 	MAILER_AUTH_USER: string;
 	MAILER_AUTH_PASSWORD: string;
 	MAILER_NOREPLY_NAME: string;
@@ -134,7 +140,13 @@ export interface EnvVariables {
 	STRIPE_WEBHOOK_SECRET: string;
 }
 
-export function parseEnv(rawEnv: any, defaultOverrides: any = null): EnvVariables {
+const parseBoolean = (s: string): boolean => {
+	if (s === 'true' || s === '1') return true;
+	if (s === 'false' || s === '0') return false;
+	throw new Error(`Invalid boolean value: "${s}" (Must be one of "true", "false", "0, "1")`);
+};
+
+export function parseEnv(rawEnv: Record<string, string>, defaultOverrides: any = null): EnvVariables {
 	const output: EnvVariables = {
 		...defaultEnvValues,
 		...defaultOverrides,
@@ -145,17 +157,21 @@ export function parseEnv(rawEnv: any, defaultOverrides: any = null): EnvVariable
 
 		if (rawEnvValue === undefined) continue;
 
-		if (typeof value === 'number') {
-			const v = Number(rawEnvValue);
-			if (isNaN(v)) throw new Error(`Invalid number value for env variable ${key} = ${rawEnvValue}`);
-			(output as any)[key] = v;
-		} else if (typeof value === 'boolean') {
-			if (rawEnvValue !== '0' && rawEnvValue !== '1') throw new Error(`Invalid boolean value for env variable ${key}: ${rawEnvValue} (Should be either "0" or "1")`);
-			(output as any)[key] = rawEnvValue === '1';
-		} else if (typeof value === 'string') {
-			(output as any)[key] = `${rawEnvValue}`;
-		} else {
-			throw new Error(`Invalid env default value type: ${typeof value}`);
+		try {
+			if (typeof value === 'number') {
+				const v = Number(rawEnvValue);
+				if (isNaN(v)) throw new Error(`Invalid number value "${rawEnvValue}"`);
+				(output as any)[key] = v;
+			} else if (typeof value === 'boolean') {
+				(output as any)[key] = parseBoolean(rawEnvValue);
+			} else if (typeof value === 'string') {
+				(output as any)[key] = `${rawEnvValue}`;
+			} else {
+				throw new Error(`Invalid env default value type: ${typeof value}`);
+			}
+		} catch (error) {
+			error.message = `Could not parse key "${key}": ${error.message}`;
+			throw error;
 		}
 	}
 

packages/server/src/middleware/checkAdminHandler.test.ts

@@ -0,0 +1,58 @@
+import { ErrorForbidden } from '../utils/errors';
+import { beforeAllDb, afterAllTests, beforeEachDb, koaAppContext, koaNext, expectNotThrow, expectHttpError, createUserAndSession } from '../utils/testing/testUtils';
+import checkAdminHandler from './checkAdminHandler';
+
+describe('checkAdminHandler', function() {
+
+	beforeAll(async () => {
+		await beforeAllDb('checkAdminHandler');
+	});
+
+	afterAll(async () => {
+		await afterAllTests();
+	});
+
+	beforeEach(async () => {
+		await beforeEachDb();
+	});
+
+	test('should access /admin if the user is admin', async function() {
+		const { session } = await createUserAndSession(1, true);
+
+		const context = await koaAppContext({
+			sessionId: session.id,
+			request: {
+				method: 'GET',
+				url: '/admin/organizations',
+			},
+		});
+
+		await expectNotThrow(async () => checkAdminHandler(context, koaNext));
+	});
+
+	test('should not access /admin if the user is not admin', async function() {
+		const { session } = await createUserAndSession(1);
+
+		const context = await koaAppContext({
+			sessionId: session.id,
+			request: {
+				method: 'GET',
+				url: '/admin/organizations',
+			},
+		});
+
+		await expectHttpError(async () => checkAdminHandler(context, koaNext), ErrorForbidden.httpCode);
+	});
+
+	test('should not access /admin if the user is not logged in', async function() {
+		const context = await koaAppContext({
+			request: {
+				method: 'GET',
+				url: '/admin/organizations',
+			},
+		});
+
+		await expectHttpError(async () => checkAdminHandler(context, koaNext), ErrorForbidden.httpCode);
+	});
+
+});

packages/server/src/middleware/checkAdminHandler.ts

@@ -0,0 +1,12 @@
+import { AppContext, KoaNext } from '../utils/types';
+import { isAdminRequest } from '../utils/requestUtils';
+import { ErrorForbidden } from '../utils/errors';
+
+export default async function(ctx: AppContext, next: KoaNext): Promise<void> {
+	if (isAdminRequest(ctx)) {
+		if (!ctx.joplin.owner) throw new ErrorForbidden();
+		if (!ctx.joplin.owner.is_admin) throw new ErrorForbidden();
+	}
+
+	return next();
+}

packages/server/src/middleware/routeHandler.ts

@@ -4,7 +4,7 @@ import { isView, View } from '../services/MustacheService';
 import config from '../config';
 import { userIp } from '../utils/requestUtils';
 import { createCsrfTag } from '../utils/csrf';
-import { getImpersonatorAdminSessionId } from '../routes/index/utils/users/impersonate';
+import { getImpersonatorAdminSessionId } from '../routes/admin/utils/users/impersonate';
 
 export default async function(ctx: AppContext) {
 	const requestStartTime = Date.now();
@@ -20,6 +20,7 @@ export default async function(ctx: AppContext) {
 			const view = responseObject as View;
 			ctx.response.status = view?.content?.error ? view?.content?.error?.httpCode || 500 : 200;
 			ctx.response.body = await ctx.joplin.services.mustache.renderView(view, {
+				currentUrl: ctx.URL,
 				notifications: ctx.joplin.notifications || [],
 				hasNotifications: !!ctx.joplin.notifications && !!ctx.joplin.notifications.length,
 				owner: ctx.joplin.owner,

packages/server/src/models/NotificationModel.ts

@@ -92,7 +92,8 @@ export default class NotificationModel extends BaseModel<Notification> {
 		return this.add(userId, NotificationKey.Any, NotificationLevel.Normal, message);
 	}
 
-	public async addError(userId: Uuid, message: string) {
+	public async addError(userId: Uuid, error: string | Error) {
+		const message = typeof error === 'string' ? error : error.message;
 		return this.add(userId, NotificationKey.Any, NotificationLevel.Error, message);
 	}
 

packages/server/src/routes/admin/dashboard.ts

@@ -0,0 +1,14 @@
+import { _ } from '@joplin/lib/locale';
+import defaultView from '../../utils/defaultView';
+import Router from '../../utils/Router';
+import { SubPath } from '../../utils/routeUtils';
+import { AppContext, RouteType } from '../../utils/types';
+
+const router = new Router(RouteType.Web);
+
+router.get('admin/dashboard', async (_path: SubPath, _ctx: AppContext) => {
+	const view = defaultView('admin/dashboard', _('Admin dashboard'));
+	return view;
+});
+
+export default router;

packages/server/src/routes/admin/tasks.ts

@@ -16,7 +16,7 @@ const prettyCron = require('prettycron');
 
 const router: Router = new Router(RouteType.Web);
 
-router.post('tasks', async (_path: SubPath, ctx: AppContext) => {
+router.post('admin/tasks', async (_path: SubPath, ctx: AppContext) => {
 	const user = ctx.joplin.owner;
 	if (!user.is_admin) throw new ErrorForbidden();
 
@@ -52,7 +52,7 @@ router.post('tasks', async (_path: SubPath, ctx: AppContext) => {
 	return redirect(ctx, makeUrl(UrlType.Tasks));
 });
 
-router.get('tasks', async (_path: SubPath, ctx: AppContext) => {
+router.get('admin/tasks', async (_path: SubPath, ctx: AppContext) => {
 	const user = ctx.joplin.owner;
 	if (!user.is_admin) throw new ErrorForbidden();
 
@@ -126,13 +126,13 @@ router.get('tasks', async (_path: SubPath, ctx: AppContext) => {
 	};
 
 	return {
-		...defaultView('tasks', 'Tasks'),
+		...defaultView('admin/tasks', 'Tasks'),
 		content: {
 			itemTable: makeTableView(table),
 			postUrl: makeUrl(UrlType.Tasks),
 			csrfTag: await createCsrfTag(ctx),
 		},
-		cssFiles: ['index/tasks'],
+		// cssFiles: ['index/tasks'],
 	};
 });
 

packages/server/src/routes/admin/user_deletions.ts

@@ -8,13 +8,13 @@ import { yesOrNo } from '../../utils/strings';
 import { makeTablePagination, makeTableView, Row, Table } from '../../utils/views/table';
 import { PaginationOrderDir } from '../../models/utils/pagination';
 import { formatDateTime } from '../../utils/time';
-import { userDeletionsUrl, userUrl } from '../../utils/urlUtils';
+import { adminUserDeletionsUrl, userUrl } from '../../utils/urlUtils';
 import { createCsrfTag } from '../../utils/csrf';
 import { bodyFields } from '../../utils/requestUtils';
 
 const router: Router = new Router(RouteType.Web);
 
-router.get('user_deletions', async (_path: SubPath, ctx: AppContext) => {
+router.get('admin/user_deletions', async (_path: SubPath, ctx: AppContext) => {
 	const user = ctx.joplin.owner;
 	if (!user.is_admin) throw new ErrorForbidden();
 
@@ -26,7 +26,7 @@ router.get('user_deletions', async (_path: SubPath, ctx: AppContext) => {
 		console.info(page);
 
 		const table: Table = {
-			baseUrl: userDeletionsUrl(),
+			baseUrl: adminUserDeletionsUrl(),
 			requestQuery: ctx.query,
 			pageCount: page.page_count,
 			pagination,
@@ -110,7 +110,7 @@ router.get('user_deletions', async (_path: SubPath, ctx: AppContext) => {
 			}),
 		};
 
-		const view = defaultView('user_deletions', 'User deletions');
+		const view = defaultView('admin/user_deletions', 'User deletions');
 		view.content = {
 			userDeletionTable: makeTableView(table),
 			postUrl: makeUrl(UrlType.UserDeletions),
@@ -124,7 +124,7 @@ router.get('user_deletions', async (_path: SubPath, ctx: AppContext) => {
 	throw new ErrorMethodNotAllowed();
 });
 
-router.post('user_deletions', async (_path: SubPath, ctx: AppContext) => {
+router.post('admin/user_deletions', async (_path: SubPath, ctx: AppContext) => {
 	const user = ctx.joplin.owner;
 	if (!user.is_admin) throw new ErrorForbidden();
 

packages/server/src/routes/admin/users.test.ts

@@ -0,0 +1,183 @@
+import { User } from '../../services/database/types';
+import routeHandler from '../../middleware/routeHandler';
+import { execRequest } from '../../utils/testing/apiUtils';
+import { beforeAllDb, afterAllTests, beforeEachDb, koaAppContext, createUserAndSession, models, checkContextError, expectHttpError } from '../../utils/testing/testUtils';
+import uuidgen from '../../utils/uuidgen';
+import { ErrorForbidden } from '../../utils/errors';
+
+async function postUser(sessionId: string, email: string, password: string = null, props: any = null): Promise<User> {
+	password = password === null ? uuidgen() : password;
+
+	const context = await koaAppContext({
+		sessionId: sessionId,
+		request: {
+			method: 'POST',
+			url: '/admin/users/new',
+			body: {
+				email: email,
+				password: password,
+				password2: password,
+				post_button: true,
+				...props,
+			},
+		},
+	});
+
+	await routeHandler(context);
+	checkContextError(context);
+	return context.response.body;
+}
+
+async function patchUser(sessionId: string, user: any, url: string = ''): Promise<User> {
+	const context = await koaAppContext({
+		sessionId: sessionId,
+		request: {
+			method: 'POST',
+			url: url ? url : '/admin/users',
+			body: {
+				...user,
+				post_button: true,
+			},
+		},
+	});
+
+	await routeHandler(context);
+	checkContextError(context);
+	return context.response.body;
+}
+
+describe('admin/users', function() {
+
+	beforeAll(async () => {
+		await beforeAllDb('admin/users');
+	});
+
+	afterAll(async () => {
+		await afterAllTests();
+	});
+
+	beforeEach(async () => {
+		await beforeEachDb();
+	});
+
+	test('should create a new user', async function() {
+		const { session } = await createUserAndSession(1, true);
+
+		const password = uuidgen();
+		await postUser(session.id, 'test@example.com', password, {
+			max_item_size: '',
+		});
+		const newUser = await models().user().loadByEmail('test@example.com');
+
+		expect(!!newUser).toBe(true);
+		expect(!!newUser.id).toBe(true);
+		expect(!!newUser.is_admin).toBe(false);
+		expect(!!newUser.email).toBe(true);
+		expect(newUser.max_item_size).toBe(null);
+		expect(newUser.must_set_password).toBe(0);
+
+		const userModel = models().user();
+		const userFromModel: User = await userModel.load(newUser.id);
+
+		expect(!!userFromModel.password).toBe(true);
+		expect(userFromModel.password === password).toBe(false); // Password has been hashed
+	});
+
+	test('should create a user with null properties if they are not explicitly set', async function() {
+		const { session } = await createUserAndSession(1, true);
+
+		await postUser(session.id, 'test@example.com');
+		const newUser = await models().user().loadByEmail('test@example.com');
+
+		expect(newUser.max_item_size).toBe(null);
+		expect(newUser.can_share_folder).toBe(null);
+		expect(newUser.can_share_note).toBe(null);
+		expect(newUser.max_total_item_size).toBe(null);
+	});
+
+	test('should ask user to set password if not set on creation', async function() {
+		const { session } = await createUserAndSession(1, true);
+
+		await postUser(session.id, 'test@example.com', '', {
+			max_item_size: '',
+		});
+		const newUser = await models().user().loadByEmail('test@example.com');
+
+		expect(newUser.must_set_password).toBe(1);
+		expect(!!newUser.password).toBe(true);
+	});
+
+	test('should format the email when saving it', async function() {
+		const email = 'ILikeUppercaseAndSpaces@Example.COM   ';
+
+		const { session } = await createUserAndSession(1, true);
+
+		const password = uuidgen();
+		await postUser(session.id, email, password);
+		const loggedInUser = await models().user().login(email, password);
+		expect(!!loggedInUser).toBe(true);
+		expect(loggedInUser.email).toBe('ilikeuppercaseandspaces@example.com');
+	});
+
+	test('should not create anything if user creation fail', async function() {
+		const { session } = await createUserAndSession(1, true);
+
+		const userModel = models().user();
+
+		const password = uuidgen();
+		await postUser(session.id, 'test@example.com', password);
+
+		const beforeUserCount = (await userModel.all()).length;
+		expect(beforeUserCount).toBe(2);
+
+		try {
+			await postUser(session.id, 'test@example.com', password);
+		} catch {
+			// Ignore
+		}
+
+		const afterUserCount = (await userModel.all()).length;
+		expect(beforeUserCount).toBe(afterUserCount);
+	});
+
+	test('should list users', async function() {
+		const { user: user1, session: session1 } = await createUserAndSession(1, true);
+		const { user: user2 } = await createUserAndSession(2, false);
+
+		const result = await execRequest(session1.id, 'GET', 'admin/users');
+		expect(result).toContain(user1.email);
+		expect(result).toContain(user2.email);
+	});
+
+	test('should delete sessions when changing password', async function() {
+		const { user, session, password } = await createUserAndSession(1);
+
+		await models().session().authenticate(user.email, password);
+		await models().session().authenticate(user.email, password);
+		await models().session().authenticate(user.email, password);
+
+		expect(await models().session().count()).toBe(4);
+
+		await patchUser(session.id, {
+			id: user.id,
+			email: 'changed@example.com',
+			password: 'hunter11hunter22hunter33',
+			password2: 'hunter11hunter22hunter33',
+		}, '/admin/users/me');
+
+		const sessions = await models().session().all();
+		expect(sessions.length).toBe(1);
+		expect(sessions[0].id).toBe(session.id);
+	});
+
+	test('should apply ACL', async function() {
+		const { user: admin, session: adminSession } = await createUserAndSession(1, true);
+
+		// admin user cannot make themselves a non-admin
+		await expectHttpError(async () => patchUser(adminSession.id, { id: admin.id, is_admin: 0 }), ErrorForbidden.httpCode);
+
+		// cannot delete own user
+		await expectHttpError(async () => execRequest(adminSession.id, 'POST', `admin/users/${admin.id}`, { disable_button: true }), ErrorForbidden.httpCode);
+	});
+
+});

packages/server/src/routes/admin/users.ts

@@ -0,0 +1,311 @@
+import { SubPath, redirect } from '../../utils/routeUtils';
+import Router from '../../utils/Router';
+import { RouteType } from '../../utils/types';
+import { AppContext, HttpMethod } from '../../utils/types';
+import { contextSessionId, formParse } from '../../utils/requestUtils';
+import { ErrorForbidden, ErrorUnprocessableEntity } from '../../utils/errors';
+import { User, UserFlag, UserFlagType, Uuid } from '../../services/database/types';
+import config from '../../config';
+import { View } from '../../services/MustacheService';
+import defaultView from '../../utils/defaultView';
+import { AclAction } from '../../models/BaseModel';
+import { AccountType, accountTypeOptions, accountTypeToString } from '../../models/UserModel';
+import uuidgen from '../../utils/uuidgen';
+import { formatMaxItemSize, formatMaxTotalSize, formatTotalSize, formatTotalSizePercent, yesOrNo } from '../../utils/strings';
+import { getCanShareFolder, totalSizeClass } from '../../models/utils/user';
+import { yesNoDefaultOptions, yesNoOptions } from '../../utils/views/select';
+import { stripePortalUrl, adminUserDeletionsUrl, adminUserUrl } from '../../utils/urlUtils';
+import { cancelSubscriptionByUserId, updateSubscriptionType } from '../../utils/stripe';
+import { createCsrfTag } from '../../utils/csrf';
+import { formatDateTime, Hour } from '../../utils/time';
+import { startImpersonating, stopImpersonating } from './utils/users/impersonate';
+import { userFlagToString } from '../../models/UserFlagModel';
+import { _ } from '@joplin/lib/locale';
+
+export interface CheckRepeatPasswordInput {
+	password: string;
+	password2: string;
+}
+
+export function checkRepeatPassword(fields: CheckRepeatPasswordInput, required: boolean): string {
+	if (fields.password) {
+		if (fields.password !== fields.password2) throw new ErrorUnprocessableEntity('Passwords do not match');
+		return fields.password;
+	} else {
+		if (required) throw new ErrorUnprocessableEntity('Password is required');
+	}
+
+	return '';
+}
+
+function boolOrDefaultToValue(fields: any, fieldName: string): number | null {
+	if (fields[fieldName] === '') return null;
+	const output = Number(fields[fieldName]);
+	if (isNaN(output) || (output !== 0 && output !== 1)) throw new Error(`Invalid value for ${fieldName}`);
+	return output;
+}
+
+function intOrDefaultToValue(fields: any, fieldName: string): number | null {
+	if (fields[fieldName] === '') return null;
+	const output = Number(fields[fieldName]);
+	if (isNaN(output)) throw new Error(`Invalid value for ${fieldName}`);
+	return output;
+}
+
+function makeUser(isNew: boolean, fields: any): User {
+	const user: User = {};
+
+	if ('email' in fields) user.email = fields.email;
+	if ('full_name' in fields) user.full_name = fields.full_name;
+	if ('is_admin' in fields) user.is_admin = fields.is_admin;
+	if ('max_item_size' in fields) user.max_item_size = intOrDefaultToValue(fields, 'max_item_size');
+	if ('max_total_item_size' in fields) user.max_total_item_size = intOrDefaultToValue(fields, 'max_total_item_size');
+	if ('can_share_folder' in fields) user.can_share_folder = boolOrDefaultToValue(fields, 'can_share_folder');
+	if ('can_upload' in fields) user.can_upload = intOrDefaultToValue(fields, 'can_upload');
+	if ('account_type' in fields) user.account_type = Number(fields.account_type);
+
+	const password = checkRepeatPassword(fields, false);
+	if (password) user.password = password;
+
+	if (!isNew) user.id = fields.id;
+
+	if (isNew) {
+		user.must_set_password = user.password ? 0 : 1;
+		user.password = user.password ? user.password : uuidgen();
+	}
+
+	return user;
+}
+
+function defaultUser(): User {
+	return {};
+}
+
+function userIsNew(path: SubPath): boolean {
+	return path.id === 'new';
+}
+
+function userIsMe(path: SubPath): boolean {
+	return path.id === 'me';
+}
+
+const router = new Router(RouteType.Web);
+
+router.get('admin/users', async (_path: SubPath, ctx: AppContext) => {
+	const userModel = ctx.joplin.models.user();
+	await userModel.checkIfAllowed(ctx.joplin.owner, AclAction.List);
+
+	const users = await userModel.all();
+
+	users.sort((u1: User, u2: User) => {
+		if (u1.full_name && u2.full_name) return u1.full_name.toLowerCase() < u2.full_name.toLowerCase() ? -1 : +1;
+		if (u1.full_name && !u2.full_name) return +1;
+		if (!u1.full_name && u2.full_name) return -1;
+		return u1.email.toLowerCase() < u2.email.toLowerCase() ? -1 : +1;
+	});
+
+	const view: View = defaultView('admin/users', _('Users'));
+	view.content = {
+		users: users.map(user => {
+			return {
+				...user,
+				url: adminUserUrl(user.id),
+				displayName: user.full_name ? user.full_name : '(not set)',
+				formattedItemMaxSize: formatMaxItemSize(user),
+				formattedTotalSize: formatTotalSize(user),
+				formattedMaxTotalSize: formatMaxTotalSize(user),
+				formattedTotalSizePercent: formatTotalSizePercent(user),
+				totalSizeClass: totalSizeClass(user),
+				formattedAccountType: accountTypeToString(user.account_type),
+				formattedCanShareFolder: yesOrNo(getCanShareFolder(user)),
+				rowClassName: user.enabled ? '' : 'is-disabled',
+			};
+		}),
+	};
+	return view;
+});
+
+router.get('admin/users/:id', async (path: SubPath, ctx: AppContext, user: User = null, error: any = null) => {
+	const owner = ctx.joplin.owner;
+	const isMe = userIsMe(path);
+	const isNew = userIsNew(path);
+	const models = ctx.joplin.models;
+	const userId = userIsMe(path) ? owner.id : path.id;
+
+	user = !isNew ? user || await models.user().load(userId) : user;
+	if (isNew && !user) user = defaultUser();
+
+	await models.user().checkIfAllowed(ctx.joplin.owner, AclAction.Read, user);
+
+	let postUrl = '';
+
+	if (isNew) {
+		postUrl = adminUserUrl('new');
+	} else if (isMe) {
+		postUrl = adminUserUrl('me');
+	} else {
+		postUrl = adminUserUrl(user.id);
+	}
+
+	interface UserFlagView extends UserFlag {
+		message: string;
+	}
+
+	const userFlagViews: UserFlagView[] = isNew ? [] : (await models.userFlag().allByUserId(user.id)).map(f => {
+		return {
+			...f,
+			message: userFlagToString(f),
+		};
+	});
+
+	userFlagViews.sort((a, b) => {
+		return a.created_time < b.created_time ? +1 : -1;
+	});
+
+	const subscription = !isNew ? await ctx.joplin.models.subscription().byUserId(userId) : null;
+	const isScheduledForDeletion = await ctx.joplin.models.userDeletion().isScheduledForDeletion(userId);
+
+	const view: View = defaultView('admin/user', _('Profile'));
+	view.content.user = user;
+	view.content.isNew = isNew;
+	view.content.buttonTitle = isNew ? _('Create user') : _('Update profile');
+	view.content.error = error;
+	view.content.postUrl = postUrl;
+	view.content.showDisableButton = !isNew && owner.id !== user.id && user.enabled;
+	view.content.csrfTag = await createCsrfTag(ctx);
+
+	if (subscription) {
+		const lastPaymentAttempt = models.subscription().lastPaymentAttempt(subscription);
+
+		view.content.subscription = subscription;
+		view.content.showManageSubscription = !isNew;
+		view.content.showUpdateSubscriptionBasic = !isNew && user.account_type !== AccountType.Basic;
+		view.content.showUpdateSubscriptionPro = !isNew && user.account_type !== AccountType.Pro;
+		view.content.subLastPaymentStatus = lastPaymentAttempt.status;
+		view.content.subLastPaymentDate = formatDateTime(lastPaymentAttempt.time);
+	}
+
+	view.content.showImpersonateButton = !isNew && user.enabled && user.id !== owner.id;
+	view.content.showRestoreButton = !isNew && !user.enabled;
+	view.content.showScheduleDeletionButton = !isNew && !isScheduledForDeletion;
+	view.content.showResetPasswordButton = !isNew && user.enabled;
+	view.content.canShareFolderOptions = yesNoDefaultOptions(user, 'can_share_folder');
+	view.content.canUploadOptions = yesNoOptions(user, 'can_upload');
+	view.content.hasFlags = !!userFlagViews.length;
+	view.content.userFlagViews = userFlagViews;
+	view.content.stripePortalUrl = stripePortalUrl();
+	view.content.pageTitle = view.content.buttonTitle;
+
+	view.jsFiles.push('zxcvbn');
+	view.cssFiles.push('index/user');
+
+	if (config().accountTypesEnabled) {
+		view.content.showAccountTypes = true;
+		view.content.accountTypes = accountTypeOptions().map((o: any) => {
+			o.selected = user.account_type === o.value;
+			return o;
+		});
+	}
+
+	return view;
+});
+
+router.alias(HttpMethod.POST, 'admin/users/:id', 'admin/users');
+
+interface FormFields {
+	id: Uuid;
+	post_button: string;
+	disable_button: string;
+	restore_button: string;
+	cancel_subscription_button: string;
+	send_account_confirmation_email: string;
+	update_subscription_basic_button: string;
+	update_subscription_pro_button: string;
+	impersonate_button: string;
+	stop_impersonate_button: string;
+	delete_user_flags: string;
+	schedule_deletion_button: string;
+}
+
+router.post('admin/users', async (path: SubPath, ctx: AppContext) => {
+	let user: User = {};
+	const owner = ctx.joplin.owner;
+	let userId = userIsMe(path) ? owner.id : path.id;
+
+	try {
+		const body = await formParse(ctx.req);
+		const fields = body.fields as FormFields;
+		const isNew = userIsNew(path);
+		if (userIsMe(path)) fields.id = userId;
+		user = makeUser(isNew, fields);
+
+		const models = ctx.joplin.models;
+
+		if (fields.post_button) {
+			const userToSave: User = models.user().fromApiInput(user);
+			await models.user().checkIfAllowed(owner, isNew ? AclAction.Create : AclAction.Update, userToSave);
+
+			if (isNew) {
+				const savedUser = await models.user().save(userToSave);
+				userId = savedUser.id;
+			} else {
+				await models.user().save(userToSave, { isNew: false });
+
+				// When changing the password, we also clear all session IDs for
+				// that user, except the current one (otherwise they would be
+				// logged out).
+				if (userToSave.password) await models.session().deleteByUserId(userToSave.id, contextSessionId(ctx));
+			}
+		} else if (fields.stop_impersonate_button) {
+			await stopImpersonating(ctx);
+			return redirect(ctx, config().baseUrl);
+		} else if (fields.disable_button || fields.restore_button) {
+			const user = await models.user().load(path.id);
+			await models.user().checkIfAllowed(owner, AclAction.Delete, user);
+			await models.userFlag().toggle(user.id, UserFlagType.ManuallyDisabled, !fields.restore_button);
+		} else if (fields.send_account_confirmation_email) {
+			const user = await models.user().load(path.id);
+			await models.user().save({ id: user.id, must_set_password: 1 });
+			await models.user().sendAccountConfirmationEmail(user);
+		} else if (fields.impersonate_button) {
+			await startImpersonating(ctx, userId);
+			return redirect(ctx, config().baseUrl);
+		} else if (fields.cancel_subscription_button) {
+			await cancelSubscriptionByUserId(models, userId);
+		} else if (fields.update_subscription_basic_button) {
+			await updateSubscriptionType(models, userId, AccountType.Basic);
+		} else if (fields.update_subscription_pro_button) {
+			await updateSubscriptionType(models, userId, AccountType.Pro);
+		} else if (fields.schedule_deletion_button) {
+			const deletionDate = Date.now() + 24 * Hour;
+
+			await models.userDeletion().add(userId, deletionDate, {
+				processAccount: true,
+				processData: true,
+			});
+
+			await models.notification().addInfo(owner.id, `User ${user.email} has been scheduled for deletion on ${formatDateTime(deletionDate)}. [View deletion list](${adminUserDeletionsUrl()})`);
+		} else if (fields.delete_user_flags) {
+			const userFlagTypes: UserFlagType[] = [];
+			for (const key of Object.keys(fields)) {
+				if (key.startsWith('user_flag_')) {
+					const type = Number(key.substr(10));
+					userFlagTypes.push(type);
+				}
+			}
+
+			await models.userFlag().removeMulti(userId, userFlagTypes);
+		} else {
+			throw new Error('Invalid form button');
+		}
+
+		return redirect(ctx, adminUserUrl(userIsMe(path) ? '/me' : `/${userId}`));
+	} catch (error) {
+		error.message = `Error: Your changes were not saved: ${error.message}`;
+		if (error instanceof ErrorForbidden) throw error;
+		const endPoint = router.findEndPoint(HttpMethod.GET, 'admin/users/:id');
+		return endPoint.handler(path, ctx, user, error);
+	}
+});
+
+export default router;

packages/server/src/routes/api/users.ts

@@ -34,6 +34,7 @@ router.get('api/users/:id/public_key', async (path: SubPath, ctx: AppContext) =>
 	if (!user) return ''; // Don't throw an error to prevent polling the end point
 
 	const ppk = await ctx.joplin.models.user().publicPrivateKey(user.id);
+	if (!ppk) return '';
 
 	return {
 		id: ppk.id,

packages/server/src/routes/index/home.test.ts

@@ -1,10 +1,10 @@
 import routeHandler from '../../middleware/routeHandler';
 import { beforeAllDb, afterAllTests, beforeEachDb, koaAppContext, createUserAndSession } from '../../utils/testing/testUtils';
 
-describe('index_home', function() {
+describe('index/home', function() {
 
 	beforeAll(async () => {
-		await beforeAllDb('index_home');
+		await beforeAllDb('index/home');
 	});
 
 	afterAll(async () => {

packages/server/src/routes/index/users.test.ts

@@ -7,14 +7,14 @@ import { execRequest, execRequestC } from '../../utils/testing/apiUtils';
 import { beforeAllDb, afterAllTests, beforeEachDb, koaAppContext, createUserAndSession, models, parseHtml, checkContextError, expectHttpError, expectThrow } from '../../utils/testing/testUtils';
 import uuidgen from '../../utils/uuidgen';
 
-export async function postUser(sessionId: string, email: string, password: string = null, props: any = null): Promise<User> {
+async function postUser(sessionId: string, email: string, password: string = null, props: any = null): Promise<User> {
 	password = password === null ? uuidgen() : password;
 
 	const context = await koaAppContext({
 		sessionId: sessionId,
 		request: {
 			method: 'POST',
-			url: '/users/new',
+			url: '/admin/users/new',
 			body: {
 				email: email,
 				password: password,
@@ -30,7 +30,7 @@ export async function postUser(sessionId: string, email: string, password: strin
 	return context.response.body;
 }
 
-export async function patchUser(sessionId: string, user: any, url: string = ''): Promise<User> {
+async function patchUser(sessionId: string, user: any, url: string = ''): Promise<User> {
 	const context = await koaAppContext({
 		sessionId: sessionId,
 		request: {
@@ -48,7 +48,7 @@ export async function patchUser(sessionId: string, user: any, url: string = ''):
 	return context.response.body;
 }
 
-export async function getUserHtml(sessionId: string, userId: string): Promise<string> {
+async function getUserHtml(sessionId: string, userId: string): Promise<string> {
 	const context = await koaAppContext({
 		sessionId: sessionId,
 		request: {
@@ -76,53 +76,6 @@ describe('index/users', function() {
 		await beforeEachDb();
 	});
 
-	test('should create a new user', async function() {
-		const { session } = await createUserAndSession(1, true);
-
-		const password = uuidgen();
-		await postUser(session.id, 'test@example.com', password, {
-			max_item_size: '',
-		});
-		const newUser = await models().user().loadByEmail('test@example.com');
-
-		expect(!!newUser).toBe(true);
-		expect(!!newUser.id).toBe(true);
-		expect(!!newUser.is_admin).toBe(false);
-		expect(!!newUser.email).toBe(true);
-		expect(newUser.max_item_size).toBe(null);
-		expect(newUser.must_set_password).toBe(0);
-
-		const userModel = models().user();
-		const userFromModel: User = await userModel.load(newUser.id);
-
-		expect(!!userFromModel.password).toBe(true);
-		expect(userFromModel.password === password).toBe(false); // Password has been hashed
-	});
-
-	test('should create a user with null properties if they are not explicitly set', async function() {
-		const { session } = await createUserAndSession(1, true);
-
-		await postUser(session.id, 'test@example.com');
-		const newUser = await models().user().loadByEmail('test@example.com');
-
-		expect(newUser.max_item_size).toBe(null);
-		expect(newUser.can_share_folder).toBe(null);
-		expect(newUser.can_share_note).toBe(null);
-		expect(newUser.max_total_item_size).toBe(null);
-	});
-
-	test('should ask user to set password if not set on creation', async function() {
-		const { session } = await createUserAndSession(1, true);
-
-		await postUser(session.id, 'test@example.com', '', {
-			max_item_size: '',
-		});
-		const newUser = await models().user().loadByEmail('test@example.com');
-
-		expect(newUser.must_set_password).toBe(1);
-		expect(!!newUser.password).toBe(true);
-	});
-
 	test('new user should be able to login', async function() {
 		const { session } = await createUserAndSession(1, true);
 
@@ -133,39 +86,6 @@ describe('index/users', function() {
 		expect(loggedInUser.email).toBe('test@example.com');
 	});
 
-	test('should format the email when saving it', async function() {
-		const email = 'ILikeUppercaseAndSpaces@Example.COM   ';
-
-		const { session } = await createUserAndSession(1, true);
-
-		const password = uuidgen();
-		await postUser(session.id, email, password);
-		const loggedInUser = await models().user().login(email, password);
-		expect(!!loggedInUser).toBe(true);
-		expect(loggedInUser.email).toBe('ilikeuppercaseandspaces@example.com');
-	});
-
-	test('should not create anything if user creation fail', async function() {
-		const { session } = await createUserAndSession(1, true);
-
-		const userModel = models().user();
-
-		const password = uuidgen();
-		await postUser(session.id, 'test@example.com', password);
-
-		const beforeUserCount = (await userModel.all()).length;
-		expect(beforeUserCount).toBe(2);
-
-		try {
-			await postUser(session.id, 'test@example.com', password);
-		} catch {
-			// Ignore
-		}
-
-		const afterUserCount = (await userModel.all()).length;
-		expect(beforeUserCount).toBe(afterUserCount);
-	});
-
 	test('should change user properties', async function() {
 		const { user, session } = await createUserAndSession(1, false);
 
@@ -198,15 +118,6 @@ describe('index/users', function() {
 		expect((doc.querySelector('input[name=email]') as any).value).toBe('user1@localhost');
 	});
 
-	test('should list users', async function() {
-		const { user: user1, session: session1 } = await createUserAndSession(1, true);
-		const { user: user2 } = await createUserAndSession(2, false);
-
-		const result = await execRequest(session1.id, 'GET', 'users');
-		expect(result).toContain(user1.email);
-		expect(result).toContain(user2.email);
-	});
-
 	test('should allow user to set a password for new accounts', async function() {
 		let user1 = await models().user().save({
 			email: 'user1@localhost',
@@ -366,33 +277,31 @@ describe('index/users', function() {
 		await expectThrow(async () => execRequest('', 'GET', path, null, { query: { token } }));
 	});
 
-	test('should delete sessions when changing password', async function() {
-		const { user, session, password } = await createUserAndSession(1);
+	test('should not change non-whitelisted properties', async () => {
+		const { user: user1, session: session1 } = await createUserAndSession(2, false);
 
-		await models().session().authenticate(user.email, password);
-		await models().session().authenticate(user.email, password);
-		await models().session().authenticate(user.email, password);
-
-		expect(await models().session().count()).toBe(4);
-
-		await patchUser(session.id, {
-			id: user.id,
-			email: 'changed@example.com',
-			password: 'hunter11hunter22hunter33',
-			password2: 'hunter11hunter22hunter33',
-		}, '/users/me');
-
-		const sessions = await models().session().all();
-		expect(sessions.length).toBe(1);
-		expect(sessions[0].id).toBe(session.id);
+		await patchUser(session1.id, {
+			id: user1.id,
+			is_admin: 1,
+			max_item_size: 555,
+			max_total_item_size: 5555,
+			can_share_folder: 1,
+			can_upload: 0,
+		});
+		const reloadedUser1 = await models().user().load(user1.id);
+		expect(reloadedUser1.is_admin).toBe(0);
+		expect(reloadedUser1.max_item_size).toBe(null);
+		expect(reloadedUser1.max_total_item_size).toBe(null);
+		expect(reloadedUser1.can_share_folder).toBe(null);
+		expect(reloadedUser1.can_upload).toBe(1);
 	});
 
 	test('should apply ACL', async function() {
-		const { user: admin, session: adminSession } = await createUserAndSession(1, true);
-		const { user: user1, session: session1 } = await createUserAndSession(2, false);
+		const { user: admin } = await createUserAndSession(1, true);
+		const { session: session1 } = await createUserAndSession(2, false);
 
 		// non-admin cannot list users
-		await expectHttpError(async () => execRequest(session1.id, 'GET', 'users'), ErrorForbidden.httpCode);
+		await expectHttpError(async () => execRequest(session1.id, 'GET', 'admin/users'), ErrorForbidden.httpCode);
 
 		// non-admin user cannot view another user
 		await expectHttpError(async () => execRequest(session1.id, 'GET', `users/${admin.id}`), ErrorForbidden.httpCode);
@@ -402,30 +311,6 @@ describe('index/users', function() {
 
 		// non-admin user cannot update another user
 		await expectHttpError(async () => patchUser(session1.id, { id: admin.id, email: 'cantdothateither@example.com' }), ErrorForbidden.httpCode);
-
-		// non-admin user cannot make themself an admin
-		await expectHttpError(async () => patchUser(session1.id, { id: user1.id, is_admin: 1 }), ErrorForbidden.httpCode);
-
-		// admin user cannot make themselves a non-admin
-		await expectHttpError(async () => patchUser(adminSession.id, { id: admin.id, is_admin: 0 }), ErrorForbidden.httpCode);
-
-		// only admins can delete users
-		// Note: Disabled because the entire code is skipped if it's not an admin
-		// await expectHttpError(async () => execRequest(session1.id, 'POST', `users/${admin.id}`, { disable_button: true }), ErrorForbidden.httpCode);
-
-		// cannot delete own user
-		await expectHttpError(async () => execRequest(adminSession.id, 'POST', `users/${admin.id}`, { disable_button: true }), ErrorForbidden.httpCode);
-
-		// non-admin cannot change max_item_size
-		await expectHttpError(async () => patchUser(session1.id, { id: user1.id, max_item_size: 1000 }), ErrorForbidden.httpCode);
-		await expectHttpError(async () => patchUser(session1.id, { id: user1.id, max_total_item_size: 1000 }), ErrorForbidden.httpCode);
-
-		// non-admin cannot change can_share_folder
-		await models().user().save({ id: user1.id, can_share_folder: 0 });
-		await expectHttpError(async () => patchUser(session1.id, { id: user1.id, can_share_folder: 1 }), ErrorForbidden.httpCode);
-
-		// non-admin cannot change non-whitelisted properties
-		await expectHttpError(async () => patchUser(session1.id, { id: user1.id, can_upload: 0 }), ErrorForbidden.httpCode);
 	});
 
 

packages/server/src/routes/index/users.ts

@@ -4,24 +4,21 @@ import { RouteType } from '../../utils/types';
 import { AppContext, HttpMethod } from '../../utils/types';
 import { bodyFields, contextSessionId, formParse } from '../../utils/requestUtils';
 import { ErrorBadRequest, ErrorForbidden, ErrorNotFound, ErrorUnprocessableEntity } from '../../utils/errors';
-import { User, UserFlag, UserFlagType, Uuid } from '../../services/database/types';
+import { User, UserFlag, Uuid } from '../../services/database/types';
 import config from '../../config';
 import { View } from '../../services/MustacheService';
 import defaultView from '../../utils/defaultView';
 import { AclAction } from '../../models/BaseModel';
 import { NotificationKey } from '../../models/NotificationModel';
-import { AccountType, accountTypeOptions, accountTypeToString } from '../../models/UserModel';
-import uuidgen from '../../utils/uuidgen';
-import { formatMaxItemSize, formatMaxTotalSize, formatTotalSize, formatTotalSizePercent, yesOrNo } from '../../utils/strings';
-import { getCanShareFolder, totalSizeClass } from '../../models/utils/user';
-import { yesNoDefaultOptions, yesNoOptions } from '../../utils/views/select';
-import { confirmUrl, stripePortalUrl, userDeletionsUrl } from '../../utils/urlUtils';
-import { cancelSubscriptionByUserId, updateCustomerEmail, updateSubscriptionType } from '../../utils/stripe';
+import { AccountType, accountTypeOptions } from '../../models/UserModel';
+import { confirmUrl, stripePortalUrl } from '../../utils/urlUtils';
+import { updateCustomerEmail } from '../../utils/stripe';
 import { createCsrfTag } from '../../utils/csrf';
-import { formatDateTime, Hour } from '../../utils/time';
+import { formatDateTime } from '../../utils/time';
 import { cookieSet } from '../../utils/cookies';
-import { startImpersonating, stopImpersonating } from './utils/users/impersonate';
 import { userFlagToString } from '../../models/UserFlagModel';
+import { stopImpersonating } from '../admin/utils/users/impersonate';
+import { _ } from '@joplin/lib/locale';
 
 export interface CheckRepeatPasswordInput {
 	password: string;
@@ -39,120 +36,40 @@ export function checkRepeatPassword(fields: CheckRepeatPasswordInput, required:
 	return '';
 }
 
-function boolOrDefaultToValue(fields: any, fieldName: string): number | null {
-	if (fields[fieldName] === '') return null;
-	const output = Number(fields[fieldName]);
-	if (isNaN(output) || (output !== 0 && output !== 1)) throw new Error(`Invalid value for ${fieldName}`);
-	return output;
-}
-
-function intOrDefaultToValue(fields: any, fieldName: string): number | null {
-	if (fields[fieldName] === '') return null;
-	const output = Number(fields[fieldName]);
-	if (isNaN(output)) throw new Error(`Invalid value for ${fieldName}`);
-	return output;
-}
-
-function makeUser(isNew: boolean, fields: any): User {
+function makeUser(userId: Uuid, fields: any): User {
 	const user: User = {};
 
 	if ('email' in fields) user.email = fields.email;
 	if ('full_name' in fields) user.full_name = fields.full_name;
-	if ('is_admin' in fields) user.is_admin = fields.is_admin;
-	if ('max_item_size' in fields) user.max_item_size = intOrDefaultToValue(fields, 'max_item_size');
-	if ('max_total_item_size' in fields) user.max_total_item_size = intOrDefaultToValue(fields, 'max_total_item_size');
-	if ('can_share_folder' in fields) user.can_share_folder = boolOrDefaultToValue(fields, 'can_share_folder');
-	if ('can_upload' in fields) user.can_upload = intOrDefaultToValue(fields, 'can_upload');
-	if ('account_type' in fields) user.account_type = Number(fields.account_type);
 
 	const password = checkRepeatPassword(fields, false);
 	if (password) user.password = password;
 
-	if (!isNew) user.id = fields.id;
-
-	if (isNew) {
-		user.must_set_password = user.password ? 0 : 1;
-		user.password = user.password ? user.password : uuidgen();
-	}
+	user.id = userId;
 
 	return user;
 }
 
-function defaultUser(): User {
-	return {};
-}
-
-function userIsNew(path: SubPath): boolean {
-	return path.id === 'new';
-}
-
-function userIsMe(path: SubPath): boolean {
-	return path.id === 'me';
-}
-
 const router = new Router(RouteType.Web);
 
-router.get('users', async (_path: SubPath, ctx: AppContext) => {
-	const userModel = ctx.joplin.models.user();
-	await userModel.checkIfAllowed(ctx.joplin.owner, AclAction.List);
-
-	const users = await userModel.all();
-
-	users.sort((u1: User, u2: User) => {
-		if (u1.full_name && u2.full_name) return u1.full_name.toLowerCase() < u2.full_name.toLowerCase() ? -1 : +1;
-		if (u1.full_name && !u2.full_name) return +1;
-		if (!u1.full_name && u2.full_name) return -1;
-		return u1.email.toLowerCase() < u2.email.toLowerCase() ? -1 : +1;
-	});
-
-	const view: View = defaultView('users', 'Users');
-	view.content = {
-		users: users.map(user => {
-			return {
-				...user,
-				displayName: user.full_name ? user.full_name : '(not set)',
-				formattedItemMaxSize: formatMaxItemSize(user),
-				formattedTotalSize: formatTotalSize(user),
-				formattedMaxTotalSize: formatMaxTotalSize(user),
-				formattedTotalSizePercent: formatTotalSizePercent(user),
-				totalSizeClass: totalSizeClass(user),
-				formattedAccountType: accountTypeToString(user.account_type),
-				formattedCanShareFolder: yesOrNo(getCanShareFolder(user)),
-				rowClassName: user.enabled ? '' : 'is-disabled',
-			};
-		}),
-		userDeletionUrl: userDeletionsUrl(),
-	};
-	return view;
-});
-
-router.get('users/:id', async (path: SubPath, ctx: AppContext, user: User = null, error: any = null) => {
+router.get('users/:id', async (path: SubPath, ctx: AppContext, formUser: User = null, error: any = null) => {
 	const owner = ctx.joplin.owner;
-	const isMe = userIsMe(path);
-	const isNew = userIsNew(path);
-	const models = ctx.joplin.models;
-	const userId = userIsMe(path) ? owner.id : path.id;
+	if (path.id !== 'me' && path.id !== owner.id) throw new ErrorForbidden();
 
-	user = !isNew ? user || await models.user().load(userId) : null;
-	if (isNew && !user) user = defaultUser();
+	const models = ctx.joplin.models;
+	const userId = owner.id;
+
+	const user = await models.user().load(userId);
 
 	await models.user().checkIfAllowed(ctx.joplin.owner, AclAction.Read, user);
 
-	let postUrl = '';
-
-	if (isNew) {
-		postUrl = `${config().baseUrl}/users/new`;
-	} else if (isMe) {
-		postUrl = `${config().baseUrl}/users/me`;
-	} else {
-		postUrl = `${config().baseUrl}/users/${user.id}`;
-	}
+	const postUrl = `${config().baseUrl}/users/me`;
 
 	interface UserFlagView extends UserFlag {
 		message: string;
 	}
 
-	let userFlagViews: UserFlagView[] = isNew ? [] : (await models.userFlag().allByUserId(user.id)).map(f => {
+	let userFlagViews: UserFlagView[] = (await models.userFlag().allByUserId(user.id)).map(f => {
 		return {
 			...f,
 			message: userFlagToString(f),
@@ -165,35 +82,25 @@ router.get('users/:id', async (path: SubPath, ctx: AppContext, user: User = null
 
 	if (!owner.is_admin) userFlagViews = [];
 
-	const subscription = !isNew ? await ctx.joplin.models.subscription().byUserId(userId) : null;
-	const isScheduledForDeletion = await ctx.joplin.models.userDeletion().isScheduledForDeletion(userId);
+	const subscription = await ctx.joplin.models.subscription().byUserId(userId);
 
 	const view: View = defaultView('user', 'Profile');
-	view.content.user = user;
-	view.content.isNew = isNew;
-	view.content.buttonTitle = isNew ? 'Create user' : 'Update profile';
+	view.content.user = formUser ? formUser : user;
+	view.content.buttonTitle = _('Update profile');
 	view.content.error = error;
 	view.content.postUrl = postUrl;
-	view.content.showDisableButton = !isNew && !!owner.is_admin && owner.id !== user.id && user.enabled;
 	view.content.csrfTag = await createCsrfTag(ctx);
 
 	if (subscription) {
 		const lastPaymentAttempt = models.subscription().lastPaymentAttempt(subscription);
 
 		view.content.subscription = subscription;
-		view.content.showManageSubscription = !isNew;
-		view.content.showUpdateSubscriptionBasic = !isNew && !!owner.is_admin && user.account_type !== AccountType.Basic;
-		view.content.showUpdateSubscriptionPro = !isNew && user.account_type !== AccountType.Pro;
+		view.content.showUpdateSubscriptionBasic = user.account_type !== AccountType.Basic;
+		view.content.showUpdateSubscriptionPro = user.account_type !== AccountType.Pro;
 		view.content.subLastPaymentStatus = lastPaymentAttempt.status;
 		view.content.subLastPaymentDate = formatDateTime(lastPaymentAttempt.time);
 	}
 
-	view.content.showImpersonateButton = !isNew && !!owner.is_admin && user.enabled && user.id !== owner.id;
-	view.content.showRestoreButton = !isNew && !!owner.is_admin && !user.enabled;
-	view.content.showScheduleDeletionButton = !isNew && !!owner.is_admin && !isScheduledForDeletion;
-	view.content.showResetPasswordButton = !isNew && owner.is_admin && user.enabled;
-	view.content.canShareFolderOptions = yesNoDefaultOptions(user, 'can_share_folder');
-	view.content.canUploadOptions = yesNoOptions(user, 'can_upload');
 	view.content.hasFlags = !!userFlagViews.length;
 	view.content.userFlagViews = userFlagViews;
 	view.content.stripePortalUrl = stripePortalUrl();
@@ -303,98 +210,50 @@ router.alias(HttpMethod.POST, 'users/:id', 'users');
 interface FormFields {
 	id: Uuid;
 	post_button: string;
-	disable_button: string;
-	restore_button: string;
-	cancel_subscription_button: string;
-	send_account_confirmation_email: string;
 	update_subscription_basic_button: string;
 	update_subscription_pro_button: string;
-	// user_cancel_subscription_button: string;
-	impersonate_button: string;
 	stop_impersonate_button: string;
-	delete_user_flags: string;
-	schedule_deletion_button: string;
 }
 
 router.post('users', async (path: SubPath, ctx: AppContext) => {
-	let user: User = {};
 	const owner = ctx.joplin.owner;
-	const userId = userIsMe(path) ? owner.id : path.id;
+
+	if (path.id && path.id !== 'me' && path.id !== owner.id) throw new ErrorForbidden();
+
+	const models = ctx.joplin.models;
+	let user: User = null;
 
 	try {
 		const body = await formParse(ctx.req);
 		const fields = body.fields as FormFields;
-		const isNew = userIsNew(path);
-		if (userIsMe(path)) fields.id = userId;
-		user = makeUser(isNew, fields);
 
-		const models = ctx.joplin.models;
+		if (fields.id && fields.id !== owner.id) throw new ErrorForbidden();
+
+		user = makeUser(owner.id, fields);
 
 		if (fields.post_button) {
 			const userToSave: User = models.user().fromApiInput(user);
-			await models.user().checkIfAllowed(owner, isNew ? AclAction.Create : AclAction.Update, userToSave);
+			await models.user().checkIfAllowed(owner, AclAction.Update, userToSave);
 
-			if (isNew) {
-				await models.user().save(userToSave);
-			} else {
-				if (userToSave.email && !owner.is_admin) {
-					await models.user().initiateEmailChange(userId, userToSave.email);
-					delete userToSave.email;
-				}
-
-				await models.user().save(userToSave, { isNew: false });
-
-				// When changing the password, we also clear all session IDs for
-				// that user, except the current one (otherwise they would be
-				// logged out).
-				if (userToSave.password) await models.session().deleteByUserId(userToSave.id, contextSessionId(ctx));
+			if (userToSave.email && userToSave.email !== owner.email) {
+				await models.user().initiateEmailChange(owner.id, userToSave.email);
+				delete userToSave.email;
 			}
+
+			await models.user().save(userToSave, { isNew: false });
+
+			// When changing the password, we also clear all session IDs for
+			// that user, except the current one (otherwise they would be
+			// logged out).
+			if (userToSave.password) await models.session().deleteByUserId(userToSave.id, contextSessionId(ctx));
 		} else if (fields.stop_impersonate_button) {
 			await stopImpersonating(ctx);
 			return redirect(ctx, config().baseUrl);
-		} else if (owner.is_admin) {
-			if (fields.disable_button || fields.restore_button) {
-				const user = await models.user().load(path.id);
-				await models.user().checkIfAllowed(owner, AclAction.Delete, user);
-				await models.userFlag().toggle(user.id, UserFlagType.ManuallyDisabled, !fields.restore_button);
-			} else if (fields.send_account_confirmation_email) {
-				const user = await models.user().load(path.id);
-				await models.user().save({ id: user.id, must_set_password: 1 });
-				await models.user().sendAccountConfirmationEmail(user);
-			} else if (fields.impersonate_button) {
-				await startImpersonating(ctx, userId);
-				return redirect(ctx, config().baseUrl);
-			} else if (fields.cancel_subscription_button) {
-				await cancelSubscriptionByUserId(models, userId);
-			} else if (fields.update_subscription_basic_button) {
-				await updateSubscriptionType(models, userId, AccountType.Basic);
-			} else if (fields.update_subscription_pro_button) {
-				await updateSubscriptionType(models, userId, AccountType.Pro);
-			} else if (fields.schedule_deletion_button) {
-				const deletionDate = Date.now() + 24 * Hour;
-
-				await models.userDeletion().add(userId, deletionDate, {
-					processAccount: true,
-					processData: true,
-				});
-
-				await models.notification().addInfo(owner.id, `User ${user.email} has been scheduled for deletion on ${formatDateTime(deletionDate)}. [View deletion list](${userDeletionsUrl()})`);
-			} else if (fields.delete_user_flags) {
-				const userFlagTypes: UserFlagType[] = [];
-				for (const key of Object.keys(fields)) {
-					if (key.startsWith('user_flag_')) {
-						const type = Number(key.substr(10));
-						userFlagTypes.push(type);
-					}
-				}
-
-				await models.userFlag().removeMulti(userId, userFlagTypes);
-			} else {
-				throw new Error('Invalid form button');
-			}
+		} else {
+			throw new Error('Invalid form button');
 		}
 
-		return redirect(ctx, `${config().baseUrl}/users${userIsMe(path) ? '/me' : `/${userId}`}`);
+		return redirect(ctx, `${config().baseUrl}/users/me`);
 	} catch (error) {
 		error.message = `Error: Your changes were not saved: ${error.message}`;
 		if (error instanceof ErrorForbidden) throw error;

packages/server/src/routes/routes.ts

@@ -5,12 +5,17 @@ import apiBatchItems from './api/batch_items';
 import apiDebug from './api/debug';
 import apiEvents from './api/events';
 import apiItems from './api/items';
+import apiLocks from './api/locks';
 import apiPing from './api/ping';
 import apiSessions from './api/sessions';
 import apiShares from './api/shares';
 import apiShareUsers from './api/share_users';
 import apiUsers from './api/users';
-import apiLocks from './api/locks';
+
+import adminDashboard from './admin/dashboard';
+import adminTasks from './admin/tasks';
+import adminUserDeletions from './admin/user_deletions';
+import adminUsers from './admin/users';
 
 import indexChanges from './index/changes';
 import indexHelp from './index/help';
@@ -24,44 +29,45 @@ import indexPrivacy from './index/privacy';
 import indexShares from './index/shares';
 import indexSignup from './index/signup';
 import indexStripe from './index/stripe';
-import indexTasks from './index/tasks';
 import indexTerms from './index/terms';
 import indexUpgrade from './index/upgrade';
 import indexUsers from './index/users';
-import indexUserDeletions from './index/user_deletions';
 
 import defaultRoute from './default';
 
 const routes: Routers = {
-	'api/batch': apiBatch,
 	'api/batch_items': apiBatchItems,
+	'api/batch': apiBatch,
 	'api/debug': apiDebug,
 	'api/events': apiEvents,
 	'api/items': apiItems,
+	'api/locks': apiLocks,
 	'api/ping': apiPing,
 	'api/sessions': apiSessions,
 	'api/share_users': apiShareUsers,
 	'api/shares': apiShares,
 	'api/users': apiUsers,
-	'api/locks': apiLocks,
+
+	'admin/dashboard': adminDashboard,
+	'admin/tasks': adminTasks,
+	'admin/user_deletions': adminUserDeletions,
+	'admin/users': adminUsers,
 
 	'changes': indexChanges,
+	'help': indexHelp,
 	'home': indexHome,
 	'items': indexItems,
-	'password': indexPassword,
 	'login': indexLogin,
 	'logout': indexLogout,
 	'notifications': indexNotifications,
-	'signup': indexSignup,
+	'password': indexPassword,
+	'privacy': indexPrivacy,
 	'shares': indexShares,
-	'users': indexUsers,
+	'signup': indexSignup,
 	'stripe': indexStripe,
 	'terms': indexTerms,
-	'privacy': indexPrivacy,
 	'upgrade': indexUpgrade,
-	'help': indexHelp,
-	'tasks': indexTasks,
-	'user_deletions': indexUserDeletions,
+	'users': indexUsers,
 
 	'': defaultRoute,
 };

packages/server/src/services/EmailService.ts

@@ -7,6 +7,7 @@ import { Email, EmailSender } from '../services/database/types';
 import { errorToString } from '../utils/errors';
 import EmailModel from '../models/EmailModel';
 import { markdownBodyToHtml, markdownBodyToPlainText } from './email/utils';
+import { MailerSecurity } from '../env';
 
 const logger = Logger.create('EmailService');
 
@@ -25,10 +26,16 @@ export default class EmailService extends BaseService {
 				if (!this.senderInfo(EmailSender.NoReply).email) {
 					throw new Error('No-reply email must be set for email service to work (Set env variable MAILER_NOREPLY_EMAIL)');
 				}
+
+				// NodeMailer's TLS options are weird:
+				// https://nodemailer.com/smtp/#tls-options
+
 				const options: SMTPTransport.Options = {
 					host: this.config.mailer.host,
 					port: this.config.mailer.port,
-					secure: this.config.mailer.secure,
+					secure: this.config.mailer.security === MailerSecurity.Tls,
+					ignoreTLS: this.config.mailer.security === MailerSecurity.None,
+					requireTLS: this.config.mailer.security === MailerSecurity.Starttls,
 				};
 				if (this.config.mailer.authUser || this.config.mailer.authPassword) {
 					options.auth = {

packages/server/src/services/MustacheService.ts

@@ -9,6 +9,19 @@ import { makeUrl, UrlType } from '../utils/routeUtils';
 import MarkdownIt = require('markdown-it');
 import { headerAnchor } from '@joplin/renderer';
 import { _ } from '@joplin/lib/locale';
+import { adminDashboardUrl, adminTasksUrl, adminUserDeletionsUrl, adminUsersUrl, changesUrl, homeUrl, itemsUrl, stripOffQueryParameters } from '../utils/urlUtils';
+import { URL } from 'url';
+
+type MenuItemSelectedCondition = (selectedUrl: URL)=> boolean;
+
+export interface MenuItem {
+	title: string;
+	url?: string;
+	children?: MenuItem[];
+	selected?: boolean;
+	icon?: string;
+	selectedCondition?: MenuItemSelectedCondition;
+}
 
 export interface RenderOptions {
 	partials?: any;
@@ -27,6 +40,7 @@ export interface View {
 	partials?: string[];
 	cssFiles?: string[];
 	jsFiles?: string[];
+	strings?: Record<string, string>; // List of translatable strings
 }
 
 interface GlobalParams {
@@ -46,6 +60,11 @@ interface GlobalParams {
 	isJoplinCloud?: boolean;
 	impersonatorAdminSessionId?: string;
 	csrfTag?: string;
+	s?: Record<string, string>; // List of translatable strings
+	isAdminPage?: boolean;
+	adminMenu?: MenuItem[];
+	navbarMenu?: MenuItem[];
+	currentUrl?: URL;
 }
 
 export function isView(o: any): boolean {
@@ -93,6 +112,88 @@ export default class MustacheService {
 		return `${config().layoutDir}/${name}.mustache`;
 	}
 
+	private setSelectedMenu(selectedUrl: URL, menuItems: MenuItem[]) {
+		if (!selectedUrl) return;
+		if (!menuItems) return;
+
+		const url = stripOffQueryParameters(selectedUrl.href);
+
+		for (const menuItem of menuItems) {
+			if (menuItem.url) {
+				if (menuItem.selectedCondition) {
+					menuItem.selected = menuItem.selectedCondition(selectedUrl);
+				} else {
+					menuItem.selected = url === menuItem.url;
+				}
+			}
+			this.setSelectedMenu(selectedUrl, menuItem.children);
+		}
+	}
+
+	private makeAdminMenu(selectedUrl: URL): MenuItem[] {
+		const output: MenuItem[] = [
+			{
+				title: _('General'),
+				children: [
+					{
+						title: _('Dashboard'),
+						url: adminDashboardUrl(),
+					},
+					{
+						title: _('Users'),
+						url: adminUsersUrl(),
+					},
+					{
+						title: _('User deletions'),
+						url: adminUserDeletionsUrl(),
+					},
+					{
+						title: _('Tasks'),
+						url: adminTasksUrl(),
+					},
+				],
+			},
+		];
+
+		this.setSelectedMenu(selectedUrl, output);
+
+		return output;
+	}
+
+	private makeNavbar(selectedUrl: URL, isAdmin: boolean): MenuItem[] {
+		let output: MenuItem[] = [
+			{
+				title: _('Home'),
+				url: homeUrl(),
+			},
+		];
+
+		if (isAdmin) {
+			output = output.concat([
+				{
+					title: _('Items'),
+					url: itemsUrl(),
+				},
+				{
+					title: _('Logs'),
+					url: changesUrl(),
+				},
+				{
+					title: _('Admin'),
+					url: adminDashboardUrl(),
+					icon: 'fas fa-hammer',
+					selectedCondition: (selectedUrl: URL) => {
+						return selectedUrl.pathname.startsWith('/admin/') || selectedUrl.pathname === '/admin';
+					},
+				},
+			]);
+		}
+
+		this.setSelectedMenu(selectedUrl, output);
+
+		return output;
+	}
+
 	private get defaultLayoutOptions(): GlobalParams {
 		return {
 			baseUrl: config().baseUrl,
@@ -185,13 +286,10 @@ export default class MustacheService {
 		globalParams = {
 			...this.defaultLayoutOptions,
 			...globalParams,
+			adminMenu: globalParams ? this.makeAdminMenu(globalParams.currentUrl) : null,
+			navbarMenu: this.makeNavbar(globalParams?.currentUrl, globalParams?.owner ? !!globalParams.owner.is_admin : false),
 			userDisplayName: this.userDisplayName(globalParams ? globalParams.owner : null),
-		};
-
-		const contentHtml = await this.renderFileContent(filePath, view, globalParams);
-
-		const layoutView: any = {
-			global: globalParams,
+			isAdminPage: view.path.startsWith('/admin/'),
 			s: {
 				home: _('Home'),
 				users: _('Users'),
@@ -200,7 +298,14 @@ export default class MustacheService {
 				tasks: _('Tasks'),
 				help: _('Help'),
 				logout: _('Logout'),
+				admin: _('Admin'),
 			},
+		};
+
+		const contentHtml = await this.renderFileContent(filePath, view, globalParams);
+
+		const layoutView: any = {
+			global: globalParams,
 			pageName: view.name,
 			pageTitle: view.titleOverride ? view.title : `${config().appName} - ${view.title}`,
 			contentHtml: contentHtml,

packages/server/src/utils/defaultView.ts

@@ -2,9 +2,11 @@ import { View } from '../services/MustacheService';
 
 // Populate a View object with some good defaults.
 export default function(name: string, title: string): View {
+	const pathPrefix = name.startsWith('admin/') ? '' : 'index/';
+
 	return {
 		name: name,
-		path: `index/${name}`,
+		path: `${pathPrefix}/${name}`,
 		content: {},
 		navbar: true,
 		title: title,

packages/server/src/utils/requestUtils.ts

@@ -71,6 +71,10 @@ export function isApiRequest(ctx: AppContext): boolean {
 	return ctx.path.indexOf('/api/') === 0;
 }
 
+export function isAdminRequest(ctx: AppContext): boolean {
+	return ctx.path.indexOf('/admin/') === 0;
+}
+
 export function userIp(ctx: AppContext): string {
 	if (ctx.headers['x-real-ip']) return ctx.headers['x-real-ip'];
 	return ctx.ip;

packages/server/src/utils/routeUtils.test.ts

@@ -1,6 +1,7 @@
-import { isValidOrigin, parseSubPath, splitItemPath } from './routeUtils';
+import { findMatchingRoute, isValidOrigin, parseSubPath, splitItemPath } from './routeUtils';
 import { ItemAddressingType } from '../services/database/types';
 import { RouteType } from './types';
+import { expectThrow } from './testing/testUtils';
 
 describe('routeUtils', function() {
 
@@ -26,6 +27,61 @@ describe('routeUtils', function() {
 		}
 	});
 
+	it('should find a matching route', async function() {
+		const testCases: any[] = [
+			['/admin/organizations', {
+				route: 1,
+				basePath: 'admin/organizations',
+				subPath: {
+					id: '',
+					link: '',
+					addressingType: 1,
+					raw: '',
+					schema: 'admin/organizations',
+				},
+			}],
+
+			['/api/users/123', {
+				route: 2,
+				basePath: 'api/users',
+				subPath: {
+					id: '123',
+					link: '',
+					addressingType: 1,
+					raw: '123',
+					schema: 'api/users/:id',
+				},
+			}],
+
+			['/help', {
+				route: 3,
+				basePath: 'help',
+				subPath: {
+					id: '',
+					link: '',
+					addressingType: 1,
+					raw: '',
+					schema: 'help',
+				},
+			}],
+		];
+
+		const routes: Record<string, any> = {
+			'admin/organizations': 1,
+			'api/users': 2,
+			'help': 3,
+		};
+
+		for (const testCase of testCases) {
+			const [path, expected] = testCase;
+			const actual = findMatchingRoute(path, routes);
+			expect(actual).toEqual(expected);
+		}
+
+		await expectThrow(async () => findMatchingRoute('help', routes));
+		await expectThrow(async () => findMatchingRoute('api/users/123', routes));
+	});
+
 	it('should split an item path', async function() {
 		const testCases: any[] = [
 			['root:/Documents/MyFile.md:', ['root', 'Documents', 'MyFile.md']],

packages/server/src/utils/routeUtils.ts

@@ -223,6 +223,10 @@ export async function execRequest(routes: Routers, ctx: AppContext) {
 // - The ID: "SOME_ID"
 // - The link: "content"
 export function findMatchingRoute(path: string, routes: Routers): MatchedRoute {
+	// Enforce that path starts with "/" because if it doesn't, the function
+	// will return strange but valid results.
+	if (path.length && path[0] !== '/') throw new Error(`Expected path to start with "/": ${path}`);
+
 	const splittedPath = path.split('/');
 
 	// Because the path starts with "/", we remove the first element, which is

packages/server/src/utils/testing/testUtils.ts

@@ -24,6 +24,7 @@ import uuidgen from '../uuidgen';
 import { createCsrfToken } from '../csrf';
 import { cookieSet } from '../cookies';
 import { parseEnv } from '../../env';
+import { URL } from 'url';
 
 // Takes into account the fact that this file will be inside the /dist directory
 // when it runs.
@@ -218,7 +219,7 @@ export async function koaAppContext(options: AppContextTestOptions = null): Prom
 		query: req.query,
 		method: req.method,
 		redirect: () => {},
-		URL: { origin: config().baseUrl },
+		URL: new URL(config().baseUrl), // origin
 	};
 
 	if (options.sessionId) {

packages/server/src/utils/types.ts

@@ -7,6 +7,7 @@ import { Account } from '../models/UserModel';
 import { Services } from '../services/types';
 import { Routers } from './routeUtils';
 import { DbConnection } from '../db';
+import { MailerSecurity } from '../env';
 
 export enum Env {
 	Dev = 'dev',
@@ -74,7 +75,7 @@ export interface MailerConfig {
 	enabled: boolean;
 	host: string;
 	port: number;
-	secure: boolean;
+	security: MailerSecurity;
 	authUser: string;
 	authPassword: string;
 	noReplyName: string;
@@ -143,6 +144,7 @@ export interface Config {
 	tempDir: string;
 	baseUrl: string;
 	apiBaseUrl: string;
+	adminBaseUrl: string;
 	userContentBaseUrl: string;
 	joplinAppBaseUrl: string;
 	signupEnabled: boolean;

packages/server/src/utils/urlUtils.ts

@@ -14,6 +14,14 @@ export function setQueryParameters(url: string, query: any): string {
 	return u.toString();
 }
 
+export function stripOffQueryParameters(url: string): string {
+	const s = url.split('?');
+	if (s.length <= 1) return url;
+
+	s.pop();
+	return s.join('?');
+}
+
 export function resetPasswordUrl(token: string): string {
 	return `${config().baseUrl}/password/reset${token ? `?token=${token}` : ''}`;
 }
@@ -42,14 +50,38 @@ export function homeUrl(): string {
 	return `${config().baseUrl}/home`;
 }
 
+export function itemsUrl(): string {
+	return `${config().baseUrl}/items`;
+}
+
+export function changesUrl(): string {
+	return `${config().baseUrl}/changes`;
+}
+
 export function loginUrl(): string {
 	return `${config().baseUrl}/login`;
 }
 
-export function userDeletionsUrl(): string {
-	return `${config().baseUrl}/user_deletions`;
+export function adminUserDeletionsUrl(): string {
+	return `${config().adminBaseUrl}/user_deletions`;
 }
 
 export function userUrl(userId: Uuid): string {
 	return `${config().baseUrl}/users/${userId}`;
 }
+
+export function adminDashboardUrl(): string {
+	return `${config().adminBaseUrl}/dashboard`;
+}
+
+export function adminUsersUrl() {
+	return `${config().adminBaseUrl}/users`;
+}
+
+export function adminUserUrl(userId: string) {
+	return `${config().adminBaseUrl}/users/${userId}`;
+}
+
+export function adminTasksUrl() {
+	return `${config().adminBaseUrl}/tasks`;
+}

packages/server/src/views/admin/dashboard.mustache

@@ -0,0 +1,4 @@
+<h2 class="title">{{global.appName}} admin dashboard</h2>
+<div class="block readable-block">
+	<p class="block">This is the admin dashboard. Please select an option on the left.</p>
+</div>

packages/server/src/views/admin/user.mustache

@@ -0,0 +1,170 @@
+<h1 class="title">{{pageTitle}}</h1>
+
+<form id="user_form" action="{{{postUrl}}}" method="POST" class="block">
+
+	<div class="block">
+		{{> errorBanner}}
+		{{{csrfTag}}}
+		<input type="hidden" name="id" value="{{user.id}}"/>
+		<input type="hidden" name="is_new" value="{{isNew}}"/>
+		<div class="field">
+			<label class="label">Full name</label>
+			<div class="control">
+				<input class="input" type="text" name="full_name" value="{{user.full_name}}"/>
+			</div>
+		</div>
+		<div class="field">
+			<label class="label">Email</label>
+			<div class="control">
+				<input class="input" type="email" name="email" value="{{user.email}}"/>
+			</div>
+		</div>
+
+		{{#showAccountTypes}}
+			<div class="field">
+				<label class="label">Account type</label>
+				<div class="select">
+					<select name="account_type">
+						{{#accountTypes}}
+							<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
+						{{/accountTypes}}
+					</select>
+				</div>
+				<p class="help">If the below properties are left to their default (empty) values, the account-specific properties will apply.</p>
+			</div>
+		{{/showAccountTypes}}
+
+		<div class="field">
+			<label class="label">Max item size</label>
+			<div class="control">
+				<input class="input" type="number" placeholder="Default" name="max_item_size" value="{{user.max_item_size}}"/>
+			</div>
+		</div>
+
+		<div class="field">
+			<label class="label">Max total size</label>
+			<div class="control">
+				<input class="input" type="number" placeholder="Default" name="max_total_item_size" value="{{user.max_total_item_size}}"/>
+			</div>
+		</div>
+
+		<div class="field">
+			<label class="label">Can share notebook</label>
+			<div class="select">
+				<select name="can_share_folder">
+					{{#canShareFolderOptions}}
+						<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
+					{{/canShareFolderOptions}}
+				</select>
+			</div>
+		</div>
+
+		<div class="field">
+			<label class="label">Can upload</label>
+			<div class="select">
+				<select name="can_upload">
+					{{#canUploadOptions}}
+						<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
+					{{/canUploadOptions}}
+				</select>
+			</div>
+		</div>
+
+		<div class="field">
+			<label class="label">Password</label>
+			<div class="control">
+				<input id="password" class="input" type="password" name="password" autocomplete="new-password"/>
+			</div>
+			<p id="password_strength" class="help"></p>
+		</div>
+		
+		<div class="field">
+			<label class="label">Repeat password</label>
+			<div class="control">
+				<input class="input" type="password" name="password2" autocomplete="new-password"/>
+			</div>
+			<p class="help">When creating a new user, if no password is specified the user will have to set it by following the link in their email.</p>
+		</div>	
+
+		<div class="control block">
+			<input type="submit" name="post_button" class="button is-primary" value="{{buttonTitle}}" />
+			{{#showImpersonateButton}}
+				<input type="submit" name="impersonate_button" class="button is-link" value="Impersonate user" />
+			{{/showImpersonateButton}}
+			{{#showResetPasswordButton}}
+				<input type="submit" name="send_account_confirmation_email" class="button is-link" value="Send account confirmation email" />
+			{{/showResetPasswordButton}}
+			{{#showDisableButton}}
+				<input type="submit" name="disable_button" class="button is-danger" value="Disable" />
+			{{/showDisableButton}}
+			{{#showRestoreButton}}
+				<input type="submit" name="restore_button" class="button is-danger" value="Restore" />
+			{{/showRestoreButton}}
+			{{#showScheduleDeletionButton}}
+				<input type="submit" name="schedule_deletion_button" class="button is-danger" value="Schedule for deletion" />
+			{{/showScheduleDeletionButton}}
+		</div>
+	</div>
+
+	{{#subscription}}
+		<h1 class="title">Your subscription</h1>
+
+		<div class="block">
+			<div class="control block">
+				<p class="block">Stripe Subscription ID: <a href="https://dashboard.stripe.com/subscriptions/{{subscription.stripe_subscription_id}}">{{subscription.stripe_subscription_id}}</a></p>
+				<p class="block">Last payment status: <strong>{{subLastPaymentStatus}}</strong> on <strong>{{subLastPaymentDate}}</strong></p>
+				{{#showUpdateSubscriptionBasic}}
+					<input type="submit" name="update_subscription_basic_button" class="button is-warning" value="Downgrade to Basic" />
+				{{/showUpdateSubscriptionBasic}}
+				{{#showUpdateSubscriptionPro}}
+					<input type="submit" name="update_subscription_pro_button" class="button is-warning" value="Upgrade to Pro" />
+				{{/showUpdateSubscriptionPro}}
+			</div>
+		</div>
+	{{/subscription}}
+
+</form>
+
+{{#hasFlags}}
+	<div class="content user-flags block">
+		<h1 class="title">Flags</h1>
+		<form action="{{{postUrl}}}" method="POST">
+			{{{csrfTag}}}
+			{{#userFlagViews}}
+				<ul>
+					<li><label class="checkbox"><input type="checkbox" name="user_flag_{{type}}"> {{message}}</label></li>
+				</ul>
+			{{/userFlagViews}}
+			<input type="submit" name="delete_user_flags" class="button is-warning" value="Delete selected flags" />
+			<p class="help">Note: normally it should not be needed to manually delete a flag because that's automatically handled by the system. So if it's necessary it means there's a bug that should be fixed.</p>
+		</form>
+	</div>
+{{/hasFlags}}
+
+<script>
+	$(() => {
+		document.getElementById("user_form").addEventListener('submit', function(event) {
+			if (event.submitter.getAttribute('name') === 'disable_button') {
+				const ok = confirm('Disable this account?');
+				if (!ok) event.preventDefault();
+			}
+
+			if (event.submitter.getAttribute('name') === 'restore_button') {
+				const ok = confirm('Restore this account?');
+				if (!ok) event.preventDefault();
+			}
+
+			if (event.submitter.getAttribute('name') === 'update_subscription_basic_button') {
+				const ok = confirm('Downgrade to Basic subscription?');
+				if (!ok) event.preventDefault();
+			}
+
+			if (event.submitter.getAttribute('name') === 'update_subscription_pro_button') {
+				const ok = confirm('Upgrade to Pro subscription?');
+				if (!ok) event.preventDefault();
+			}
+		});
+
+		setupPasswordStrengthHandler();
+	});
+</script>

packages/server/src/views/admin/users.mustache

@@ -0,0 +1,60 @@
+<div class="block">
+	<a class="button is-primary" href="{{{global.baseUrl}}}/admin/users/new">Add user</a>
+	<a class="button is-link toggle-disabled-button hide-disabled" href="#">Hide disabled</a>
+</div>
+
+<table class="table">
+	<thead>
+		<tr>
+			<th>Full name</th>
+			<th>Email</th>
+			<th>Account</th>
+			<th>Max Item Size</th>
+			<th>Total Size</th>
+			<th>Max Total Size</th>
+			<th>Can share</th>
+		</tr>
+	</thead>
+	<tbody>
+		{{#users}}
+			<tr class="{{rowClassName}}">
+				<td><a href="{{{url}}}">{{displayName}}</a></td>
+				<td>{{email}}</td>
+				<td>{{formattedAccountType}}</td>
+				<td>{{formattedItemMaxSize}}</td>
+				<td class="{{totalSizeClass}}">{{formattedTotalSize}} ({{formattedTotalSizePercent}})</td>
+				<td>{{formattedMaxTotalSize}}</td>
+				<td>{{formattedCanShareFolder}}</td>
+			</tr>
+		{{/users}}
+	</tbody>
+</table>
+
+<div class="block">
+	<a class="button is-primary" href="{{{global.baseUrl}}}/admin/users/new">Add user</a>
+	<a class="button is-link toggle-disabled-button hide-disabled" href="#">Hide disabled</a>
+</div>
+
+<script>
+$(() => {
+	function toggleDisabled() {
+		if ($('.hide-disabled').length) {
+			$('.hide-disabled').addClass('show-disabled');
+			$('.hide-disabled').removeClass('hide-disabled');
+			$('.show-disabled').text('Show disabled');
+			$('table tr.is-disabled').hide();
+		} else {
+			$('.show-disabled').addClass('hide-disabled');
+			$('.show-disabled').removeClass('show-disabled');
+			$('.hide-disabled').text('Hide disabled');
+			$('table tr.is-disabled').show();
+		}
+	}
+
+	toggleDisabled();
+
+	$('.toggle-disabled-button').click(() => {
+		toggleDisabled();
+	});
+});
+</script>

packages/server/src/views/index/user.mustache

@@ -20,58 +20,6 @@
 			</div>
 		</div>
 
-		{{#global.owner.is_admin}}
-			{{#showAccountTypes}}
-				<div class="field">
-					<label class="label">Account type</label>
-					<div class="select">
-						<select name="account_type">
-							{{#accountTypes}}
-								<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
-							{{/accountTypes}}
-						</select>
-					</div>
-					<p class="help">If the below properties are left to their default (empty) values, the account-specific properties will apply.</p>
-				</div>
-			{{/showAccountTypes}}
-
-			<div class="field">
-				<label class="label">Max item size</label>
-				<div class="control">
-					<input class="input" type="number" placeholder="Default" name="max_item_size" value="{{user.max_item_size}}"/>
-				</div>
-			</div>
-
-			<div class="field">
-				<label class="label">Max total size</label>
-				<div class="control">
-					<input class="input" type="number" placeholder="Default" name="max_total_item_size" value="{{user.max_total_item_size}}"/>
-				</div>
-			</div>
-
-			<div class="field">
-				<label class="label">Can share notebook</label>
-				<div class="select">
-					<select name="can_share_folder">
-						{{#canShareFolderOptions}}
-							<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
-						{{/canShareFolderOptions}}
-					</select>
-				</div>
-			</div>
-
-			<div class="field">
-				<label class="label">Can upload</label>
-				<div class="select">
-					<select name="can_upload">
-						{{#canUploadOptions}}
-							<option value="{{value}}" {{#selected}}selected{{/selected}}>{{label}}</option>
-						{{/canUploadOptions}}
-					</select>
-				</div>
-			</div>
-		{{/global.owner.is_admin}}
-
 		<div class="field">
 			<label class="label">Password</label>
 			<div class="control">
@@ -85,28 +33,10 @@
 			<div class="control">
 				<input class="input" type="password" name="password2" autocomplete="new-password"/>
 			</div>
-			{{#global.owner.is_admin}}
-			<p class="help">When creating a new user, if no password is specified the user will have to set it by following the link in their email.</p>
-			{{/global.owner.is_admin}}
-		</div>	
+		</div>
 
 		<div class="control block">
 			<input type="submit" name="post_button" class="button is-primary" value="{{buttonTitle}}" />
-			{{#showImpersonateButton}}
-				<input type="submit" name="impersonate_button" class="button is-link" value="Impersonate user" />
-			{{/showImpersonateButton}}
-			{{#showResetPasswordButton}}
-				<input type="submit" name="send_account_confirmation_email" class="button is-link" value="Send account confirmation email" />
-			{{/showResetPasswordButton}}
-			{{#showDisableButton}}
-				<input type="submit" name="disable_button" class="button is-danger" value="Disable" />
-			{{/showDisableButton}}
-			{{#showRestoreButton}}
-				<input type="submit" name="restore_button" class="button is-danger" value="Restore" />
-			{{/showRestoreButton}}
-			{{#showScheduleDeletionButton}}
-				<input type="submit" name="schedule_deletion_button" class="button is-danger" value="Schedule for deletion" />
-			{{/showScheduleDeletionButton}}
 		</div>
 	</div>
 
@@ -114,33 +44,17 @@
 		<h1 class="title">Your subscription</h1>
 
 		<div class="block">
-			{{#global.owner.is_admin}}
+			{{#showUpdateSubscriptionPro}}
 				<div class="control block">
-					<p class="block">Stripe Subscription ID: <a href="https://dashboard.stripe.com/subscriptions/{{subscription.stripe_subscription_id}}">{{subscription.stripe_subscription_id}}</a></p>
-					<p class="block">Last payment status: <strong>{{subLastPaymentStatus}}</strong> on <strong>{{subLastPaymentDate}}</strong></p>
-					{{#showUpdateSubscriptionBasic}}
-						<input type="submit" name="update_subscription_basic_button" class="button is-warning" value="Downgrade to Basic" />
-					{{/showUpdateSubscriptionBasic}}
-					{{#showUpdateSubscriptionPro}}
-						<input type="submit" name="update_subscription_pro_button" class="button is-warning" value="Upgrade to Pro" />
-					{{/showUpdateSubscriptionPro}}
+					<p><a href="{{{global.baseUrl}}}/upgrade" class="button is-warning block">Upgrade to Pro</a></p>
+					<p class="help">Click for more info about the Pro plan and to upgrade your account.</p>
 				</div>
-			{{/global.owner.is_admin}}
-
-			{{^global.owner.is_admin}}
-				{{#showUpdateSubscriptionPro}}
-					<div class="control block">
-						<p><a href="{{{global.baseUrl}}}/upgrade" class="button is-warning block">Upgrade to Pro</a></p>
-						<p class="help">Click for more info about the Pro plan and to upgrade your account.</p>
-					</div>
-				{{/showUpdateSubscriptionPro}}
-				{{#showManageSubscription}}
-					<div class="control block">
-						<p><a class="button is-link" target="_blank" href="{{stripePortalUrl}}">Manage subscription</a></p>
-						<p class="help">Click to update your payment details, switch to a different billing cycle or plan, or to cancel your subscription.</p>
-					</div>
-				{{/showManageSubscription}}
-			{{/global.owner.is_admin}}
+			{{/showUpdateSubscriptionPro}}
+			
+			<div class="control block">
+				<p><a class="button is-link" target="_blank" href="{{stripePortalUrl}}">Manage subscription</a></p>
+				<p class="help">Click to update your payment details, switch to a different billing cycle or plan, or to cancel your subscription.</p>
+			</div>
 		</div>
 	{{/subscription}}
 
@@ -164,28 +78,6 @@
 
 <script>
 	$(() => {
-		document.getElementById("user_form").addEventListener('submit', function(event) {
-			if (event.submitter.getAttribute('name') === 'disable_button') {
-				const ok = confirm('Disable this account?');
-				if (!ok) event.preventDefault();
-			}
-
-			if (event.submitter.getAttribute('name') === 'restore_button') {
-				const ok = confirm('Restore this account?');
-				if (!ok) event.preventDefault();
-			}
-
-			if (event.submitter.getAttribute('name') === 'update_subscription_basic_button') {
-				const ok = confirm('Downgrade to Basic subscription?');
-				if (!ok) event.preventDefault();
-			}
-
-			if (event.submitter.getAttribute('name') === 'update_subscription_pro_button') {
-				const ok = confirm('Upgrade to Pro subscription?');
-				if (!ok) event.preventDefault();
-			}
-		});
-
 		setupPasswordStrengthHandler();
 	});
 </script>

packages/server/src/views/layouts/default.mustache

@@ -24,7 +24,14 @@
 		<main class="main">
 			<div class="container">
 				{{> notifications}}
-				{{{contentHtml}}}
+
+				{{#global.isAdminPage}}
+					{{> adminLayout}}
+				{{/global.isAdminPage}}
+
+				{{^global.isAdminPage}}
+					{{{contentHtml}}}
+				{{/global.isAdminPage}}
 			</div>
 		</main>
 		{{> footer}}

packages/server/src/views/partials/adminLayout.mustache

@@ -0,0 +1,20 @@
+<div style="display: flex; flex-direction: row;">
+	<div style="display: flex; margin-right: 3rem; background-color: #f5f5f5; padding: 1.5rem;">
+		<aside class="menu">
+			{{#global.adminMenu}}
+				<p class="menu-label">{{title}}</p>
+				<ul class="menu-list">
+					{{#children}}
+						<li><a href="{{{url}}}" class="{{#selected}}is-active{{/selected}}">{{title}}</a></li>
+					{{/children}}
+				</ul>
+			{{/global.adminMenu}}
+		</aside>
+	</div>
+
+	<div style="display: flex; flex: 1;">		
+		<div>
+			{{{contentHtml}}}
+		</div>
+	</div>
+</div>

packages/server/src/views/partials/navbar.mustache

@@ -10,27 +10,17 @@
 			{{#global.owner}}
 				<div class="navbar-menu is-active">
 					<div class="navbar-start">
-						<a class="navbar-item" href="{{{global.baseUrl}}}/home">{{s.home}}</a>
-						{{#global.owner.is_admin}}
-							<a class="navbar-item" href="{{{global.baseUrl}}}/users">{{s.users}}</a>
-						{{/global.owner.is_admin}}
-						{{#global.owner.is_admin}}
-							<a class="navbar-item" href="{{{global.baseUrl}}}/items">{{s.items}}</a>
-						{{/global.owner.is_admin}}
-						{{#global.owner.is_admin}}
-							<a class="navbar-item" href="{{{global.baseUrl}}}/changes">{{s.log}}</a>
-						{{/global.owner.is_admin}}
-						{{#global.owner.is_admin}}
-							<a class="navbar-item" href="{{{global.baseUrl}}}/tasks">{{s.tasks}}</a>
-						{{/global.owner.is_admin}}
+						{{#global.navbarMenu}}
+							<a class="navbar-item {{#selected}}is-active{{/selected}}" href="{{{url}}}">{{#icon}}<i class="{{.}}"></i>&nbsp;&nbsp;{{/icon}}{{title}}</a>
+						{{/global.navbarMenu}}
 					</div>
 					<div class="navbar-end">
 						{{#global.isJoplinCloud}}
-							<a class="navbar-item" href="{{{global.baseUrl}}}/help">{{s.help}}</a>
+							<a class="navbar-item" href="{{{global.baseUrl}}}/help">{{global.s.help}}</a>
 						{{/global.isJoplinCloud}}
 						<div class="navbar-item">
 							<form method="post" action="{{{global.baseUrl}}}/logout">
-								<button class="button is-dark">{{s.logout}}</button>
+								<button class="button is-dark">{{global.s.logout}}</button>
 							</form>
 						</div>
 						<div class="navbar-item">

packages/tools/build-translation.js

@@ -347,7 +347,7 @@ function flagImageUrl(locale) {
 	if (locale === 'sv') return `${baseUrl}/country-4x3/se.png`;
 	if (locale === 'nb_NO') return `${baseUrl}/country-4x3/no.png`;
 	if (locale === 'ro') return `${baseUrl}/country-4x3/ro.png`;
-	if (locale === 'vi') return `${baseUrl}/country-4x3/vi.png`;
+	if (locale === 'vi') return `${baseUrl}/country-4x3/vn.png`;
 	if (locale === 'fa') return `${baseUrl}/country-4x3/ir.png`;
 	if (locale === 'eo') return `${baseUrl}/esperanto.png`;
 	return `${baseUrl}/country-4x3/${countryCodeOnly(locale).toLowerCase()}.png`;

packages/tools/buildServerDocker.ts

@@ -19,6 +19,7 @@ async function main() {
 	const argv = require('yargs').argv;
 	if (!argv.tagName) throw new Error('--tag-name not provided');
 
+	const dryRun = !!argv.dryRun;
 	const pushImages = !!argv.pushImages;
 	const tagName = argv.tagName;
 	const isPreRelease = getIsPreRelease(tagName);
@@ -47,7 +48,13 @@ async function main() {
 	console.info('isPreRelease:', isPreRelease);
 	console.info('Docker tags:', dockerTags.join(', '));
 
-	await execCommand2(`docker build --progress=plain -t "joplin/server:${imageVersion}" ${buildArgs} -f Dockerfile.server .`);
+	const dockerCommand = `docker build --progress=plain -t "joplin/server:${imageVersion}" ${buildArgs} -f Dockerfile.server .`;
+	if (dryRun) {
+		console.info(dockerCommand);
+		return;
+	}
+
+	await execCommand2(dockerCommand);
 
 	for (const tag of dockerTags) {
 		await execCommand2(`docker tag "joplin/server:${imageVersion}" "joplin/server:${tag}"`);

packages/tools/locales/sv.po

@@ -305,7 +305,7 @@ msgstr "Utseende"
 
 #: packages/lib/models/Setting.ts:2146
 msgid "Application"
-msgstr "Avslutar programmet"
+msgstr "Program"
 
 #: packages/app-desktop/gui/ConfigScreen/ButtonBar.tsx:33
 msgid "Apply"
@@ -560,7 +560,7 @@ msgstr ""
 
 #: packages/app-desktop/gui/MainScreen/commands/toggleLayoutMoveMode.ts:7
 msgid "Change application layout"
-msgstr "Ändra applikationslayout"
+msgstr "Ändra programmets layout"
 
 #: packages/lib/services/spellChecker/SpellCheckerService.ts:189
 msgid "Change language"
@@ -1001,7 +1001,7 @@ msgstr "Ta bort rad"
 
 #: packages/lib/models/Setting.ts:1186
 msgid "Delete local data and re-download from sync target"
-msgstr "Ta bort lokal data och hämta igen från synkroniseringsmålet"
+msgstr "Ta bort lokala data och hämta igen från synkroniseringsmålet"
 
 #: packages/lib/models/Note.ts:760
 msgid "Delete note \"%s\"?"
@@ -1576,7 +1576,7 @@ msgid ""
 "Fail-safe: Do not wipe out local data when sync target is empty (often the "
 "result of a misconfiguration or bug)"
 msgstr ""
-"Felsäkert: Rensa inte lokal data när synkroniseringsmålet är tomt (beror "
+"Felsäkert: Rensa inte lokala data när synkroniseringsmålet är tomt (beror "
 "oftast på felkonfigurering eller en bugg)"
 
 #: packages/app-cli/app/main.js:95
@@ -1888,7 +1888,7 @@ msgstr ""
 #: packages/app-desktop/gui/ClipperConfigScreen.min.js:142
 #: packages/app-desktop/gui/ClipperConfigScreen.tsx:129
 msgid "In order to use the web clipper, you need to do the following:"
-msgstr "För att kunna använda web Clipper måste du göra följande:"
+msgstr "För att kunna använda Web Clipper måste du göra följande:"
 
 #: packages/lib/Synchronizer.ts:305
 msgid "In progress"
@@ -2894,7 +2894,7 @@ msgstr "Omkryptering"
 
 #: packages/lib/models/Setting.ts:1175
 msgid "Re-upload local data to sync target"
-msgstr "Ladda upp lokal data igen för synkroniseringsmålet"
+msgstr "Ladda upp lokala data igen till synkroniseringsmålet"
 
 #: packages/app-desktop/gui/NoteEditor/NoteEditor.tsx:439
 msgid "Read more about it"
@@ -3584,7 +3584,7 @@ msgstr "Programmet har godkänts."
 #: packages/app-desktop/gui/ConfigScreen/ConfigScreen.tsx:619
 msgid "The application must be restarted for these changes to take effect."
 msgstr ""
-"Applikationen måste startas om för att dessa ändringar ska träda i kraft."
+"Programmet måste startas om för att dessa ändringar ska träda i kraft."
 
 #: packages/app-desktop/gui/NoteEditor/NoteEditor.tsx:511
 msgid ""
@@ -3611,13 +3611,13 @@ msgid ""
 "is recommended that you apply it to your data."
 msgstr ""
 "Standard krypteringsmetod har ändrats till en säkrare och det är "
-"rekommenderat att du tillämpar den på din data."
+"rekommenderat att du tillämpar den på dina data."
 
 #: packages/app-desktop/gui/MainScreen/MainScreen.tsx:603
 msgid ""
 "The default encryption method has been changed, you should re-encrypt your "
 "data."
-msgstr "Standardkrypteringsmetoden har ändrats, du bör omkryptera din data."
+msgstr "Standardkrypteringsmetoden har ändrats, du bör omkryptera dina data."
 
 #: packages/lib/models/Setting.ts:1228
 msgid ""
@@ -3756,7 +3756,7 @@ msgstr "Web Clipper behöver din behörighet för att få åtkomst till dina dat
 #: packages/app-desktop/gui/ClipperConfigScreen.min.js:84
 #: packages/app-desktop/gui/ClipperConfigScreen.tsx:83
 msgid "The web clipper service is enabled and set to auto-start."
-msgstr "Web clipper-tjänsten är aktiverad och inställd för automatisk start."
+msgstr "Web Clipper-tjänsten är aktiverad och inställd för automatisk start."
 
 #: packages/app-desktop/gui/ClipperConfigScreen.min.js:109
 #: packages/app-desktop/gui/ClipperConfigScreen.tsx:107
@@ -3782,7 +3782,7 @@ msgstr ""
 
 #: packages/lib/services/interop/InteropService_Exporter_Jex.ts:35
 msgid "There is no data to export."
-msgstr "Det finns ingen data att exportera."
+msgstr "Det finns inga data att exportera."
 
 #: packages/lib/models/Resource.ts:412
 msgid ""
@@ -4387,7 +4387,7 @@ msgid ""
 "You may use the tool below to re-encrypt your data, for example if you know "
 "that some of your notes are encrypted with an obsolete encryption method."
 msgstr ""
-"Du kan använda verktyget nedan för att omkryptera din data, exempelvis om du "
+"Du kan använda verktyget nedan för att omkryptera dina data, exempelvis om du "
 "vill veta om vissa av dina anteckningar är krypterade med en gammal "
 "krypteringsmetod."
 
@@ -4397,7 +4397,7 @@ msgstr "Ditt val: "
 
 #: packages/lib/components/EncryptionConfigScreen/utils.ts:71
 msgid "Your data is going to be re-encrypted and synced again."
-msgstr "Din data kommer att omkrypteras och synkroniseras igen."
+msgstr "Dina data kommer att omkrypteras och synkroniseras igen."
 
 #: packages/app-desktop/gui/EncryptionConfigScreen/EncryptionConfigScreen.tsx:271
 msgid "Your master password is needed to decrypt some of your data."

packages/tools/website/build.ts

@@ -167,6 +167,10 @@ function makeHomePageMd() {
 	// while MarkdownIt doesn't and will in fact display the \. So we remove it here.
 	md = md.replace(/\\\| bash/g, '| bash');
 
+	// We strip-off the donate links because they are added back (with proper
+	// classes and CSS).
+	md = md.replace(donateLinksRegex_, '');
+
 	return md;
 }
 
@@ -212,14 +216,19 @@ async function main() {
 	const assetUrls = await getAssetUrls();
 
 	const readmeMd = makeHomePageMd();
-
-	// await updateDownloadPage(readmeMd);
+	const donateLinksMd = await getDonateLinks();
 
 	// =============================================================
 	// HELP PAGE
 	// =============================================================
 
-	renderPageToHtml(readmeMd, `${docDir}/help/index.html`, { sourceMarkdownFile: 'README.md', partials, sponsors, assetUrls });
+	renderPageToHtml(readmeMd, `${docDir}/help/index.html`, {
+		sourceMarkdownFile: 'README.md',
+		donateLinksMd,
+		partials,
+		sponsors,
+		assetUrls,
+	});
 
 	// =============================================================
 	// FRONT PAGE
@@ -279,7 +288,6 @@ async function main() {
 
 	const mdFiles = glob.sync(`${readmeDir}/**/*.md`).map((f: string) => f.substr(rootDir.length + 1));
 	const sources = [];
-	const donateLinksMd = await getDonateLinks();
 
 	const makeTargetFilePath = (input: string): string => {
 		if (isNewsFile(input)) {

readme/gsoc2022/ideas.md

@@ -121,6 +121,35 @@ Difficulty Level: Medium
 
 Skills Required: React, Typescript, CSS.
 
+## 11. Improve plugin search and discoverability
+
+As there are more and more plugins it would be good to improve how they are discovered, and to improve search - in particular improve search relevance. We are open to hear ideas about this, but a few things that could be done, for example are:
+
+- Improve the [page that lists all the plugin](https://github.com/joplin/plugins#readme) by adding a download count (based on stats.json) and make the list sortable by download count.
+- In the app, use the info from stats.json to order the plugin - those with more downloads going on top for example
+- Create a dynamically generated page (using GitHub Actions) under joplinapp.org that shows some recommended plugins, trending plugins, etc. similar to [Add-ons for Firefox](https://addons.mozilla.org/en-GB/firefox/)
+
+Those are just ideas and we're open to hearing more from you.
+
+Difficulty Level: Medium
+
+Skills Required: Typescript, CSS, GitHub Actions.
+
+
+## 12. Email plugin
+
+Create a plugin to fetch mail via IMAP and convert messages to notes (including attachments). The plugin should be able to filter what messages it donwloads, e.g. based on the folder.
+
+Additional features to consider:
+- support more than one account
+- convert HTML to Markdown
+- delete/move received emails
+
+Difficulty Level: Medium
+
+Skills Required: TypeScript, JavaScript.
+
+
 # More info
 
 - Make sure you read the [Joplin Google Summer of Code Introduction](https://joplinapp.org/gsoc2022/index/)