I have 2FA (FIDO/Yubikey) set up for GitHub, and the session login was redirecting to my browser. Looking at the redirect path, it appears that github.com/session is involved, so adding that to internal login details.
With this patched, I'm able to login in to https://octobox.io/ in nativefier.
As discussed in #283 this PR will allow injected JS to do SOME interaction with the Electron session.
There is a full explanation of what this feature can, and cannot do, with examples in the api.md documentation.
This will provide a path for resolving many of our issues where users may "self-service" the solution by injecting JS that performs the task needed to meet their objectives.
Co-authored-by: Ronan Jouchet <ronan@jouchet.fr>
See discussion at https://github.com/nativefier/nativefier/pull/1124#issuecomment-794751514 :
> @TheCleric I was about to merge this, then reconsidered one little thing (yes I wrote "little", I'm not reconsidering this whole thing 😅).
>
> I'm re-considering having the extra flag. I'm not so sure this will harm a lot of use cases. I'd like to 1. merge this PR, 2. immediately follow up with a small commit removing the flag & adjusting api.md, 3. release with the change well-documented / asking for feedback if this is problematic to anyone. (I'm not asking you any extra work, and like leaving an in-tree commit trace of considering the flag). If people complain with a valid reason, we'll restore the flag with a quick revert, else we're happy with one less flag and a reasonably-handled breaking change.
>
> Thoughts / objections?
Answered by:
> That seems reasonable to me.
>
> [discussion on an extra structured way to pass flags]
In 6b266b7815, as I got rid of deprecated dep `wurl`, I wrote:
> This one may be problematic, as it used to do TLD stuff:
> https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
>
> So, the new WHATWG-URL-based implementation will consider
> `asana.com` to be "external" to `app.asana.com`, contrarily to before.
> Given the nature of Nativefier, I think it's actually what to expect,
> that in this case you're "out of the app", and in e.g. asana's landing
> page, which you'd expect to see in your browser.
Turns out it's even more problematic: @TheCleric notices in https://github.com/nativefier/nativefier/pull/1124#issuecomment-790279403
that this breaks app `https://evernote.com` doing its login in `www.evernote.com`
The present change fixes this, by behaving mostly similarly to before,
but without re-introducing `wurl` or another dep needing a TLD/SLD list.
This one may be problematic, as it used to do TLD stuff:
https://github.com/websanova/node-url/blob/7982a613bc/wurl.js#L4
So, the new WHATWG-URL-based implementation will consider
`asana.com` to be "external" to `app.asana.com`, contrarily to before.
Given the nature of Nativefier, I think it's actually what to expect,
that in this case your "out of the app", and in e.g. asana landing's page,
which you'd expect to see in your browser.
Let's see if users disagree with that.
Thinking about it again, the user-friendlier `a.x` syntax has one disadvantage
over `^a.b.c`: it doesn't force deps upgrades when they upgrade Nativefier.
`a.x` is fine on initial install, but a user with an insecure dep
(e.g. axios 0.19.0) will _not_ get fixed axios 0.21.1 on upgrading Nativefier.
-> Come back to `a.x` everywhere.
Still not introducing package locks, they're too confusing to new devs.
See https://github.com/nativefier/nativefier/pull/1099#issuecomment-761250232
1. Fix (broken since 2016): Notifications broken by lambda constructor
2. Fix: `--processEnvs` broken by additional processEnvs object, the result was:
`processEnvs: {processEnvs: {...}}` which caused the conversion of the inner object into string `[object Object]`, no nesting allowed there probably. Compatibility introduced.
3. Fix: package.json missing `prepare` (or even prepublish), which breaks using as git dependency.
As documented in https://github.com/jiahaog/nativefier/issues/923#issuecomment-599300317 ,
- #923 is caused by installing placeholder app deps at nativefier
*install* time, with yarn (8.0.2) or npm (8.0.3). This is new in
Nativefier 8.x, for the motivations behind it, see
https://github.com/jiahaog/nativefier/pull/898#issuecomment-583865045
- During testing, I did test global installs, but never to a
system / non-user-writable path (my `$npm_config_prefix` is set to
`"$HOME/.node_modules"`)
- But without such a config and when installing globally to a
non-user-writable/system path with `sudo npm i -g nativefier`,
- Installation of nativefier core works...
- ... but then `postinstall` tries to do its job of installing
app deps, and fails in various OS-dependent ways, but all about
access rights.
I suspect that, although main nativefier install runs as `su` with
access rights to system paths, `postinstall` scripts are run *out*
of `su`.
That would make sense for security reasons: out of hook scripts,
npm knows exactly what will be touched in your filesystem: it's the
static contents of the published tarball; a postinstall script with
sudo rights could do nasty dynamic stuff. So, although I don't see
any mention of that in
[npm-scripts docs / hooks](https://docs.npmjs.com/misc/scripts#hook-scripts)
and I haven't dug npm/cli's code, I can understand it.
So, reverting back to `webpack`ing the placeholder app, as done pre-8.0.
## Breaking changes
- Require **Node >= 8.10.0 and npm 5.6.0**
- Move to **Electron 8.1.1**.
- That's it. Lots of care went into breaking CLI & programmatic behavior
as little as possible. **Please report regressions**.
- Known issue: build may fail behind a proxy. Get in touch if you use one:
https://github.com/jiahaog/nativefier/issues/907#issuecomment-596144768
## Changes summary
Nativefier didn't get much love recently, to the point that it's
becoming hard to run on recent Node, due to old dependencies.
Also, some past practices now seem weird, as better expressible
by modern JS/TS, discouraging contributions including mine.
Addressing this, and one thing leading to another, came a
bigger-than-expected revamp, aiming at making Nativefier more
**lean, stable, future-proof, user-friendly and dev-friendly**,
while **not changing the CLI/programmatic interfaces**. Highlights:
- **Require Node>=8**, as imposed by many of our dependencies. Node 8
is twice LTS, and easily available even in conservative Linux distros.
No reason not to demand it.
- **Default to Electron 8**.
- **Bump** all dependencies to latest version, including electron-packager.
- **Move to TS**. TS is great. As of today, I see no reason not to use it,
and fight interface bugs at runtime rather than at compile time.
With that, get rid of everything Babel/Webpack.
- **Move away from Gulp**. Gulp's selling point is perf via streaming,
but for small builds like Nativefier, npm tasks are plenty good
and less dependency bloat. Gulp was the driver for this PR: broken
on Node 12, and I didn't feel like just upgrading and keeping it.
- Add tons of **verbose logs** everywhere it makes sense, to have a
fine & clear trace of the program flow. This will be helpful to
debug user-reported issues, and already helped me fix a few bugs.
- With better simple logging, get rid of the quirky and buggy
progress bar based on package `progress`. Nice logging (minimal
by default, the verbose logging mentioned above is only used
when passing `--verbose`) is better and one less dependency.
- **Dump `async` package**, a relic from old callback-hell early Node.
Also dump a few other micro-packages unnecessary now.
- A first pass of code **cleanup** thanks to modern JS/TS features:
fixes, simplifications, jsdoc type annotations to types, etc.
- **Remove GitHub integrations Hound & CodeClimate**, which are more
exotic than good'ol'linters, and whose signal-to-noise ratio is too low.
- Quality: **Add tests** and add **Windows + macOS CI builds**.
Also, add a **manual test script**, helping to quickly verify the
hard-to-programatically-test stuff before releases, and limit regressions.
- **Fix a very small number of existing bugs**. The goal of this PR was
*not* to fix bugs, but to get Nativefier in better shape to do so.
Bugfixes will come later. Still, these got addressed:
- Add common `Alt`+`Left`/`Right` for previous/next navigation.
- Improve #379: fix zoom with `Ctrl` + numpad `+`/`-`
- Fix pinch-to-zoom (see https://github.com/jiahaog/nativefier/issues/379#issuecomment-598612128 )
The API `tray.setHighlightMode(mode)` has been be removed in electron v7.0
without replacement.
This causes the display of an error dialog every time an app is
shown/hidden if the parameter `--tray` is used when nativefying. This is
completely independent form the website you are nativefying and it
happens with all the version of electron after 6.x.
Source: https://www.electronjs.org/docs/api/breaking-changes#tray
**Resolves #855**
**Example result upon Terminal launch:**
`WARNING: Ignored nativefier.json rewrital (Error: EACCES: permission denied, open '/usr/lib/jupyter-remote-client/resources/app/nativefier.json')`
**Behaviour:**
+ Instead of crashing, the application properly opens and is always maximized.
+ When permissions are R/W, the application is maximized on first launch and the closing states are remembered by the OS throughout launches.
nodeIntegration is required if eg. Javascript code makes use of the
`require` expression to import classes into the current scope. login.js
uses an electron import - without it, the callback mechanism does not
work, and thus the whole login functionality.
Electron seems to have changed the default value for a windows `nodeIntegration` to `false` since version 5 (see https://stackoverflow.com/questions/55093700/electron-5-0-0-uncaught-referenceerror-require-is-not-defined)
Without the integration, the login component's functionality is broken, though. This PR enables the nodeIntegration feature for the login window and makes it properly propagate the given credentials.
Tested with Electron 6.0.0 on Linux.
* As explained in: https://github.com/electron/electron/issues/8862#issuecomment-294303518
an issue with .quit() exists with a "Cannot find module '../screen'" issue,
while using the .exit() alternative avoids the issue
* Validated on Windows with the same logic as #744 where the issue recently appeared
On Linux if you try to change the keyboard layout with Alt + Shift,
the menu will pop up. Shortcuts are needed because Electron opens
the first menu on pressing `Alt` if no hotkey is assigned.
[Similar issue in RocketChat](https://github.com/RocketChat/Rocket.Chat.Electron/issues/50)
- Add a new `clearCache` option and `--clear-cache` parameter
to trigger session cleanups upon window launch and close
- Covers the feature request from issue #316
- Use case example: Forcing authentification / login between sessions without limiting cache size
[Squirrel](https://github.com/Squirrel/Squirrel.Windows) is *"an installation and update
framework for Windows desktop apps "*.
This PR adds `electron-squirrel-startup`, allowing to package nativefier applications
into squirrel-based setup installers. Squirrel require this entrypoint to perform
desktop and startup menu creations, without showing the UI on setup launches.
- References: https://github.com/mongodb-js/electron-squirrel-startup
- Resolves `electron-winstaller` and `electron-installer-windows` support of desktop / startup menu shortcuts for nativefier packaged applications.
- The `electron-squirrel-startup` entrypoint has no effect on both Linux and Darwin, only on Windows
- Supporting it directly inside `nativefier` avoids having to "hack" around the existing `main.js`
and including dependencies from `electron-squirrel-startup` in an intermediate package
to be included in a third layer for the final installer executable
- The following script based on both `nativefier` and `electron-winstaller` templates
represents a portable proof of concept for this merge request :
```js
var nativefier = require('nativefier').default;
var electronInstaller = require('electron-winstaller');
var options = {
name: 'Web WhatsApp',
targetUrl: 'http://web.whatsapp.com',
platform: 'windows',
arch: 'x64',
version: '0.36.4',
out: '.',
overwrite: false,
asar: false,
counter: false,
bounce: false,
width: 1280,
height: 800,
showMenuBar: false,
fastQuit: false,
userAgent: 'Mozilla ...',
ignoreCertificate: false,
ignoreGpuBlacklist: false,
enableEs3Apis: false,
insecure: false,
honest: false,
zoom: 1.0,
singleInstance: false,
fileDownloadOptions: {
saveAs: true
},
processEnvs: {
GOOGLE_API_KEY: '<your-google-api-key>'
}
};
nativefier(options, function(error, appPath) {
if (error) {
console.error(error);
return;
}
console.log('App has been nativefied to', appPath);
resultPromise = electronInstaller.createWindowsInstaller({
appDirectory: 'Web WhatsApp-win32-x64',
outputDirectory: './',
authors: 'Web WhatsApp',
exe: 'Web WhatsApp.exe'
});
resultPromise.then(() => console.log('It worked!'), e => console.log(`No dice: ${e.message}`));
});
```
* Fix for CSS Injection not working (#703)
Issue:
When using `onHeadersReceived`, the code was passing `null` for the filters.
This appears to trigger behaviour that matches _no_ urls at all.
This results in it never being called to inject the CSS.
Fix:
Pass an empty array instead. Now it's called for all URLs.
Tests pass & linting is clean
* Fix JavaScript injection (#731)
Issue:
It appears that on low endd evices (Core m3 MacBook), the attachment to
`DOMContentLoaded` happens _after_ the event has been raised, so does
not have a chance to inject the script.
Fix:
Move the attachment to the top of the file -- before the imports. This
triggers a bunch of linting erros, so also added disablement inplace.
Additional:
Clarified when the injected JS gets loaded, and what it can assume about
the DOM.