Merge branch 'next'

* next: (32 commits)
  5.2.0
  contributing: add more instructions for add lang
  contributing: update add lang instructions
  fix typo
  add addons page
  add link to safari issues
  Emphasize that compounds are always shared across the instance. (#44)
  fix typo
  add disable 2fa doc
  add gmp section
  add cypress run doc
  add compounds editor and opencloning
  add slo url in saml doc
  wip
  wip
  add changelog for 5.2.0-alpha
  grammar: add hyphen to real-world (#43)
  remove deprecated code
  add doc to migrate to s3
  fix typo
  ...

Author: NicolasCARPi

config_examples/quadlet/elabftw.container

@@ -0,0 +1,99 @@
+# This file is an example .container file for eLabFTW service. Also place the .network file and possible configure HAProxy accordingly.
+# Place it in /etc/containers/systemd so a quadlet is generated and the service can be managed by systemd.
+# Documentation: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
+
+[Unit]
+Description=elabftw container service
+After=network.target
+
+[Container]
+# Note: it is recommended to pin to a specific version instead of using the "stable" tag.
+Image=docker.io/elabftw/elabimg:stable
+ContainerName=elabftw
+
+# CAPABILITIES
+DropCapability=ALL
+AddCapability=CHOWN
+AddCapability=SETGID
+AddCapability=SETUID
+AddCapability=FOWNER
+AddCapability=DAC_OVERRIDE
+AddCapability=NET_BIND_SERVICE
+
+NoNewPrivileges=true
+
+# HEALTHCHECK
+HealthCmd=curl http://localhost:443/healthcheck
+HealthInterval=5s
+HealthTimeout=5s
+HealthRetries=20
+
+# ENVIRONMENT VARIABLES
+Environment=DB_HOST=10.X.Y.Z
+Environment=DB_NAME=elabftw
+Environment=DB_USER=elabftw
+Environment=DB_PORT=3306
+Secret=elabftw-db-password,type=env,target=DB_PASSWORD
+Environment=DB_CERT_PATH=/mysql-cert/mysql.pem
+Secret=elabftw-secret-key,type=env,target=SECRET_KEY
+Environment=SERVER_NAME=eln.example.org
+# in this example we run http server behind TLS terminating proxy
+Environment=DISABLE_HTTPS=true
+Environment=MAX_PHP_MEMORY=512M
+Environment=MAX_UPLOAD_SIZE=1G
+Environment=PHP_TIMEZONE=Europe/Paris
+Environment=TZ=Europe/Paris
+Environment=SET_REAL_IP=true
+Environment=SET_REAL_IP_FROM=10.X.Y.Z
+Environment=PHP_MAX_CHILDREN=50
+Environment=PHP_MAX_EXECUTION_TIME=90
+Environment=USE_REDIS=true
+Environment=REDIS_HOST=10.X.Y.Z
+Environment=REDIS_PORT=6379
+Environment=REDIS_USERNAME=elabftw_php_sessions
+Secret=redis-password,type=env,target=REDIS_PASSWORD
+Environment=ENABLE_IPV6=false
+Environment=SITE_URL=https://eln.example.org
+Environment=ELABFTW_USER=nobody
+Environment=ELABFTW_GROUP=nobody
+Environment=ELABFTW_USERID=65534
+Environment=ELABFTW_GROUPID=65534
+Environment=STATUS_PASSWORD=secr3t
+# if using S3 storage
+Secret=elabftw-s3-ak,type=env,target=ELAB_AWS_ACCESS_KEY
+Secret=elabftw-s3-sk,type=env,target=ELAB_AWS_SECRET_KEY
+
+# VOLUMES
+# if not using s3, bind mount the uploads folder in the host
+# do NOT add :z here because NFS cause an issue #
+# host:container
+Volume=/mnt/data/elabftw_uploads:/elabftw/uploads
+# this is necessary if you encrypt mysql connection and thus want the container to have access to the mysql cert
+Volume=/deltablot/mysql:/mysql-cert:z
+
+# NETWORKS
+Network=elabftw.network
+
+[Service]
+# see: https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
+LockPersonality=yes
+PrivateTmp=yes
+ProtectHome=yes
+ProtectKernelModules=yes
+Restart=unless-stopped
+RestrictAddressFamilies=AF_UNIX AF_INET AF_NETLINK
+RestrictRealtime=yes
+
+# these ones break container execution
+#NoNewPrivileges=yes
+#PrivateDevices=yes
+#DevicePolicy=closed
+#ProtectSystem=strict
+#ProtectControlGroups=yes
+#ProtectKernelTunables=yes
+#RestrictNamespaces=yes
+#RestrictSUIDSGID=yes
+#MemoryDenyWriteExecute=yes
+
+[Install]
+WantedBy=multi-user.target

config_examples/quadlet/elabftw.network

@@ -0,0 +1,4 @@
+[Unit]
+Description=network for elabftw
+
+[Network]

config_examples/quadlet/haproxy.container

@@ -0,0 +1,28 @@
+[Unit]
+Description=HAProxy Service
+Wants=network.target
+After=network.target
+
+[Container]
+Image=docker.io/haproxy:3.0
+ContainerName=haproxy
+ReadOnly=true
+NoNewPrivileges=true
+PidsLimit=12
+
+# Port mapping
+PublishPort=80:8080
+ExposeHostPort=80
+PublishPort=443:4443
+ExposeHostPort=443
+
+# Volume mounts
+Volume=/usr/local/etc/haproxy:/usr/local/etc/haproxy:ro,z
+
+Network=elabftw.network
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

doc/addons.rst

@@ -0,0 +1,73 @@
+.. _addons:
+
+******
+Addons
+******
+
+What are addons?
+=================
+
+Addons are services that can be deployed to provide extended functionality for eLabFTW. They are not a requirement but are definitely recommended.
+
+Chem Plugin
+===========
+
+Description
+-----------
+
+The ``chem-plugin`` addon is necessary for two things:
+
+- calculating fingerprint of chemical compounds (which subsequently allows for substructure search)
+- enabling all features of the chemical editor
+
+How to install
+--------------
+
+Deploy a ``chem-plugin`` container somewhere. It can be on the same server than eLabFTW or some other place. Adding a service to your ``docker-compose.yml`` file is the easiest. See the `example docker-compose.yml file <https://github.com/elabftw/elabimg/blob/e1e5a2da33db11ae8d54924c15a227d6abcd4e43/src/docker-compose.yml-EXAMPLE#L414-L419>`_.
+
+The deployment is really straightforward, as there is nothing to configure. You just start the container and that's it.
+
+.. code:: yaml
+
+     chem-plugin:
+        image: elabftw/chem-plugin:latest
+        container_name: chem-plugin
+        restart: always
+        networks:
+          - elabftw-net
+
+Next, configure eLabFTW to use that service by adding two environment variables:
+
+.. code:: yaml
+
+    # This service is necessary for the Chemical structure editor (Ketcher)
+    - USE_INDIGO=true
+    - INDIGO_URL=http://chem-plugin/
+    # The fingerprinter is necessary to create a fingerprint of chemical compounds so we can do sub-structure search
+    - USE_FINGERPRINTER=true
+    - FINGERPRINTER_URL=http://chem-plugin:8000/
+
+In the example above, the container is on the same network as ``elabftw`` container, so we use its name as hostname.
+
+Restart the ``elabftw`` container to take these changes into account.
+
+OpenCloning addon
+=================
+
+Description
+-----------
+
+OpenCloning is an application useful to plan and document cloning. It allows loading DNA data from various sources and is tightly integrated with eLabFTW. This means that you can easily use your Resources in eLabFTW and their attached files to perform cloning operations.
+
+How to install
+--------------
+
+To enable OpenCloning in eLabFTW, deploy a container like shown in the `example docker-compose.yml <https://github.com/elabftw/elabimg/blob/e1e5a2da33db11ae8d54924c15a227d6abcd4e43/src/docker-compose.yml-EXAMPLE#L421-L432>`_.
+
+Then enable it in ``elabftw`` container configuration:
+
+.. code:: yaml
+
+    # This is for the integration of the DNA Cloning tool
+    - USE_OPENCLONING=true
+    - OPENCLONING_URL=http://opencloning-plugin:8000/

doc/admin-guide.rst

@@ -49,6 +49,15 @@ You can also disable multifactor authentication for a particular User, if needed
 
 From this page, you can also directly add a new User to your Team. The new User will need to activate the "Reset password" functionality to access their account.
 
+Reinitializing 2FA
+------------------
+
+In case a user lost their phone, they might need to re-initialize two factors authentication. This action can be done by an Admin or Sysadmin account. 
+
+.. image:: img/disable-2fa.png
+    :align: center
+    :alt: Disable 2FA
+
 CATEGORIES tab
 ==============
 

doc/changelog.rst

@@ -3,6 +3,78 @@
 Changelog
 =========
 
+Version 5.2.0
+-------------
+
+Added
+`````
+* Chemical compounds database
+* Chemical compounds sketcher
+* Import from PubChem (CAS or CID)
+* Safety icons for compounds
+* Inventory management
+* OpenCloning embed
+* Add possibility to make permissions of an experiment/resource immutable after creating it from template specifying this property
+* Allow creating entry via API with all possible fields (instead of having to create first then patch)
+* feat/minor: qrcode: add options for qr code generation (#5445)
+* feat/medium: editing: enforce exclusive edit mode setting for user (#5427)
+* Preview button in text editor, useful for Mathjax, by @ForeverFloating (PR #5358, fix #5295)
+* Cache result of Config in memory (still WIP)
+* doc: add reporting dashboard link in README (#5443 by Nikki Parks)
+* feat/medium: manage extra fields groups in metadata (#5390 by Mouss)
+* feat: tinymce: add rust in list of highlighted languages for code snippet. fix #5440
+* feat: eln export: skip empty extra fields values
+* doc: security.md: add note about attestations
+* Uzbek language
+
+
+Fixed
+`````
+* bug/minor: team stats: count experiments per team, not user
+* bug/minor: policies: fix incorrect title on modal window. fix #5473
+* bug/minor: apidoc: fix issues reported in #5446
+* bug/minor: add orgid to the list of properties linked with identity
+* Full compliance with RGAA 4.1 accessibility rules
+* bug: eln export: add missing `@id` to PropertyValue nodes in .eln
+
+
+Removed
+```````
+* custom links for Admins (used to be Documentation by default)
+* removed flawed "Force permissions" admin section + code
+* all chemdoodle code
+
+
+Changed
+```````
+* Removed search page
+* Re-organized top menu bar
+* Updated api specification
+* Removed help modal
+* Removed Create button side dropdown
+* Ask for title in a proper modal window when creating a template
+* Improved the "Change password" UI when changing it from Sysconfig panel
+* Moved search input into page
+* Create dedicated Templates page to list templates -> they are no longer in Settings page
+* Remove separate section with pinned entities, instead, display them first
+* Use mastodon link in footer instead of X
+* ux: autocomplete: mention 3 chars are required to search. fix #5472
+* Add edit button for extra fields (PR #5476 by Mouss). fix #5160 #5331 #5375
+* Allow displaying archived uploaded files in view mode when no normal files exist (fix #5624)
+* Improve error message if timestamp has an error
+* Improve error handling during file upload
+* a11y: Make malleable content focusable and editable with keyboard
+
+
+Dev stuff
+`````````
+* Upgrade to PHP 8.4
+* Use Alpine 3.21
+* Remove pageTitle property of App, replaced by getPageTitle() in controllers
+* Remove Entity.class and Templates.class + all template specific html code
+* Upgrade twig and twig-trans
+
+
 Version 5.1.15
 --------------
 

doc/conf.py

@@ -60,9 +60,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = '5.1'
+version = '5.2'
 # The full version, including alpha/beta/rc tags.
-release = '5.1.15'
+release = '5.2.0'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
@@ -109,7 +109,6 @@
 # a list of builtin themes.
 #html_theme = 'alabaster'
 html_theme = 'sphinx_rtd_theme'
-html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
 
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the

doc/contributing.rst

@@ -377,14 +377,17 @@ Adding a lang
 
 * Add lang on poeditor.com
 * Get .po
+* Save it in a new folder in `src/langs`
 * Open with poeditor and fix issues
 * Save the .mo
 * Upload .po fixed to poeditor
-* Add the files in src/langs
-* Edit Tools to add lang to menu
-* Get the tinymce translation
-* Rename file to 4 letters code
+* Add it to `Enums/Language.php`
+* Get the tinymce translation from `this repository <https://github.com/mklkj/tinymce-i18n/tree/master/langs6>`_
+* Rename file to 4 letters code in `src/js/tinymce-langs`
 * Edit first line of file to match code
+* Import it in `tinymce.ts`
+* Run `bin/console dev:i18n4js`
+* Import it in `ts/i18n.ts`
 
 
 Adding a new term for js i18n
@@ -488,3 +491,20 @@ It is a good idea to use a pre-commit hook to run linters before the commit is a
     fi
 
 Now when you commit it should run this script and prevent the commit if there are errors.
+
+Running cypress locally
+=======================
+
+In docker: `yarn run cy` (where `yarn` is the local command, not the one in container, because this starts docker images)
+
+Locally: current workaround:
+
+.. code-block:: bash
+
+   cd /tmp
+   git clone -b hypernext https://github.com/elabftw/elabftw
+   cd elabftw
+   npm i cypress
+   ./node_modules/.bin/cypress open
+
+Not great, not terrible.