From 057e7738d490a59715bddda8705884a025bd562a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Nov 2019 15:27:45 +0000 Subject: [PATCH 01/10] Bump json-jwt from 1.10.2 to 1.11.0 Bumps [json-jwt](https://github.com/nov/json-jwt) from 1.10.2 to 1.11.0. - [Release notes](https://github.com/nov/json-jwt/releases) - [Commits](https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0) Signed-off-by: dependabot[bot] --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8e8b3ab30..e70660b07 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -290,7 +290,7 @@ GEM js_cookie_rails (2.2.0) railties (>= 3.1) json (1.8.6) - json-jwt (1.10.2) + json-jwt (1.11.0) activesupport (>= 4.2) aes_key_wrap bindata @@ -335,7 +335,7 @@ GEM mini_magick (4.9.5) mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.11.3) + minitest (5.13.0) momentjs-rails (2.17.1) railties (>= 3.1) msgpack (1.3.1) @@ -580,7 +580,7 @@ GEM xpath (3.2.0) nokogiri (~> 1.8) yomu (0.1.5) - zeitwerk (2.1.10) + zeitwerk (2.2.1) PLATFORMS ruby From 04a6645cfc7e1d67e9a039a206d32fe09bafd305 Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Wed, 20 Nov 2019 17:12:47 +0100 Subject: [PATCH 02/10] Separate view/edit/modify permissions SCI-4058 --- app/controllers/repositories_controller.rb | 6 ++- app/controllers/repository_rows_controller.rb | 1 + app/permissions/repository.rb | 8 ++++ app/views/repositories/show.html.erb | 39 ++++++++++++------- 4 files changed, 38 insertions(+), 16 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 376607973..750d1bbd0 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -28,7 +28,11 @@ class RepositoriesController < ApplicationController render 'repositories/index' end - def show; end + def show + @display_edit_button = can_create_repository_rows?(current_user, @repository) + @display_delete_button = can_delete_repository_rows?(current_user, @repository) + @display_duplicate_button = can_create_repository_rows?(current_user, @repository) + end def create_modal @repository = Repository.new diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb index 6c6dc6944..61a1e552c 100644 --- a/app/controllers/repository_rows_controller.rb +++ b/app/controllers/repository_rows_controller.rb @@ -270,6 +270,7 @@ class RepositoryRowsController < ApplicationController end def delete_records + render_403 unless can_delete_repository_rows?(@repository) deleted_count = 0 if selected_params selected_params.each do |row_id| diff --git a/app/permissions/repository.rb b/app/permissions/repository.rb index 05e018c89..47b78d9c8 100644 --- a/app/permissions/repository.rb +++ b/app/permissions/repository.rb @@ -30,6 +30,14 @@ Canaid::Permissions.register_for(Repository) do can_create_repository_rows?(user, repository) end + can :update_repository_rows do |user, repository| + can_manage_repository_rows?(user, repository) + end + + can :delete_repository_rows do |user, repository| + can_manage_repository_rows?(user, repository) + end + # repository: create field can :create_repository_columns do |user, repository| can_create_repository_rows?(user, repository) unless repository.shared_with?(user.current_team) diff --git a/app/views/repositories/show.html.erb b/app/views/repositories/show.html.erb index ef664aeb2..23cd5ea9b 100644 --- a/app/views/repositories/show.html.erb +++ b/app/views/repositories/show.html.erb @@ -128,21 +128,30 @@ <% end %> <% if can_manage_repository_rows?(@repository) %> - - - + + <%if @display_edit_button %> + + <% end %> + + <%if @display_delete_button %> + + <% end %> + + <%if @display_duplicate_button %> + + <%end%> <% elsif @repository.shared_with?(current_team) %>

<%= t('repositories.index.view_only_permission_label') %>

<% end %> From 1bf6663196588a1c3046de71f4cce53c2e5a8f0a Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Fri, 22 Nov 2019 13:23:02 +0100 Subject: [PATCH 03/10] check the permissions in before action --- app/controllers/repository_rows_controller.rb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb index 61a1e552c..db7089b9c 100644 --- a/app/controllers/repository_rows_controller.rb +++ b/app/controllers/repository_rows_controller.rb @@ -12,8 +12,9 @@ class RepositoryRowsController < ApplicationController copy_records available_rows) before_action :check_create_permissions, only: :create + before_action :check_delete_permissions, only: :delete_records before_action :check_manage_permissions, - only: %i(edit update delete_records copy_records) + only: %i(edit update copy_records) def index @draw = params[:draw].to_i @@ -270,7 +271,6 @@ class RepositoryRowsController < ApplicationController end def delete_records - render_403 unless can_delete_repository_rows?(@repository) deleted_count = 0 if selected_params selected_params.each do |row_id| @@ -373,6 +373,11 @@ class RepositoryRowsController < ApplicationController render_403 unless can_manage_repository_rows?(@repository) end + + def check_delete_permissions + render_403 unless can_delete_repository_rows?(@repository) + end + def record_params params.permit(:repository_row_name).to_h end From bd34435b39db527a0e764cd8ea9f7b73150887a6 Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Mon, 25 Nov 2019 08:44:33 +0100 Subject: [PATCH 04/10] fixing style issues --- app/controllers/repository_rows_controller.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/controllers/repository_rows_controller.rb b/app/controllers/repository_rows_controller.rb index db7089b9c..ffab95602 100644 --- a/app/controllers/repository_rows_controller.rb +++ b/app/controllers/repository_rows_controller.rb @@ -373,7 +373,6 @@ class RepositoryRowsController < ApplicationController render_403 unless can_manage_repository_rows?(@repository) end - def check_delete_permissions render_403 unless can_delete_repository_rows?(@repository) end From e65e344c39b1521a223faad3245b10db15c932b3 Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Mon, 25 Nov 2019 10:45:21 +0100 Subject: [PATCH 05/10] fix styling --- app/controllers/repositories_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 750d1bbd0..8cbeeb43b 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -29,8 +29,8 @@ class RepositoriesController < ApplicationController end def show - @display_edit_button = can_create_repository_rows?(current_user, @repository) - @display_delete_button = can_delete_repository_rows?(current_user, @repository) + @display_edit_button = can_create_repository_rows?(current_user, @repository) + @display_delete_button = can_delete_repository_rows?(current_user, @repository) @display_duplicate_button = can_create_repository_rows?(current_user, @repository) end From a328c4ad5656d4222de047c9eb3d06c6b1cbdffb Mon Sep 17 00:00:00 2001 From: Miha Mencin Date: Mon, 25 Nov 2019 17:40:29 +0100 Subject: [PATCH 06/10] fix CR comments --- app/controllers/repositories_controller.rb | 6 +++--- app/views/repositories/show.html.erb | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 8cbeeb43b..212b23aca 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -29,9 +29,9 @@ class RepositoriesController < ApplicationController end def show - @display_edit_button = can_create_repository_rows?(current_user, @repository) - @display_delete_button = can_delete_repository_rows?(current_user, @repository) - @display_duplicate_button = can_create_repository_rows?(current_user, @repository) + @display_edit_button = can_create_repository_rows?(@repository) + @display_delete_button = can_delete_repository_rows?(@repository) + @display_duplicate_button = can_create_repository_rows?(@repository) end def create_modal diff --git a/app/views/repositories/show.html.erb b/app/views/repositories/show.html.erb index 23cd5ea9b..6a931cd9b 100644 --- a/app/views/repositories/show.html.erb +++ b/app/views/repositories/show.html.erb @@ -141,8 +141,7 @@ id="deleteRepositoryRecordsButton" onclick="onClickDelete()" disabled> <%= t'repositories.delete_record' %> - <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden - delete_repository_records_submit" %> + <%= submit_tag I18n.t('repositories.delete_record'), :class => "hidden delete_repository_records_submit" %> <% end %> From 6b20a1047358d57014147c216de641055a89f7ce Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Tue, 26 Nov 2019 15:09:40 +0100 Subject: [PATCH 07/10] Refactor Azure configuration [SCI-4098] --- app/controllers/api/api_controller.rb | 2 +- app/models/user.rb | 2 +- app/services/api.rb | 31 ----------------------- app/services/api/azure_jwt.rb | 4 +-- app/services/api/core_jwt.rb | 8 +++--- config/initializers/api.rb | 36 ++++++++++++--------------- config/initializers/rack_attack.rb | 4 +-- config/routes.rb | 2 +- 8 files changed, 27 insertions(+), 62 deletions(-) delete mode 100644 app/services/api.rb diff --git a/app/controllers/api/api_controller.rb b/app/controllers/api/api_controller.rb index 52b81f169..a7e952991 100644 --- a/app/controllers/api/api_controller.rb +++ b/app/controllers/api/api_controller.rb @@ -80,7 +80,7 @@ module Api end # Default token implementation - unless iss == Api.configuration.core_api_token_iss + unless iss == Rails.configuration.x.core_api_token_iss raise JWT::InvalidPayload, I18n.t('api.core.wrong_iss') end payload = CoreJwt.decode(token) diff --git a/app/models/user.rb b/app/models/user.rb index eac096ec2..ce0cd785d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -486,7 +486,7 @@ class User < ApplicationRecord includes(:user_identities) .where( 'user_identities.provider=? AND user_identities.uid=?', - Api.configuration.azure_ad_apps[token_payload[:aud]][:provider], + Rails.configuration.x.azure_ad_apps[token_payload[:aud]][:provider], token_payload[:sub] ) .references(:user_identities) diff --git a/app/services/api.rb b/app/services/api.rb deleted file mode 100644 index 322d01e26..000000000 --- a/app/services/api.rb +++ /dev/null @@ -1,31 +0,0 @@ -module Api - class << self - attr_accessor :configuration - end - - def self.configuration - @configuration ||= Configuration.new - end - - def self.configure - yield(configuration) - end - - class Configuration - attr_accessor :core_api_sign_alg - attr_accessor :core_api_token_ttl - attr_accessor :core_api_token_iss - attr_accessor :azure_ad_apps - attr_accessor :core_api_v1_enabled - attr_accessor :core_api_rate_limit - - def initialize - @core_api_sign_alg = 'HS256' - @core_api_token_ttl = 30.minutes - @core_api_token_iss = 'SciNote' - @azure_ad_apps = {} - @core_api_v1_enabled = false - @core_api_rate_limit = 1000 - end - end -end diff --git a/app/services/api/azure_jwt.rb b/app/services/api/azure_jwt.rb index 4df270651..f6804d2ce 100644 --- a/app/services/api/azure_jwt.rb +++ b/app/services/api/azure_jwt.rb @@ -9,7 +9,7 @@ module Api def self.fetch_rsa_key(k_id, app_id) cache_key = "api_azure_ad_rsa_key_#{k_id}" Rails.cache.fetch(cache_key, expires_in: KEYS_CACHING_PERIOD) do - conf_url = Api.configuration.azure_ad_apps[app_id][:conf_url] + conf_url = Rails.configuration.x.azure_ad_apps[app_id][:conf_url] keys_url = JSON.parse(Net::HTTP.get(URI(conf_url)))['jwks_uri'] data = JSON.parse(Net::HTTP.get(URI.parse(keys_url))) verif_key = data['keys'].find { |key| key['kid'] == k_id } @@ -35,7 +35,7 @@ module Api # Now search for matching app variables in configuration app_id = unverified_token[0]['aud'] - app_config = Api.configuration.azure_ad_apps[app_id] + app_config = Rails.configuration.x.azure_ad_apps[app_id] unless app_config raise JWT::VerificationError, 'Azure AD: No application configured with such ID' diff --git a/app/services/api/core_jwt.rb b/app/services/api/core_jwt.rb index 10c39850a..14b0b2795 100644 --- a/app/services/api/core_jwt.rb +++ b/app/services/api/core_jwt.rb @@ -7,15 +7,15 @@ module Api if expires_at payload[:exp] = expires_at else - payload[:exp] = Api.configuration.core_api_token_ttl.from_now.to_i + payload[:exp] = Rails.configuration.x.core_api_token_ttl.from_now.to_i end - payload[:iss] = Api.configuration.core_api_token_iss - JWT.encode(payload, KEY_SECRET, Api.configuration.core_api_sign_alg) + payload[:iss] = Rails.configuration.x.core_api_token_iss + JWT.encode(payload, KEY_SECRET, Rails.configuration.x.core_api_sign_alg) end def self.decode(token) HashWithIndifferentAccess.new( - JWT.decode(token, KEY_SECRET, Api.configuration.core_api_sign_alg)[0] + JWT.decode(token, KEY_SECRET, Rails.configuration.x.core_api_sign_alg)[0] ) end diff --git a/config/initializers/api.rb b/config/initializers/api.rb index dd4ece455..d748f9924 100644 --- a/config/initializers/api.rb +++ b/config/initializers/api.rb @@ -1,36 +1,32 @@ -Api.configure do |config| - if ENV['CORE_API_SIGN_ALG'] - config.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] - end - if ENV['CORE_API_TOKEN_TTL'] - config.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds - end - if ENV['CORE_API_TOKEN_ISS'] - config.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] - end +Rails.application.configure do + config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] if ENV['CORE_API_SIGN_ALG'] - config.core_api_rate_limit = - ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000 + config.x.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds if ENV['CORE_API_TOKEN_TTL'] - config.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED'] + config.x.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] if ENV['CORE_API_TOKEN_ISS'] + + config.x.core_api_rate_limit = ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000 + + config.x.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED'] vars = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ } vars.each do |name, value| app_name = name.sub('_AZURE_AD_APP_ID', '') - config.azure_ad_apps[value] = {} + config.x.azure_ad_apps[value] = {} iss = ENV["#{app_name}_AZURE_AD_ISS"] raise StandardError, "No ISS for #{app_name} Azure app" unless iss - config.azure_ad_apps[value][:iss] = iss + + config.x.azure_ad_apps[value][:iss] = iss conf_url = ENV["#{app_name}_AZURE_AD_CONF_URL"] raise StandardError, "No CONF_URL for #{app_name} Azure app" unless conf_url - config.azure_ad_apps[value][:conf_url] = conf_url + + config.x.azure_ad_apps[value][:conf_url] = conf_url provider = ENV["#{app_name}_AZURE_AD_PROVIDER_NAME"] - unless provider - raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" - end - config.azure_ad_apps[value][:provider] = provider + raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" unless provider + + config.x.azure_ad_apps[value][:provider] = provider end end diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index 517c8e1ac..a5605e726 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -2,10 +2,10 @@ return unless Rails.env.production? -return if Api.configuration.core_api_rate_limit.zero? +return if Rails.configuration.x.core_api_rate_limit.zero? Rack::Attack.throttle('api requests by ip', - limit: Api.configuration.core_api_rate_limit, + limit: Rails.configuration.x.core_api_rate_limit, period: 60) do |request| request.ip if request.path.match?(%r{^\/api\/}) end diff --git a/config/routes.rb b/config/routes.rb index f5a625daa..03c2cba5f 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -620,7 +620,7 @@ Rails.application.routes.draw do namespace :api, defaults: { format: 'json' } do get 'health', to: 'api#health' get 'status', to: 'api#status' - if Api.configuration.core_api_v1_enabled || Rails.env.development? + if Rails.configuration.x.core_api_v1_enabled namespace :v1 do resources :teams, only: %i(index show) do resources :inventories, From f5abb7c767c1fd983f4bd7543fb3b0273559c353 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Wed, 27 Nov 2019 23:16:25 +0100 Subject: [PATCH 08/10] Add connected accounts section to settings [SCI-4106] --- .../account/connected_accounts_controller.rb | 19 ++++++++++++ app/helpers/left_menu_bar_helper.rb | 2 +- app/helpers/user_settings_helper.rb | 7 ++++- app/views/users/settings/_sidebar.html.erb | 14 +++++++++ .../connected_accounts/_azure_ad.html.erb | 24 ++++++++++++++ .../account/connected_accounts/index.html.erb | 31 +++++++++++++++++++ .../unlink_modals/_azure_ad_modal.html.erb | 23 ++++++++++++++ config/initializers/api.rb | 23 ++------------ config/initializers/azure_ad.rb | 24 ++++++++++++++ config/locales/en.yml | 14 +++++++++ config/routes.rb | 6 ++++ 11 files changed, 164 insertions(+), 23 deletions(-) create mode 100644 app/controllers/users/settings/account/connected_accounts_controller.rb create mode 100644 app/views/users/settings/account/connected_accounts/_azure_ad.html.erb create mode 100644 app/views/users/settings/account/connected_accounts/index.html.erb create mode 100644 app/views/users/settings/account/connected_accounts/unlink_modals/_azure_ad_modal.html.erb create mode 100644 config/initializers/azure_ad.rb diff --git a/app/controllers/users/settings/account/connected_accounts_controller.rb b/app/controllers/users/settings/account/connected_accounts_controller.rb new file mode 100644 index 000000000..2edee3954 --- /dev/null +++ b/app/controllers/users/settings/account/connected_accounts_controller.rb @@ -0,0 +1,19 @@ +module Users + module Settings + module Account + class ConnectedAccountsController < ApplicationController + layout 'fluid' + + def index + @linked_accounts = current_user.user_identities.pluck(:provider) + end + + def destroy + current_user.user_identities.where(provider: params.require(:provider)).take&.destroy! + @linked_accounts = current_user.user_identities.pluck(:provider) + render :index + end + end + end + end +end diff --git a/app/helpers/left_menu_bar_helper.rb b/app/helpers/left_menu_bar_helper.rb index 13c0260d8..536ef7391 100644 --- a/app/helpers/left_menu_bar_helper.rb +++ b/app/helpers/left_menu_bar_helper.rb @@ -18,7 +18,7 @@ module LeftMenuBarHelper end def settings_are_selected? - controller_name.in? %(registrations preferences addons teams) + controller_name.in? %(registrations preferences addons teams connected_accounts) end def activities_are_selected? diff --git a/app/helpers/user_settings_helper.rb b/app/helpers/user_settings_helper.rb index 448ef9b63..3332564e0 100644 --- a/app/helpers/user_settings_helper.rb +++ b/app/helpers/user_settings_helper.rb @@ -2,7 +2,8 @@ module UserSettingsHelper def on_settings_account_page? controller_name == 'registrations' && action_name == 'edit' || controller_name == 'preferences' && action_name == 'index' || - controller_name == 'addons' && action_name == 'index' + controller_name == 'addons' && action_name == 'index' || + controller_name == 'connected_accounts' end def on_settings_account_profile_page? @@ -21,4 +22,8 @@ module UserSettingsHelper controller_name.in?(%w(teams audits)) && action_name.in?(%w(index new create show audits_index)) end + + def on_settings_account_connected_accounts_page? + controller_name == 'connected_accounts' + end end diff --git a/app/views/users/settings/_sidebar.html.erb b/app/views/users/settings/_sidebar.html.erb index a68b5c6c9..82530afef 100644 --- a/app/views/users/settings/_sidebar.html.erb +++ b/app/views/users/settings/_sidebar.html.erb @@ -56,6 +56,20 @@ <% end %> + + diff --git a/app/views/users/settings/account/connected_accounts/_azure_ad.html.erb b/app/views/users/settings/account/connected_accounts/_azure_ad.html.erb new file mode 100644 index 000000000..119bd8d65 --- /dev/null +++ b/app/views/users/settings/account/connected_accounts/_azure_ad.html.erb @@ -0,0 +1,24 @@ +
+
+
+ <%= t('users.settings.account.connected_accounts.azure_ad.title') %>
+

<%= t('users.settings.account.connected_accounts.azure_ad.connect_hint') %>

+
+
+
+ + <%= t('users.settings.account.connected_accounts.azure_ad.connected') %> + + +
+
+ <%= link_to t('users.settings.account.connected_accounts.azure_ad.unlink_button'), + '#unlinkAzureADModal', + class: 'btn btn-danger', + data: { toggle: 'modal'} %> +
+
+
+
+ +<%= render partial: 'users/settings/account/connected_accounts/unlink_modals/azure_ad_modal', locals: { provider: provider } %> diff --git a/app/views/users/settings/account/connected_accounts/index.html.erb b/app/views/users/settings/account/connected_accounts/index.html.erb new file mode 100644 index 000000000..a8c63b402 --- /dev/null +++ b/app/views/users/settings/account/connected_accounts/index.html.erb @@ -0,0 +1,31 @@ +<% provide(:head_title, t("users.settings.account.connected_accounts.head_title")) %> + +<%= render partial: "users/settings/sidebar.html.erb" %> +
+
+ +
+
+

<%= t('users.settings.account.connected_accounts.title') %>

+ + <% if @linked_accounts.any? %> + <% @linked_accounts.each do |provider| %> + <% if Rails.configuration.x.azure_ad_apps.find { |_,value| value[:provider] == provider } %> + <% if lookup_context.exists?(provider, 'users/settings/account/connected_accounts', true) %> + <%= render partial: provider %> + <% else %> + <%= render partial: 'azure_ad', locals: { provider: provider } %> + <% end %> + <% end %> + <% end %> + <% else %> +
+ <%= t('users.settings.account.connected_accounts.not_connected') %> +
+ <% end %> + +
+
+
+
+
diff --git a/app/views/users/settings/account/connected_accounts/unlink_modals/_azure_ad_modal.html.erb b/app/views/users/settings/account/connected_accounts/unlink_modals/_azure_ad_modal.html.erb new file mode 100644 index 000000000..7cd417403 --- /dev/null +++ b/app/views/users/settings/account/connected_accounts/unlink_modals/_azure_ad_modal.html.erb @@ -0,0 +1,23 @@ + diff --git a/config/initializers/api.rb b/config/initializers/api.rb index d748f9924..5fcd444ab 100644 --- a/config/initializers/api.rb +++ b/config/initializers/api.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + Rails.application.configure do config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] if ENV['CORE_API_SIGN_ALG'] @@ -8,25 +10,4 @@ Rails.application.configure do config.x.core_api_rate_limit = ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000 config.x.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED'] - - vars = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ } - vars.each do |name, value| - app_name = name.sub('_AZURE_AD_APP_ID', '') - config.x.azure_ad_apps[value] = {} - - iss = ENV["#{app_name}_AZURE_AD_ISS"] - raise StandardError, "No ISS for #{app_name} Azure app" unless iss - - config.x.azure_ad_apps[value][:iss] = iss - - conf_url = ENV["#{app_name}_AZURE_AD_CONF_URL"] - raise StandardError, "No CONF_URL for #{app_name} Azure app" unless conf_url - - config.x.azure_ad_apps[value][:conf_url] = conf_url - - provider = ENV["#{app_name}_AZURE_AD_PROVIDER_NAME"] - raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" unless provider - - config.x.azure_ad_apps[value][:provider] = provider - end end diff --git a/config/initializers/azure_ad.rb b/config/initializers/azure_ad.rb new file mode 100644 index 000000000..78cfc9b23 --- /dev/null +++ b/config/initializers/azure_ad.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +Rails.application.configure do + vars = ENV.select { |name, _| name =~ /^[[:alnum:]]*_AZURE_AD_APP_ID/ } + vars.each do |name, value| + app_name = name.sub('_AZURE_AD_APP_ID', '') + config.x.azure_ad_apps[value] = {} + + iss = ENV["#{app_name}_AZURE_AD_ISS"] + raise StandardError, "No ISS for #{app_name} Azure app" unless iss + + config.x.azure_ad_apps[value][:iss] = iss + + conf_url = ENV["#{app_name}_AZURE_AD_CONF_URL"] + raise StandardError, "No CONF_URL for #{app_name} Azure app" unless conf_url + + config.x.azure_ad_apps[value][:conf_url] = conf_url + + provider = ENV["#{app_name}_AZURE_AD_PROVIDER_NAME"] + raise StandardError, "No PROVIDER_NAME for #{app_name} Azure app" unless provider + + config.x.azure_ad_apps[value][:provider] = provider + end +end diff --git a/config/locales/en.yml b/config/locales/en.yml index 28a37488e..3bbed6ecf 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1463,6 +1463,7 @@ en: profile: "Profile" preferences: "Preferences" addons: "Add-ons" + connected_accounts: "Connected Accounts" account: preferences: head_title: "Settings | My preferences" @@ -1483,6 +1484,19 @@ en: head_title: "Settings | Add-ons" title: "Add-ons" no_addons: "You have no SciNote Add-ons." + connected_accounts: + head_title: "Settings | Connected Accounts" + title: "Connected Accounts" + not_connected: "You have no Connected accounts" + azure_ad: + title: "Your Azure AD Account" + connect_hint: "Allows you to sign in with your Azure AD account." + connected: "Connected" + unlink_button: "Unlink" + unlink_modal: + title: "Unlink Azure AD account?" + description_1: "Are you sure you would like unlink Azure AD and SciNote accounts?" + submit_button: "Submit" teams: head_title: "Settings | Teams" breadcrumbs: diff --git a/config/routes.rb b/config/routes.rb index 03c2cba5f..d878067ff 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -62,6 +62,12 @@ Rails.application.routes.draw do get 'users/settings/account/addons', to: 'users/settings/account/addons#index', as: 'addons' + get 'users/settings/account/connected_accounts', + to: 'users/settings/account/connected_accounts#index', + as: 'connected_accounts' + delete 'users/settings/account/connected_accounts', + to: 'users/settings/account/connected_accounts#destroy', + as: 'unlink_connected_account' put 'users/settings/account/preferences', to: 'users/settings/account/preferences#update', as: 'update_preferences' From 6c7f45fc200c13343410b8d6eecf4a5e834b7bd7 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Thu, 28 Nov 2019 17:00:43 +0100 Subject: [PATCH 09/10] Add simplified view for sign-in form [SCI-4098] --- app/controllers/users/sessions_controller.rb | 15 +++++++++++++++ app/views/layouts/sign_in_halt.html.erb | 12 +++++++----- app/views/users/sessions/new.html.erb | 8 +++++--- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb index 3c2b0af94..a52c97e8e 100644 --- a/app/controllers/users/sessions_controller.rb +++ b/app/controllers/users/sessions_controller.rb @@ -1,4 +1,8 @@ +# frozen_string_literal: true + class Users::SessionsController < Devise::SessionsController + layout :session_layout + # before_filter :configure_sign_in_params, only: [:create] after_action :after_sign_in, only: :create @@ -8,6 +12,7 @@ class Users::SessionsController < Devise::SessionsController # GET /resource/sign_in def new + @simple_sign_in = params[:simple_sign_in] == 'true' # If user was redirected here from OAuth's authorize/new page (Doorkeeper # endpoint for authorizing an OAuth client), 3rd party sign-in buttons # (e.g. LinkedIn) should be hidden. See config/initializers/devise.rb. @@ -76,4 +81,14 @@ class Users::SessionsController < Devise::SessionsController def configure_sign_in_params devise_parameter_sanitizer.for(:sign_in) << :attribute end + + private + + def session_layout + if @simple_sign_in + 'sign_in_halt' + else + 'layouts/main' + end + end end diff --git a/app/views/layouts/sign_in_halt.html.erb b/app/views/layouts/sign_in_halt.html.erb index b9a4f43b7..0e799efb2 100644 --- a/app/views/layouts/sign_in_halt.html.erb +++ b/app/views/layouts/sign_in_halt.html.erb @@ -27,11 +27,13 @@ <%= image_tag('/images/scinote_icon.jpg', id: 'logo') %> - + <% if user_signed_in? %> + + <% end %> <% if flash[:error]%> diff --git a/app/views/users/sessions/new.html.erb b/app/views/users/sessions/new.html.erb index 9f87fcf33..245e51f83 100644 --- a/app/views/users/sessions/new.html.erb +++ b/app/views/users/sessions/new.html.erb @@ -18,17 +18,19 @@ <%= f.password_field :password, autocomplete: "off", class: "form-control", placeholder: t("devise.sessions.new.password_placeholder") %> - <% if devise_mapping.rememberable? -%> + <% if devise_mapping.rememberable? && !@simple_sign_in %>
<%= f.check_box :remember_me %> <%= f.label :remember_me %>
- <% end -%> + <% end %> + + <%= hidden_field_tag(:simple_sign_in, @simple_sign_in) %>
<%= f.submit t("devise.sessions.new.submit"), class: "btn btn-primary" %>
<% end %> - <%= render "users/shared/links" %> + <%= render "users/shared/links" unless @simple_sign_in %> From b4e091b4d4269d9ad2b3cb7adcb20184305127f5 Mon Sep 17 00:00:00 2001 From: Oleksii Kriuchykhin Date: Fri, 29 Nov 2019 10:28:50 +0100 Subject: [PATCH 10/10] Add default values to core API configuration [SCI-4098] --- config/initializers/api.rb | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/config/initializers/api.rb b/config/initializers/api.rb index 5fcd444ab..e49c585a8 100644 --- a/config/initializers/api.rb +++ b/config/initializers/api.rb @@ -1,13 +1,13 @@ # frozen_string_literal: true Rails.application.configure do - config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] if ENV['CORE_API_SIGN_ALG'] + config.x.core_api_sign_alg = ENV['CORE_API_SIGN_ALG'] || 'HS256' - config.x.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'].to_i.seconds if ENV['CORE_API_TOKEN_TTL'] + config.x.core_api_token_ttl = ENV['CORE_API_TOKEN_TTL'] ? ENV['CORE_API_TOKEN_TTL'].to_i.seconds : 30.minutes - config.x.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] if ENV['CORE_API_TOKEN_ISS'] + config.x.core_api_token_iss = ENV['CORE_API_TOKEN_ISS'] || 'SciNote' config.x.core_api_rate_limit = ENV['CORE_API_RATE_LIMIT'] ? ENV['CORE_API_RATE_LIMIT'].to_i : 1000 - config.x.core_api_v1_enabled = true if ENV['CORE_API_V1_ENABLED'] + config.x.core_api_v1_enabled = ENV['CORE_API_V1_ENABLED'] || false end