diff --git a/CHANGELOG.md b/CHANGELOG.md index 75fb23d04..d21d8c8ff 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ ## next deploy +## v5.4.12 2022 July 06 + +- Fix a bug: Gender, Address and Birthday are not mapped properly from SSO (#365) +- Fix a bug: unable to import a new account from an SSO provider +- Fix a security issue: updated rails-html-sanitizer to 1.4.3 to fix [CVE-2022-32209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32209) + ## v5.4.11 2022 July 06 - Fix a bug: social networks icons not shown in firefox diff --git a/Gemfile.lock b/Gemfile.lock index 3debb4145..35bb51c9b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -204,7 +204,7 @@ GEM listen (3.0.8) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - loofah (2.17.0) + loofah (2.18.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) mail (2.7.1) @@ -328,7 +328,7 @@ GEM rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) - rails-html-sanitizer (1.4.2) + rails-html-sanitizer (1.4.3) loofah (~> 2.3) rails-observers (0.1.5) activemodel (>= 4.0) diff --git a/app/models/concerns/single_sign_on_concern.rb b/app/models/concerns/single_sign_on_concern.rb index 22d1f4d01..cc1594b70 100644 --- a/app/models/concerns/single_sign_on_concern.rb +++ b/app/models/concerns/single_sign_on_concern.rb @@ -48,24 +48,24 @@ module SingleSignOnConcern profile.user_avatar ||= UserAvatar.new profile.user_avatar.remote_attachment_url = data when 'profile.address' - invoicing_profile ||= InvoicingProfile.new - invoicing_profile.address ||= Address.new - invoicing_profile.address.address = data + self.invoicing_profile ||= InvoicingProfile.new + self.invoicing_profile.address ||= Address.new + self.invoicing_profile.address.address = data when 'profile.organization_name' - invoicing_profile ||= InvoicingProfile.new - invoicing_profile.organization ||= Organization.new - invoicing_profile.organization.name = data + self.invoicing_profile ||= InvoicingProfile.new + self.invoicing_profile.organization ||= Organization.new + self.invoicing_profile.organization.name = data when 'profile.organization_address' - invoicing_profile ||= InvoicingProfile.new - invoicing_profile.organization ||= Organization.new - invoicing_profile.organization.address ||= Address.new - invoicing_profile.organization.address.address = data + self.invoicing_profile ||= InvoicingProfile.new + self.invoicing_profile.organization ||= Organization.new + self.invoicing_profile.organization.address ||= Address.new + self.invoicing_profile.organization.address.address = data when 'profile.gender' - statistic_profile ||= StatisticProfile.new - statistic_profile.gender = data + self.statistic_profile ||= StatisticProfile.new + self.statistic_profile.gender = data when 'profile.birthday' - statistic_profile ||= StatisticProfile.new - statistic_profile.birthday = data + self.statistic_profile ||= StatisticProfile.new + self.statistic_profile.birthday = data else profile[sso_mapping[8..-1].to_sym] = data unless data.nil? end diff --git a/app/services/members/members_service.rb b/app/services/members/members_service.rb index 598805c43..c81005350 100644 --- a/app/services/members/members_service.rb +++ b/app/services/members/members_service.rb @@ -46,7 +46,7 @@ class Members::MembersService up_result = member.update(params) notify_user_profile_complete(not_complete) if up_result - member.notify_group_changed(ex_group, validated_at_changed) if group_changed + member.notify_group_changed(ex_group, validated_at_changed) if group_changed && !ex_group.nil? up_result end diff --git a/package.json b/package.json index e9f863b84..1649dbd36 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fab-manager", - "version": "5.4.11", + "version": "5.4.12", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "keywords": [ "fablab",