rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2024-11-28 09:24:24 +01:00
Code Issues Releases Activity

Merge branch 'dev' into host

Browse Source
This commit is contained in:
Sylvain 2019-03-25 16:17:23 +01:00
commit 2ac0336adb
13 changed files with 71 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog Fab Manager
- Fix a security issue: updated to devise 4.6.0 to fix [CVE-2019-5421](https://github.com/plataformatec/devise/issues/4981)
- Fix a security issue: updated Rails to 4.2.11.1 to fix [CVE-2019-5418](https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q) and [CVE-2019-5419](https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI)
- [TODO DEPLOY] (dev) if applicable, you must first downgrade bundler to v1 `gem uninstall bundler --version=2.0.1 && gem install bundler --version=1.7.3 && bundle install`
## v2.8.4 2019 March 18
- Limit members search to 50 results to speed up queries

5
Gemfile
View File

@ -2,7 +2,7 @@ source 'https://rubygems.org'
gem 'compass-rails', '2.0.4'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.2.11'
gem 'rails', '4.2.11.1'
# Use SCSS for stylesheets
gem 'sass-rails', '5.0.1'
@ -73,8 +73,7 @@ gem 'seed_dump'
gem 'pg'
gem 'devise'
gem 'devise-async'
gem 'devise', ">= 4.6.0"
gem 'omniauth', '~> 1.6.0'
gem 'omniauth-oauth2'

86
Gemfile.lock
View File

@ -14,39 +14,39 @@ GEM
specs:
Ascii85 (1.0.2)
aasm (4.1.0)
actionmailer (4.2.11)
actionpack (= 4.2.11)
actionview (= 4.2.11)
activejob (= 4.2.11)
actionmailer (4.2.11.1)
actionpack (= 4.2.11.1)
actionview (= 4.2.11.1)
activejob (= 4.2.11.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.11)
actionview (= 4.2.11)
activesupport (= 4.2.11)
actionpack (4.2.11.1)
actionview (= 4.2.11.1)
activesupport (= 4.2.11.1)
rack (~> 1.6)
rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionpack-page_caching (1.0.2)
actionpack (>= 4.0.0, < 5)
actionview (4.2.11)
activesupport (= 4.2.11)
actionview (4.2.11.1)
activesupport (= 4.2.11.1)
builder (~> 3.1)
erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.3)
active_record_query_trace (1.4)
activejob (4.2.11)
activesupport (= 4.2.11)
activejob (4.2.11.1)
activesupport (= 4.2.11.1)
globalid (>= 0.3.0)
activemodel (4.2.11)
activesupport (= 4.2.11)
activemodel (4.2.11.1)
activesupport (= 4.2.11.1)
builder (~> 3.1)
activerecord (4.2.11)
activemodel (= 4.2.11)
activesupport (= 4.2.11)
activerecord (4.2.11.1)
activemodel (= 4.2.11.1)
activesupport (= 4.2.11.1)
arel (~> 6.0)
activesupport (4.2.11)
activesupport (4.2.11.1)
i18n (~> 0.7)
minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4)
@ -70,7 +70,7 @@ GEM
axlsx_rails (0.4.0)
axlsx (>= 2.0.1)
rails (>= 3.1)
bcrypt (3.1.10)
bcrypt (3.1.12)
binding_of_caller (0.7.3)
debug_inspector (>= 0.0.1)
bootstrap-sass (3.4.1)
@ -119,7 +119,7 @@ GEM
compass (~> 1.0.0)
sass-rails (<= 5.0.1)
sprockets (< 2.13)
concurrent-ruby (1.1.4)
concurrent-ruby (1.1.5)
connection_pool (2.2.0)
coveralls (0.8.16)
json (>= 1.8, < 3)
@ -135,15 +135,12 @@ GEM
debug_inspector (0.0.3)
descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1)
devise (3.4.1)
devise (4.6.1)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5)
railties (>= 4.1.0, < 6.0)
responders
thread_safe (~> 0.1)
warden (~> 1.2.3)
devise-async (0.9.0)
devise (~> 3.2)
docile (1.1.5)
domain_name (0.5.25)
unf (>= 0.0.5, < 1.0.0)
@ -185,7 +182,7 @@ GEM
forgery (0.6.0)
friendly_id (5.1.0)
activerecord (>= 4.0.0)
globalid (0.4.1)
globalid (0.4.2)
activesupport (>= 4.2.0)
has_secure_token (1.0.0)
activerecord (>= 3.0)
@ -249,7 +246,7 @@ GEM
mimemagic (0.3.2)
mini_magick (4.2.0)
mini_mime (1.0.1)
mini_portile2 (2.3.0)
mini_portile2 (2.4.0)
minitest (5.11.3)
minitest-reporters (1.1.8)
ansi
@ -268,8 +265,8 @@ GEM
net-ssh-gateway (1.2.0)
net-ssh (>= 2.6.5)
netrc (0.10.3)
nokogiri (1.8.5)
mini_portile2 (~> 2.3.0)
nokogiri (1.10.1)
mini_portile2 (~> 2.4.0)
notify_with (0.0.2)
jbuilder (~> 2.0)
rails (>= 4.2.0)
@ -318,16 +315,16 @@ GEM
rack-test (0.6.3)
rack (>= 1.0)
railroady (1.5.3)
rails (4.2.11)
actionmailer (= 4.2.11)
actionpack (= 4.2.11)
actionview (= 4.2.11)
activejob (= 4.2.11)
activemodel (= 4.2.11)
activerecord (= 4.2.11)
activesupport (= 4.2.11)
rails (4.2.11.1)
actionmailer (= 4.2.11.1)
actionpack (= 4.2.11.1)
actionview (= 4.2.11.1)
activejob (= 4.2.11.1)
activemodel (= 4.2.11.1)
activerecord (= 4.2.11.1)
activesupport (= 4.2.11.1)
bundler (>= 1.3.0, < 2.0)
railties (= 4.2.11)
railties (= 4.2.11.1)
sprockets-rails
rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha)
@ -344,9 +341,9 @@ GEM
rails_stdout_logging
rails_serve_static_assets (0.0.4)
rails_stdout_logging (0.0.3)
railties (4.2.11)
actionpack (= 4.2.11)
activesupport (= 4.2.11)
railties (4.2.11.1)
actionpack (= 4.2.11.1)
activesupport (= 4.2.11.1)
rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0)
rainbow (3.0.0)
@ -497,7 +494,7 @@ GEM
coercible (~> 1.0)
descendants_tracker (~> 0.0, >= 0.0.3)
equalizer (~> 0.0, >= 0.0.9)
warden (1.2.3)
warden (1.2.7)
rack (>= 1.0)
web-console (2.1.3)
activemodel (>= 4.0)
@ -531,8 +528,7 @@ DEPENDENCIES
compass-rails (= 2.0.4)
coveralls
database_cleaner
devise
devise-async
devise (>= 4.6.0)
elasticsearch-model (~> 5)
elasticsearch-persistence (~> 5)
elasticsearch-rails (~> 5)
@ -565,7 +561,7 @@ DEPENDENCIES
pundit
rack-protection (= 1.5.5)
railroady
rails (= 4.2.11)
rails (= 4.2.11.1)
rails-observers
rails_12factor
rb-readline
@ -596,4 +592,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
1.17.2
1.17.3

2
README.md
View File

@ -136,7 +136,7 @@ This procedure is not easy to follow so if you don't need to write some code for
10. Install bundler in the current RVM gemset
```bash
gem install bundler
gem install bundler --version=1.17.3
```
11. Install the required ruby gems and javascript plugins

2
app/assets/javascripts/controllers/application.js.erb
View File

@ -340,7 +340,7 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
var openLoginModal = function (toState, toParams, callback) {
<% active_provider = AuthProvider.active %>
<% if active_provider.providable_type != DatabaseProvider.name %>
$window.location.href = '<%=user_omniauth_authorize_path(AuthProvider.active.strategy_name.to_sym)%>';
$window.location.href = '<%="/users/auth/#{active_provider.strategy_name}"%>';
<% else %>
return $uibModal.open({
templateUrl: '<%= asset_path "shared/deviseModal.html" %>',

4
app/assets/templates/shared/header.html.erb
View File

@ -53,9 +53,9 @@
<a href="#" class="font-sbold label text-md" ng-click="login($event)"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a>
</li>
<% else %>
<li ng-if="!isAuthenticated()"><a href="<%= user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>" class="font-sbold label text-md"><i class="fa fa-rocket"></i> {{ 'sign_up' | translate }}</a></li>
<li ng-if="!isAuthenticated()"><a href="<%= "/users/auth/#{active_provider.strategy_name}"%>" class="font-sbold label text-md"><i class="fa fa-rocket"></i> {{ 'sign_up' | translate }}</a></li>
<li ng-if="!isAuthenticated()">
<a href="<%= user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>" class="font-sbold label text-md"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a>
<a href="<%= "/users/auth/#{active_provider.strategy_name}"%>" class="font-sbold label text-md"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a>
</li>
<% end %>
</ul>

15
app/controllers/application_controller.rb
View File

@ -30,11 +30,16 @@ class ApplicationController < ActionController::Base
end
def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) <<
{ profile_attributes: [:phone, :last_name, :first_name, :gender, :birthday, :interest, :software_mastered,
organization_attributes: [:name, address_attributes: [:address]]] }
devise_parameter_sanitizer.for(:sign_up).concat %i[username is_allow_contact is_allow_newsletter cgu group_id]
devise_parameter_sanitizer.permit(:sign_up,
keys: [
{ profile_attributes: [
:phone, :last_name, :first_name, :gender, :birthday,
:interest, :software_mastered, organization_attributes: [
:name, address_attributes: [:address]
]
] },
:username, :is_allow_contact, :is_allow_newsletter, :cgu, :group_id
])
end
def default_url_options

2
app/controllers/sessions_controller.rb
View File

@ -4,7 +4,7 @@ class SessionsController < Devise::SessionsController
def new
active_provider = AuthProvider.active
if active_provider.providable_type != DatabaseProvider.name
redirect_to user_omniauth_authorize_path(active_provider.strategy_name.to_sym)
redirect_to "/users/auth/#{active_provider.strategy_name}"
else
super
end

6
app/models/user.rb
View File

@ -8,7 +8,7 @@ class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable,
:confirmable, :async
:confirmable
rolify
# enable OmniAuth authentication only if needed
@ -325,6 +325,10 @@ class User < ActiveRecord::Base
create_wallet
end
def send_devise_notification(notification, *args)
devise_mailer.send(notification, self, *args).deliver_later
end
def notify_admin_when_user_is_created
if need_completion? && !provider.nil?
NotificationCenter.call type: 'notify_admin_when_user_is_imported',

4
app/views/api/auth_providers/active.json.jbuilder
View File

@ -4,9 +4,9 @@ json.link_to_sso_profile @provider.link_to_sso_profile
if @provider.providable_type == DatabaseProvider.name
json.link_to_sso_connect '/#'
else
json.link_to_sso_connect user_omniauth_authorize_path(@provider.strategy_name.to_sym)
json.link_to_sso_connect "/users/auth/#{@provider.strategy_name}"
end
if @provider.providable_type == OAuth2Provider.name
json.domain @provider.providable.domain
end
end

2
app/views/notifications_mailer/notify_user_auth_migration.html.erb
View File

@ -15,7 +15,7 @@
<% active_provider = AuthProvider.active %>
<%= render 'notifications_mailer/shared/hello', recipient: @recipient %>
<%
url_path = user_omniauth_authorize_path(active_provider.strategy_name.to_sym)
url_path = "/users/auth/#{active_provider.strategy_name}"
if url_path[0] == '/' and root_url[-1] == '/'
url_path = root_url + url_path[1..-1]
else

2
app/views/users_mailer/notify_user_account_created.html.erb
View File

@ -38,7 +38,7 @@
<p>
<%= t('.body.thanks_to_') %>
<a href="<%= root_url+user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>?auth_token=<%= @user.auth_token %>" target="_blank">
<a href="<%= "#{root_url}/users/auth/#{active_provider.strategy_name}?auth_token=#{@user.auth_token}"%>" target="_blank">
<%= t('body.logon_or_login', PROVIDER: active_provider.name )%>
</a>
</p>

5
config/initializers/devise_async.rb
View File

@ -1,5 +0,0 @@
Devise::Async.setup do |config|
config.enabled = true
config.backend = :sidekiq
config.queue = :devise_mailer
end