rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-02-26 20:54:21 +01:00
Code Issues Releases Activity

Merge branch 'dev' into host

Browse Source
This commit is contained in:
Sylvain 2019-03-25 16:17:23 +01:00
commit 2ac0336adb
13 changed files with 71 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog Fab Manager # Changelog Fab Manager
- Fix a security issue: updated to devise 4.6.0 to fix [CVE-2019-5421](https://github.com/plataformatec/devise/issues/4981)
- Fix a security issue: updated Rails to 4.2.11.1 to fix [CVE-2019-5418](https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q) and [CVE-2019-5419](https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI)
- [TODO DEPLOY] (dev) if applicable, you must first downgrade bundler to v1 `gem uninstall bundler --version=2.0.1 && gem install bundler --version=1.7.3 && bundle install`
## v2.8.4 2019 March 18 ## v2.8.4 2019 March 18
- Limit members search to 50 results to speed up queries - Limit members search to 50 results to speed up queries

5
Gemfile
View File

@ -2,7 +2,7 @@ source 'https://rubygems.org'
gem 'compass-rails', '2.0.4' gem 'compass-rails', '2.0.4'
# Bundle edge Rails instead: gem 'rails', github: 'rails/rails' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
gem 'rails', '4.2.11' gem 'rails', '4.2.11.1'
# Use SCSS for stylesheets # Use SCSS for stylesheets
gem 'sass-rails', '5.0.1' gem 'sass-rails', '5.0.1'
@ -73,8 +73,7 @@ gem 'seed_dump'
gem 'pg' gem 'pg'
gem 'devise' gem 'devise', ">= 4.6.0"
gem 'devise-async'
gem 'omniauth', '~> 1.6.0' gem 'omniauth', '~> 1.6.0'
gem 'omniauth-oauth2' gem 'omniauth-oauth2'

86
Gemfile.lock
View File

@ -14,39 +14,39 @@ GEM
specs: specs:
Ascii85 (1.0.2) Ascii85 (1.0.2)
aasm (4.1.0) aasm (4.1.0)
actionmailer (4.2.11) actionmailer (4.2.11.1)
actionpack (= 4.2.11) actionpack (= 4.2.11.1)
actionview (= 4.2.11) actionview (= 4.2.11.1)
activejob (= 4.2.11) activejob (= 4.2.11.1)
mail (~> 2.5, >= 2.5.4) mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
actionpack (4.2.11) actionpack (4.2.11.1)
actionview (= 4.2.11) actionview (= 4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
rack (~> 1.6) rack (~> 1.6)
rack-test (~> 0.6.2) rack-test (~> 0.6.2)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.2) rails-html-sanitizer (~> 1.0, >= 1.0.2)
actionpack-page_caching (1.0.2) actionpack-page_caching (1.0.2)
actionpack (>= 4.0.0, < 5) actionpack (>= 4.0.0, < 5)
actionview (4.2.11) actionview (4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
builder (~> 3.1) builder (~> 3.1)
erubis (~> 2.7.0) erubis (~> 2.7.0)
rails-dom-testing (~> 1.0, >= 1.0.5) rails-dom-testing (~> 1.0, >= 1.0.5)
rails-html-sanitizer (~> 1.0, >= 1.0.3) rails-html-sanitizer (~> 1.0, >= 1.0.3)
active_record_query_trace (1.4) active_record_query_trace (1.4)
activejob (4.2.11) activejob (4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
globalid (>= 0.3.0) globalid (>= 0.3.0)
activemodel (4.2.11) activemodel (4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
builder (~> 3.1) builder (~> 3.1)
activerecord (4.2.11) activerecord (4.2.11.1)
activemodel (= 4.2.11) activemodel (= 4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
arel (~> 6.0) arel (~> 6.0)
activesupport (4.2.11) activesupport (4.2.11.1)
i18n (~> 0.7) i18n (~> 0.7)
minitest (~> 5.1) minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4) thread_safe (~> 0.3, >= 0.3.4)
@ -70,7 +70,7 @@ GEM
axlsx_rails (0.4.0) axlsx_rails (0.4.0)
axlsx (>= 2.0.1) axlsx (>= 2.0.1)
rails (>= 3.1) rails (>= 3.1)
bcrypt (3.1.10) bcrypt (3.1.12)
binding_of_caller (0.7.3) binding_of_caller (0.7.3)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
bootstrap-sass (3.4.1) bootstrap-sass (3.4.1)
@ -119,7 +119,7 @@ GEM
compass (~> 1.0.0) compass (~> 1.0.0)
sass-rails (<= 5.0.1) sass-rails (<= 5.0.1)
sprockets (< 2.13) sprockets (< 2.13)
concurrent-ruby (1.1.4) concurrent-ruby (1.1.5)
connection_pool (2.2.0) connection_pool (2.2.0)
coveralls (0.8.16) coveralls (0.8.16)
json (>= 1.8, < 3) json (>= 1.8, < 3)
@ -135,15 +135,12 @@ GEM
debug_inspector (0.0.3) debug_inspector (0.0.3)
descendants_tracker (0.0.4) descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1) thread_safe (~> 0.3, >= 0.3.1)
devise (3.4.1) devise (4.6.1)
bcrypt (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 3.2.6, < 5) railties (>= 4.1.0, < 6.0)
responders responders
thread_safe (~> 0.1)
warden (~> 1.2.3) warden (~> 1.2.3)
devise-async (0.9.0)
devise (~> 3.2)
docile (1.1.5) docile (1.1.5)
domain_name (0.5.25) domain_name (0.5.25)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
@ -185,7 +182,7 @@ GEM
forgery (0.6.0) forgery (0.6.0)
friendly_id (5.1.0) friendly_id (5.1.0)
activerecord (>= 4.0.0) activerecord (>= 4.0.0)
globalid (0.4.1) globalid (0.4.2)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
has_secure_token (1.0.0) has_secure_token (1.0.0)
activerecord (>= 3.0) activerecord (>= 3.0)
@ -249,7 +246,7 @@ GEM
mimemagic (0.3.2) mimemagic (0.3.2)
mini_magick (4.2.0) mini_magick (4.2.0)
mini_mime (1.0.1) mini_mime (1.0.1)
mini_portile2 (2.3.0) mini_portile2 (2.4.0)
minitest (5.11.3) minitest (5.11.3)
minitest-reporters (1.1.8) minitest-reporters (1.1.8)
ansi ansi
@ -268,8 +265,8 @@ GEM
net-ssh-gateway (1.2.0) net-ssh-gateway (1.2.0)
net-ssh (>= 2.6.5) net-ssh (>= 2.6.5)
netrc (0.10.3) netrc (0.10.3)
nokogiri (1.8.5) nokogiri (1.10.1)
mini_portile2 (~> 2.3.0) mini_portile2 (~> 2.4.0)
notify_with (0.0.2) notify_with (0.0.2)
jbuilder (~> 2.0) jbuilder (~> 2.0)
rails (>= 4.2.0) rails (>= 4.2.0)
@ -318,16 +315,16 @@ GEM
rack-test (0.6.3) rack-test (0.6.3)
rack (>= 1.0) rack (>= 1.0)
railroady (1.5.3) railroady (1.5.3)
rails (4.2.11) rails (4.2.11.1)
actionmailer (= 4.2.11) actionmailer (= 4.2.11.1)
actionpack (= 4.2.11) actionpack (= 4.2.11.1)
actionview (= 4.2.11) actionview (= 4.2.11.1)
activejob (= 4.2.11) activejob (= 4.2.11.1)
activemodel (= 4.2.11) activemodel (= 4.2.11.1)
activerecord (= 4.2.11) activerecord (= 4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
bundler (>= 1.3.0, < 2.0) bundler (>= 1.3.0, < 2.0)
railties (= 4.2.11) railties (= 4.2.11.1)
sprockets-rails sprockets-rails
rails-deprecated_sanitizer (1.0.3) rails-deprecated_sanitizer (1.0.3)
activesupport (>= 4.2.0.alpha) activesupport (>= 4.2.0.alpha)
@ -344,9 +341,9 @@ GEM
rails_stdout_logging rails_stdout_logging
rails_serve_static_assets (0.0.4) rails_serve_static_assets (0.0.4)
rails_stdout_logging (0.0.3) rails_stdout_logging (0.0.3)
railties (4.2.11) railties (4.2.11.1)
actionpack (= 4.2.11) actionpack (= 4.2.11.1)
activesupport (= 4.2.11) activesupport (= 4.2.11.1)
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
rainbow (3.0.0) rainbow (3.0.0)
@ -497,7 +494,7 @@ GEM
coercible (~> 1.0) coercible (~> 1.0)
descendants_tracker (~> 0.0, >= 0.0.3) descendants_tracker (~> 0.0, >= 0.0.3)
equalizer (~> 0.0, >= 0.0.9) equalizer (~> 0.0, >= 0.0.9)
warden (1.2.3) warden (1.2.7)
rack (>= 1.0) rack (>= 1.0)
web-console (2.1.3) web-console (2.1.3)
activemodel (>= 4.0) activemodel (>= 4.0)
@ -531,8 +528,7 @@ DEPENDENCIES
compass-rails (= 2.0.4) compass-rails (= 2.0.4)
coveralls coveralls
database_cleaner database_cleaner
devise devise (>= 4.6.0)
devise-async
elasticsearch-model (~> 5) elasticsearch-model (~> 5)
elasticsearch-persistence (~> 5) elasticsearch-persistence (~> 5)
elasticsearch-rails (~> 5) elasticsearch-rails (~> 5)
@ -565,7 +561,7 @@ DEPENDENCIES
pundit pundit
rack-protection (= 1.5.5) rack-protection (= 1.5.5)
railroady railroady
rails (= 4.2.11) rails (= 4.2.11.1)
rails-observers rails-observers
rails_12factor rails_12factor
rb-readline rb-readline
@ -596,4 +592,4 @@ DEPENDENCIES
webmock webmock
BUNDLED WITH BUNDLED WITH
1.17.2 1.17.3

2
README.md
View File

@ -136,7 +136,7 @@ This procedure is not easy to follow so if you don't need to write some code for
10. Install bundler in the current RVM gemset 10. Install bundler in the current RVM gemset
```bash ```bash
gem install bundler gem install bundler --version=1.17.3
``` ```
11. Install the required ruby gems and javascript plugins 11. Install the required ruby gems and javascript plugins

2
app/assets/javascripts/controllers/application.js.erb
View File

@ -340,7 +340,7 @@ Application.Controllers.controller('ApplicationController', ['$rootScope', '$sco
var openLoginModal = function (toState, toParams, callback) { var openLoginModal = function (toState, toParams, callback) {
<% active_provider = AuthProvider.active %> <% active_provider = AuthProvider.active %>
<% if active_provider.providable_type != DatabaseProvider.name %> <% if active_provider.providable_type != DatabaseProvider.name %>
$window.location.href = '<%=user_omniauth_authorize_path(AuthProvider.active.strategy_name.to_sym)%>'; $window.location.href = '<%="/users/auth/#{active_provider.strategy_name}"%>';
<% else %> <% else %>
return $uibModal.open({ return $uibModal.open({
templateUrl: '<%= asset_path "shared/deviseModal.html" %>', templateUrl: '<%= asset_path "shared/deviseModal.html" %>',

4
app/assets/templates/shared/header.html.erb
View File

@ -53,9 +53,9 @@
<a href="#" class="font-sbold label text-md" ng-click="login($event)"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a> <a href="#" class="font-sbold label text-md" ng-click="login($event)"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a>
</li> </li>
<% else %> <% else %>
<li ng-if="!isAuthenticated()"><a href="<%= user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>" class="font-sbold label text-md"><i class="fa fa-rocket"></i> {{ 'sign_up' | translate }}</a></li> <li ng-if="!isAuthenticated()"><a href="<%= "/users/auth/#{active_provider.strategy_name}"%>" class="font-sbold label text-md"><i class="fa fa-rocket"></i> {{ 'sign_up' | translate }}</a></li>
<li ng-if="!isAuthenticated()"> <li ng-if="!isAuthenticated()">
<a href="<%= user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>" class="font-sbold label text-md"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a> <a href="<%= "/users/auth/#{active_provider.strategy_name}"%>" class="font-sbold label text-md"><i class="fa fa-sign-in"></i> {{ 'sign_in' | translate }}</a>
</li> </li>
<% end %> <% end %>
</ul> </ul>

15
app/controllers/application_controller.rb
View File

@ -30,11 +30,16 @@ class ApplicationController < ActionController::Base
end end
def configure_permitted_parameters def configure_permitted_parameters
devise_parameter_sanitizer.for(:sign_up) << devise_parameter_sanitizer.permit(:sign_up,
{ profile_attributes: [:phone, :last_name, :first_name, :gender, :birthday, :interest, :software_mastered, keys: [
organization_attributes: [:name, address_attributes: [:address]]] } { profile_attributes: [
:phone, :last_name, :first_name, :gender, :birthday,
devise_parameter_sanitizer.for(:sign_up).concat %i[username is_allow_contact is_allow_newsletter cgu group_id] :interest, :software_mastered, organization_attributes: [
:name, address_attributes: [:address]
]
] },
:username, :is_allow_contact, :is_allow_newsletter, :cgu, :group_id
])
end end
def default_url_options def default_url_options

2
app/controllers/sessions_controller.rb
View File

@ -4,7 +4,7 @@ class SessionsController < Devise::SessionsController
def new def new
active_provider = AuthProvider.active active_provider = AuthProvider.active
if active_provider.providable_type != DatabaseProvider.name if active_provider.providable_type != DatabaseProvider.name
redirect_to user_omniauth_authorize_path(active_provider.strategy_name.to_sym) redirect_to "/users/auth/#{active_provider.strategy_name}"
else else
super super
end end

6
app/models/user.rb
View File

@ -8,7 +8,7 @@ class User < ActiveRecord::Base
# Include default devise modules. Others available are: # Include default devise modules. Others available are:
# :lockable, :timeoutable and :omniauthable # :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable, devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable,
:confirmable, :async :confirmable
rolify rolify
# enable OmniAuth authentication only if needed # enable OmniAuth authentication only if needed
@ -325,6 +325,10 @@ class User < ActiveRecord::Base
create_wallet create_wallet
end end
def send_devise_notification(notification, *args)
devise_mailer.send(notification, self, *args).deliver_later
end
def notify_admin_when_user_is_created def notify_admin_when_user_is_created
if need_completion? && !provider.nil? if need_completion? && !provider.nil?
NotificationCenter.call type: 'notify_admin_when_user_is_imported', NotificationCenter.call type: 'notify_admin_when_user_is_imported',

4
app/views/api/auth_providers/active.json.jbuilder
View File

@ -4,9 +4,9 @@ json.link_to_sso_profile @provider.link_to_sso_profile
if @provider.providable_type == DatabaseProvider.name if @provider.providable_type == DatabaseProvider.name
json.link_to_sso_connect '/#' json.link_to_sso_connect '/#'
else else
json.link_to_sso_connect user_omniauth_authorize_path(@provider.strategy_name.to_sym) json.link_to_sso_connect "/users/auth/#{@provider.strategy_name}"
end end
if @provider.providable_type == OAuth2Provider.name if @provider.providable_type == OAuth2Provider.name
json.domain @provider.providable.domain json.domain @provider.providable.domain
end end

2
app/views/notifications_mailer/notify_user_auth_migration.html.erb
View File

@ -15,7 +15,7 @@
<% active_provider = AuthProvider.active %> <% active_provider = AuthProvider.active %>
<%= render 'notifications_mailer/shared/hello', recipient: @recipient %> <%= render 'notifications_mailer/shared/hello', recipient: @recipient %>
<% <%
url_path = user_omniauth_authorize_path(active_provider.strategy_name.to_sym) url_path = "/users/auth/#{active_provider.strategy_name}"
if url_path[0] == '/' and root_url[-1] == '/' if url_path[0] == '/' and root_url[-1] == '/'
url_path = root_url + url_path[1..-1] url_path = root_url + url_path[1..-1]
else else

2
app/views/users_mailer/notify_user_account_created.html.erb
View File

@ -38,7 +38,7 @@
<p> <p>
<%= t('.body.thanks_to_') %> <%= t('.body.thanks_to_') %>
<a href="<%= root_url+user_omniauth_authorize_path(active_provider.strategy_name.to_sym)%>?auth_token=<%= @user.auth_token %>" target="_blank"> <a href="<%= "#{root_url}/users/auth/#{active_provider.strategy_name}?auth_token=#{@user.auth_token}"%>" target="_blank">
<%= t('body.logon_or_login', PROVIDER: active_provider.name )%> <%= t('body.logon_or_login', PROVIDER: active_provider.name )%>
</a> </a>
</p> </p>

5
config/initializers/devise_async.rb
View File

@ -1,5 +0,0 @@
Devise::Async.setup do |config|
config.enabled = true
config.backend = :sidekiq
config.queue = :devise_mailer
end