kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Add latest changes from gitlab-org/gitlab@master

Browse source
This commit is contained in:
GitLab Bot 2022-09-15 09:12:58 +00:00
parent 9a0e0265e4
commit b83c1bf235
51 changed files with 1229 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
.gitlab/ci/rules.gitlab-ci.yml
View file

@ -1544,6 +1544,12 @@
changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"]
- <<: *if-merge-request-labels-run-all-rspec
.vendor:rules:bundler-checksum:
rules:
- <<: *if-merge-request
changes: ["vendor/gems/bundler-checksum/**/*"]
- <<: *if-merge-request-labels-run-all-rspec
##################
# Releases rules #
##################

8
.gitlab/ci/vendored-gems.gitlab-ci.yml
View file

@ -69,3 +69,11 @@ vendor devise-pbkdf2-encryptable:
trigger:
include: vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml
strategy: depend
vendor bundler-checksum:
extends:
- .vendor:rules:bundler-checksum
needs: []
trigger:
include: vendor/gems/bundler-checksum/.gitlab-ci.yml
strategy: depend

13
Gemfile
View file

@ -2,6 +2,8 @@
source 'https://rubygems.org'
gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', require: false
gem 'rails', '~> 6.1.6.1'
gem 'bootsnap', '~> 1.13.0', require: false
@ -36,7 +38,8 @@ gem 'doorkeeper', '~> 5.5.0.rc2'
gem 'doorkeeper-openid_connect', '~> 1.7.5'
gem 'rexml', '~> 3.2.5'
gem 'ruby-saml', '~> 1.13.0'
gem 'omniauth', '~> 1.8'
gem 'omniauth-rails_csrf_protection'
gem 'omniauth', '~> 2.1.0'
gem 'omniauth-auth0', '~> 2.0.0'
gem 'omniauth-azure-activedirectory-v2', '~> 1.0'
gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md
@ -44,16 +47,16 @@ gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/
gem 'omniauth-dingtalk-oauth2', '~> 1.0'
gem 'omniauth-alicloud', '~> 1.0.1'
gem 'omniauth-facebook', '~> 4.0.0'
gem 'omniauth-github', '~> 1.4'
gem 'omniauth-github', '2.0.0'
gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md
gem 'omniauth-google-oauth2', '~> 0.6.0', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md
gem 'omniauth-google-oauth2', '~> 1.0.1', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md
gem 'omniauth-oauth2-generic', '~> 0.2.2'
gem 'omniauth-saml', '~> 1.10'
gem 'omniauth-saml', '~> 2.0.0'
gem 'omniauth-shibboleth', '~> 1.3.0'
gem 'omniauth-twitter', '~> 1.4'
gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md
gem 'omniauth-authentiq', '~> 0.3.3'
gem 'gitlab-omniauth-openid-connect', '~> 0.9.0', require: 'omniauth_openid_connect'
gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect'
gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md
gem 'omniauth-atlassian-oauth2', '~> 0.2.0'
gem 'rack-oauth2', '~> 1.21.2'

63
Gemfile.lock
View file

@ -1,3 +1,9 @@
PATH
remote: vendor/gems/bundler-checksum
specs:
bundler-checksum (0.1.0)
bundler
PATH
remote: vendor/gems/devise-pbkdf2-encryptable
specs:
@ -29,7 +35,7 @@ PATH
specs:
omniauth-azure-oauth2 (0.0.10)
jwt (>= 1.0, < 3.0)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.4)
PATH
@ -38,28 +44,29 @@ PATH
omniauth-cas3 (1.1.4)
addressable (~> 2.3)
nokogiri (~> 1.7, >= 1.7.1)
omniauth (~> 1.2, < 3)
omniauth (~> 2.0)
PATH
remote: vendor/gems/omniauth-gitlab
specs:
omniauth-gitlab (4.0.0)
omniauth (~> 1.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
PATH
remote: vendor/gems/omniauth-google-oauth2
specs:
omniauth-google-oauth2 (0.6.0)
omniauth-google-oauth2 (1.0.1)
jwt (>= 2.0)
omniauth (>= 1.9, < 3)
omniauth-oauth2 (>= 1.5)
oauth2 (~> 2.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
PATH
remote: vendor/gems/omniauth-salesforce
specs:
omniauth-salesforce (1.0.5)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.0)
PATH
@ -68,7 +75,7 @@ PATH
omniauth_crowd (2.4.0)
activesupport
nokogiri (>= 1.4.4)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
GEM
remote: https://rubygems.org/
@ -565,9 +572,9 @@ GEM
gitlab-mail_room (0.0.9)
gitlab-markup (1.8.0)
gitlab-net-dns (0.9.1)
gitlab-omniauth-openid-connect (0.9.1)
gitlab-omniauth-openid-connect (0.10.0)
addressable (~> 2.7)
omniauth (~> 1.9)
omniauth (>= 1.9, < 3)
openid_connect (~> 1.2)
gitlab-sidekiq-fetcher (0.8.0)
sidekiq (~> 6.1)
@ -913,9 +920,10 @@ GEM
train-core
wmi-lite (~> 1.0)
oj (3.13.21)
omniauth (1.9.1)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
omniauth-alicloud (1.0.1)
omniauth-oauth2 (~> 1.7.1)
omniauth-atlassian-oauth2 (0.2.0)
@ -932,9 +940,9 @@ GEM
omniauth-oauth2 (~> 1.7)
omniauth-facebook (4.0.0)
omniauth-oauth2 (~> 1.2)
omniauth-github (1.4.0)
omniauth (~> 1.5)
omniauth-oauth2 (>= 1.4.0, < 2.0)
omniauth-github (2.0.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
omniauth-oauth (1.2.0)
oauth
omniauth (>= 1.0, < 3)
@ -943,9 +951,12 @@ GEM
omniauth (>= 1.9, < 3)
omniauth-oauth2-generic (0.2.2)
omniauth-oauth2 (~> 1.0)
omniauth-saml (1.10.0)
omniauth (~> 1.3, >= 1.3.2)
ruby-saml (~> 1.7)
omniauth-rails_csrf_protection (1.0.1)
actionpack (>= 4.2)
omniauth (~> 2.0)
omniauth-saml (2.0.0)
omniauth (~> 2.0)
ruby-saml (~> 1.9)
omniauth-shibboleth (1.3.0)
omniauth (>= 1.0.0)
omniauth-twitter (1.4.0)
@ -1054,6 +1065,8 @@ GEM
httpclient
json-jwt (>= 1.11.0)
rack (>= 2.1.0)
rack-protection (2.2.2)
rack
rack-proxy (0.7.2)
rack
rack-test (1.1.0)
@ -1446,7 +1459,7 @@ GEM
validate_email (0.1.6)
activemodel (>= 3.0)
mail (>= 2.2.5)
validate_url (1.0.13)
validate_url (1.0.15)
activemodel (>= 3.0.0)
public_suffix
validates_hostname (1.0.11)
@ -1533,6 +1546,7 @@ DEPENDENCIES
browser (~> 4.2)
bullet (~> 7.0.2)
bundler-audit (~> 0.7.0.1)
bundler-checksum (~> 0.1.0)!
capybara (~> 3.35.3)
capybara-screenshot (~> 1.0.22)
carrierwave (~> 1.3)
@ -1599,7 +1613,7 @@ DEPENDENCIES
gitlab-mail_room (~> 0.0.9)
gitlab-markup (~> 1.8.0)
gitlab-net-dns (~> 0.9.1)
gitlab-omniauth-openid-connect (~> 0.9.0)
gitlab-omniauth-openid-connect (~> 0.10.0)
gitlab-sidekiq-fetcher (= 0.8.0)
gitlab-styles (~> 8.0.0)
gitlab_chronic_duration (~> 0.10.6.2)
@ -1666,7 +1680,7 @@ DEPENDENCIES
octokit (~> 4.15)
ohai (~> 16.10)
oj (~> 3.13.21)
omniauth (~> 1.8)
omniauth (~> 2.1.0)
omniauth-alicloud (~> 1.0.1)
omniauth-atlassian-oauth2 (~> 0.2.0)
omniauth-auth0 (~> 2.0.0)
@ -1676,12 +1690,13 @@ DEPENDENCIES
omniauth-cas3 (~> 1.1.4)!
omniauth-dingtalk-oauth2 (~> 1.0)
omniauth-facebook (~> 4.0.0)
omniauth-github (~> 1.4)
omniauth-github (= 2.0.0)
omniauth-gitlab (~> 4.0.0)!
omniauth-google-oauth2 (~> 0.6.0)!
omniauth-google-oauth2 (~> 1.0.1)!
omniauth-oauth2-generic (~> 0.2.2)
omniauth-rails_csrf_protection
omniauth-salesforce (~> 1.0.5)!
omniauth-saml (~> 1.10)
omniauth-saml (~> 2.0.0)
omniauth-shibboleth (~> 1.3.0)
omniauth-twitter (~> 1.4)
omniauth_crowd (~> 2.4.0)!

4
app/assets/javascripts/pages/dashboard/todos/index/todos.js
View file

@ -140,10 +140,10 @@ export default class Todos {
restoreBtn.classList.add('hidden');
doneBtn.classList.remove('hidden');
} else if (target === doneBtn) {
row.classList.add('done-reversible');
row.classList.add('done-reversible', 'gl-bg-gray-50', 'gl-border-gray-100');
restoreBtn.classList.remove('hidden');
} else if (target === restoreBtn) {
row.classList.remove('done-reversible');
row.classList.remove('done-reversible', 'gl-bg-gray-50', 'gl-border-gray-100');
doneBtn.classList.remove('hidden');
} else {
row.parentNode.removeChild(row);

32
app/assets/stylesheets/page_bundles/todos.scss
View file

@ -9,12 +9,6 @@
// workaround because we cannot use border-collapse
border-top: 1px solid transparent;
&:hover {
background-color: var(--blue-50, $blue-50);
border-color: var(--blue-200, $blue-200);
cursor: pointer;
}
// overwrite border style of .content-list
&:last-child {
border-bottom: 1px solid transparent;
@ -26,8 +20,6 @@
&.todo-pending.done-reversible {
&:hover {
border-color: var(--border-color, $border-color);
background-color: var(--gray-50, $gray-50);
border-top: 1px solid transparent;
.todo-avatar,
@ -40,20 +32,12 @@
.todo-item {
opacity: 0.2;
}
.btn {
background-color: var(--gray-50, $gray-50);
}
}
}
.todo-item {
@include transition(opacity);
.status-box {
line-height: inherit;
}
.todo-label,
.todo-project {
a {
@ -66,22 +50,6 @@
color: var(--gl-text-color, $gl-text-color);
}
pre {
border: 0;
background: var(--gray-50, $gray-50);
border-radius: 0;
color: var(--gray-500, $gray-500);
margin: 0 20px;
overflow: hidden;
}
.note-image-attach {
margin-top: 4px;
margin-left: 0;
max-width: 200px;
float: none;
}
.gl-label-scoped {
--label-inset-border: inset 0 0 0 1px currentColor;
}

8
app/views/dashboard/todos/_todo.html.haml
View file

@ -1,4 +1,4 @@
%li.todo{ class: "todo-#{todo.done? ? 'done' : 'pending'}", id: dom_id(todo), data: { url: todo_target_path(todo) } }
%li.todo.gl-hover-border-blue-200.gl-hover-bg-blue-50.gl-hover-cursor-pointer{ class: "todo-#{todo.done? ? 'done' : 'pending'}", id: dom_id(todo), data: { url: todo_target_path(todo) } }
.gl-display-flex.gl-flex-direction-row
.todo-avatar.gl-display-none.gl-sm-display-inline-block
= author_avatar(todo, size: 40)
@ -49,13 +49,13 @@
.todo-actions.gl-ml-3
- if todo.pending?
= link_to dashboard_todo_path(todo), method: :delete, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-done-todo', data: { href: dashboard_todo_path(todo) } do
= link_to dashboard_todo_path(todo), method: :delete, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-done-todo', data: { href: dashboard_todo_path(todo) } do
= gl_loading_icon(inline: true)
= _('Done')
= link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-undo-todo hidden', data: { href: restore_dashboard_todo_path(todo) } do
= link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-undo-todo hidden', data: { href: restore_dashboard_todo_path(todo) } do
= gl_loading_icon(inline: true)
= _('Undo')
- else
= link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-add-todo', data: { href: restore_dashboard_todo_path(todo) } do
= link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-add-todo', data: { href: restore_dashboard_todo_path(todo) } do
= gl_loading_icon(inline: true)
= _('Add a to do')

15
app/views/notify/_successful_pipeline.html.haml
View file

@ -16,7 +16,8 @@
%table.table-info{ border: "0", cellpadding: "0", cellspacing: "0", style: "width:100%;" }
%tbody
%tr
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;" } Project
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;" }
= _('Project')
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;" }
- namespace_name = @project.group ? @project.group.name : @project.namespace.owner.name
- namespace_url = @project.group ? group_url(@project.group) : user_url(@project.namespace.owner)
@ -26,7 +27,8 @@
%a.muted{ href: project_url(@project), style: "color:#333333;text-decoration:none;" }
= @project.name
%tr
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Branch
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" }
= _('Branch')
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
%table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
%tbody
@ -37,7 +39,8 @@
%a.muted{ href: commits_url(@pipeline), style: "color:#333333;text-decoration:none;" }
= @pipeline.source_ref
%tr
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" }
= _('Commit')
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:400;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
%table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
%tbody
@ -55,7 +58,8 @@
= @pipeline.git_commit_message.truncate(50)
- commit = @pipeline.commit
%tr
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit Author
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" }
= s_('Notify|Commit Author')
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
%table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
%tbody
@ -71,7 +75,8 @@
= commit.author_name
- if commit.different_committer?
%tr
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Committed by
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" }
= s_('Notify|Committed by')
%td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" }
%table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" }
%tbody

2
app/views/notify/pipeline_fixed_email.html.haml
View file

@ -1 +1 @@
= render 'notify/successful_pipeline', title: "Pipeline has been fixed and ##{@pipeline.id} has passed!"
= render 'notify/successful_pipeline', title: s_('Notify|Pipeline has been fixed and #%{pipeline_id} has passed!') % {pipeline_id: @pipeline.id}

11
config/initializers/omniauth.rb
View file

@ -11,6 +11,17 @@ if Gitlab::Auth::Ldap::Config.enabled?
end
end
module OmniAuth
module Strategies
class AzureActivedirectoryV2
# override until https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 is merged
def callback_url
full_host + callback_path
end
end
end
end
OmniAuth.config.full_host = Gitlab::OmniauthInitializer.full_host
OmniAuth.config.allowed_request_methods = [:post]

4
doc/api/groups.md
View file

@ -988,8 +988,8 @@ PUT /groups/:id
| `unique_project_download_limit` **(ULTIMATE)** | integer | no | Maximum number of unique projects a user can download in the specified time period before they are banned. Available only on top-level groups. Default: 0, Maximum: 10,000. |
| `unique_project_download_limit_interval_in_seconds` **(ULTIMATE)** | integer | no | Time period during which a user can download a maximum amount of projects before they are banned. Available only on top-level groups. Default: 0, Maximum: 864,000 seconds (10 days). |
| `unique_project_download_limit_allowlist` **(ULTIMATE)** | array of strings | no | List of usernames excluded from the unique project download limit. Available only on top-level groups. Default: `[]`, Maximum: 100 usernames. |
| `auto_ban_user_on_excessive_projects_download` **(ULTIMATE)** | boolean | no | When enabled, users will get automatically banned from the group when they download more than the maximum number of unique projects in the time period specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds` respectively. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4 |
| `ip_restriction_ranges` **(PREMIUM)** | string | no | Comman separated IP addresses or subnet masks value to restrict group access, [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4 |
| `auto_ban_user_on_excessive_projects_download` **(ULTIMATE)** | boolean | no | When enabled, users are automatically banned from the group when they download more than the maximum number of unique projects specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4. |
| `ip_restriction_ranges` **(PREMIUM)** | string | no | Comma-separated list of IP addresses or subnet masks to restrict group access. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4. |
NOTE:
The `projects` and `shared_projects` attributes in the response are deprecated and [scheduled for removal in API v5](https://gitlab.com/gitlab-org/gitlab/-/issues/213797).

24
doc/user/project/settings/import_export.md
View file

@ -57,7 +57,15 @@ moved to your configured `uploads_directory`. Every 24 hours, a worker deletes t
### Items that are exported
The following items are exported:
The [`import_export.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/import_export/project/import_export.yml)
file lists the items exported and imported when migrating projects using file exports. View this file in the branch
for your version of GitLab to see the list of items relevant to you. For example,
[`import_export.yml` on the `14-10-stable-ee` branch](https://gitlab.com/gitlab-org/gitlab/-/blob/14-10-stable-ee/lib/gitlab/import_export/project/import_export.yml).
Migrating projects with file exports uses the same export and import mechanisms as creating projects from templates at the [group](../../group/custom_project_templates.md) and
[instance](../../admin_area/custom_project_templates.md) levels. Therefore, the list of exported items is the same.
Items that are exported include:
- Project and wiki repositories
- Project uploads
@ -100,15 +108,6 @@ Items that are **not** exported include:
- Deploy keys allowed to push to protected branches
- Secure Files
These content rules also apply to creating projects from templates on the
[group](../../group/custom_project_templates.md)
or [instance](../../admin_area/custom_project_templates.md)
levels, because the same export and import mechanisms are used.
NOTE:
For more details on the specific data persisted in a project export, see the
[`import_export.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/import_export/project/import_export.yml) file.
## Import a project and its data
> Default maximum import file size [changed](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50 MB to unlimited in GitLab 13.8.
@ -179,7 +178,8 @@ Imported users can be mapped by their public email addresses on self-managed ins
- Public email addresses are not set by default. Users must [set it in their profiles](../../profile/index.md#set-your-public-email)
for mapping to work correctly.
- For contributions to be mapped correctly, users must be an existing member of the namespace,
or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original author and the MRs, notes, or issues that are owned by the importer.
or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original
author and the merge requests, notes, or issues that are owned by the importer.
- Imported users are set as [direct members](../members/index.md)
in the imported project.
@ -416,5 +416,5 @@ Error adding importer user to Project members.
Validation failed: User project bots cannot be added to other groups / projects
```
To use [Import REST APIs](../../../api/project_import_export.md),
To use [Import REST API](../../../api/project_import_export.md),
pass regular user account credentials such as [personal access tokens](../../profile/personal_access_tokens.md).

9
locale/gitlab.pot
View file

@ -27117,6 +27117,12 @@ msgstr ""
msgid "Notify|CI/CD project settings"
msgstr ""
msgid "Notify|Commit Author"
msgstr ""
msgid "Notify|Committed by"
msgstr ""
msgid "Notify|Don't want to receive updates from GitLab administrators?"
msgstr ""
@ -27195,6 +27201,9 @@ msgstr ""
msgid "Notify|Pipeline %{pipeline_link} triggered by"
msgstr ""
msgid "Notify|Pipeline has been fixed and #%{pipeline_id} has passed!"
msgstr ""
msgid "Notify|Remote mirror"
msgstr ""

28
vendor/gems/bundler-checksum/.gitlab-ci.yml vendored Normal file
View file

@ -0,0 +1,28 @@
workflow:
rules:
- if: $CI_MERGE_REQUEST_ID
.test:
cache:
key: bundler-checksum
paths:
- vendor/gems/bundler-checksum/vendor/ruby
before_script:
- cd vendor/gems/bundler-checksum
- ruby -v # Print out ruby version for debugging
- gem install bundler --no-document # Bundler is not installed with the image
- bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby
- bundle config set with 'development'
- bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI
- bundle config # Show bundler configuration
- bundle install -j $(nproc)
script:
- pushd test/project_with_checksum_lock && scripts/test
test-2.7:
image: "ruby:2.7"
extends: .test
test-3.0:
image: "ruby:3.0"
extends: .test

5
vendor/gems/bundler-checksum/Gemfile vendored Normal file
View file

@ -0,0 +1,5 @@
# frozen_string_literal: true
source 'https://rubygems.org/'
gemspec

18
vendor/gems/bundler-checksum/Gemfile.lock vendored Normal file
View file

@ -0,0 +1,18 @@
PATH
remote: .
specs:
bundler-checksum (0.1.0)
bundler
GEM
remote: https://rubygems.org/
specs:
PLATFORMS
ruby
DEPENDENCIES
bundler-checksum!
BUNDLED WITH
2.3.17

19
vendor/gems/bundler-checksum/LICENSE vendored Normal file
View file

@ -0,0 +1,19 @@
Copyright (c) 2022-present GitLab B.V.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

32
vendor/gems/bundler-checksum/README.md vendored Normal file
View file

@ -0,0 +1,32 @@
# bundler-checksum
Bundler patch for verifying local gem checksums
## Install
Add the following to your Gemfile:
```
if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental
require 'bundler-checksum'
Bundler::Checksum.patch!
end
```
## Usage
Once the gem is installed, bundler-checksum will verify gems before
installation.
If a new or updated gem is to be installed, the remote checksum of that gem is stored in `Gemfile.checksum`.
Checksum entries for other versions of the gem are removed from `Gemfile.checksum`.
If a version of a gem is to be installed that is already present in `Gemfile.checksum`, the remote and local
checksums are compared and an error is prompted if they do not match.
Gem checksums for all platforms are stored in `Gemfile.checksum`.
When `bundler-checksum` runs it will only verify the checksum for the platform that `bundle` wants to download.
## Development

6
vendor/gems/bundler-checksum/bin/bundler-checksum vendored Executable file
View file

@ -0,0 +1,6 @@
#!/usr/bin/env ruby
require 'bundler-checksum'
require 'bundler/checksum/command'
Bundler::Checksum::Command.execute(ARGV)

22
vendor/gems/bundler-checksum/bundler-checksum.gemspec vendored Normal file
View file

@ -0,0 +1,22 @@
# frozen_string_literal: true
require_relative 'lib/bundler/checksum/version'
Gem::Specification.new do |spec|
spec.name = 'bundler-checksum'
spec.version = Bundler::Checksum::VERSION
spec.authors = ['dustinmm80']
spec.email = ['dcollins@gitlab.com']
spec.summary = 'Track checksums locally with Bundler'
spec.description = 'Track checksums locally with Bundler'
spec.homepage = 'https://gitlab.com/gitlab-org/gitlab/-/tree/master/vendor/gems/bundler-checksum'
spec.license = 'MIT'
spec.files = Dir['bin/*', 'lib/**/*.rb']
spec.bindir = 'bin'
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
spec.require_paths = ['lib']
spec.add_dependency 'bundler'
end

1
vendor/gems/bundler-checksum/lib/bundler-checksum.rb vendored Normal file
View file

@ -0,0 +1 @@
require 'bundler/checksum'

109
vendor/gems/bundler-checksum/lib/bundler/checksum.rb vendored Normal file
View file

@ -0,0 +1,109 @@
# frozen_string_literal: true
require 'bundler'
require 'bundler/checksum/version'
require 'json'
module Bundler
module Patches
# This module monkey-patches Bundler to check Gemfile.checksum
# when installing gems that are from RubyGems
module RubyGemsInstallerPatch
def pre_install_checks
super && validate_local_package_checksum
end
private
def validate_local_package_checksum
cached_checksum = fetch_checksum_from_file(spec)
if cached_checksum.nil?
raise SecurityError, "Cached checksum for #{spec.full_name} not found. Please (re-)generate Gemfile.checksum"
end
validate_file_checksum(cached_checksum)
end
def fetch_checksum_from_file(spec)
::Bundler::Checksum.checksum_for(spec.name, spec.version.to_s, spec.platform.to_s)
end
# Modified from
# https://github.com/rubygems/rubygems/blob/243173279e79a38f03e318eea8825d1c8824e119/bundler/lib/bundler/rubygems_gem_installer.rb#L116
def validate_file_checksum(checksum)
return true if Bundler.settings[:disable_checksum_validation]
source = @package.instance_variable_get(:@gem)
# Contary to upstream, we raise instead of silently returning
raise "#{@package.inspect} does not have :@gem" unless source
raise "#{source.inspect} does not respond to :with_read_io" unless source.respond_to?(:with_read_io)
digest = source.with_read_io do |io|
digest = SharedHelpers.digest(:SHA256).new
digest << io.read(16_384) until io.eof?
io.rewind
send(checksum_type(checksum), digest)
end
unless digest == checksum
raise SecurityError, <<-MESSAGE
Bundler cannot continue installing #{spec.name} (#{spec.version}).
The checksum for the downloaded `#{spec.full_name}.gem` does not match \
the checksum from the checksum file. This means the contents of the downloaded \
gem is different from what was recorded in the checksum file, and could be potential security issue.
gem is different from what was uploaded to the server, and could be a potential security issue.
To resolve this issue:
1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem`
2. run `bundle install`
If you wish to continue installing the downloaded gem, and are certain it does not pose a \
security issue despite the mismatching checksum, do the following:
1. run `bundle config set --local disable_checksum_validation true` to turn off checksum verification
2. run `bundle install`
(More info: The expected SHA256 checksum was #{checksum.inspect}, but the \
checksum for the downloaded gem was #{digest.inspect}.)
MESSAGE
end
true
end
end
end
end
module Bundler
module Checksum
class << self
def checksum_file
@checksum_file ||= File.join(File.dirname(Bundler.default_gemfile), 'Gemfile.checksum')
end
def checksums_from_file
@checksums_from_file ||= JSON.parse(File.open(checksum_file).read, symbolize_names: true)
rescue JSON::ParserError => e
raise "Invalid checksum file: #{e.message}"
end
def checksum_for(gem_name, gem_version, gem_platform)
item = checksums_from_file.detect do |item|
item[:name] == gem_name &&
item[:platform] == gem_platform &&
item[:version] == gem_version
end
item&.fetch(:checksum)
end
def patch!
return if defined?(@patched) && @patched
@patched = true
Bundler.ui.info "Patching bundler with bundler-checksum..."
require 'bundler/rubygems_gem_installer'
::Bundler::RubyGemsGemInstaller.prepend(Bundler::Patches::RubyGemsInstallerPatch)
end
end
end
end

27
vendor/gems/bundler-checksum/lib/bundler/checksum/command.rb vendored Normal file
View file

@ -0,0 +1,27 @@
# frozen_string_literal: true
module Bundler::Checksum
module Command
autoload :Init, File.expand_path("command/init", __dir__)
autoload :Verify, File.expand_path("command/verify", __dir__)
autoload :Helper, File.expand_path("command/helper", __dir__)
def self.execute(args)
if args.empty?
$stderr.puts 'A command must be given [init,update,verify]'
end
if args.first == 'init'
Init.execute
elsif args.first == 'update'
$stderr.puts 'Not implemented, please use init'
elsif args.first == 'verify'
verified = Verify.execute
unless verified
exit 1
end
end
end
end
end

28
vendor/gems/bundler-checksum/lib/bundler/checksum/command/helper.rb vendored Normal file
View file

@ -0,0 +1,28 @@
# frozen_string_literal: true
require 'json'
require 'net/http'
module Bundler::Checksum::Command
module Helper
extend self
def remote_checksums_for_gem(gem_name, gem_version)
response = Net::HTTP.get_response(URI(
"https://rubygems.org/api/v1/versions/#{gem_name}.json"
))
return [] unless response.code == '200'
gem_candidates = JSON.parse(response.body, symbolize_names: true)
gem_candidates.select! { |g| g[:number] == gem_version.to_s }
gem_candidates.map {
|g| {:name => gem_name, :version => gem_version, :platform => g[:platform], :checksum => g[:sha]}
}
rescue JSON::ParserError
[]
end
end
end

66
vendor/gems/bundler-checksum/lib/bundler/checksum/command/init.rb vendored Normal file
View file

@ -0,0 +1,66 @@
# frozen_string_literal: true
require 'openssl'
module Bundler::Checksum::Command
module Init
extend self
def execute
$stderr.puts "Initializing checksum file #{checksum_file}"
checksums = []
compact_index_cache = Bundler::Fetcher::CompactIndex
.new(nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil)
.send(:compact_index_client)
.instance_variable_get(:@cache)
seen = []
Bundler.definition.resolve.sort_by(&:name).each do |spec|
next unless spec.source.is_a?(Bundler::Source::Rubygems)
next if seen.include?(spec.name)
seen << spec.name
$stderr.puts "Adding #{spec.name}==#{spec.version}"
compact_index_dependencies = compact_index_cache.dependencies(spec.name).select { |item| item.first == spec.version.to_s }
if !compact_index_dependencies.empty?
compact_index_checksums = compact_index_dependencies.map do |version, platform, dependencies, requirements|
{
name: spec.name,
version: spec.version.to_s,
platform: Gem::Platform.new(platform).to_s,
checksum: requirements.detect { |requirement| requirement.first == 'checksum' }.flatten[1]
}
end
checksums += compact_index_checksums.sort_by { |hash| hash.values }
else
remote_checksum = Helper.remote_checksums_for_gem(spec.name, spec.version)
if remote_checksum.empty?
raise "#{spec.name} #{spec.version} not found on Rubygems!"
end
checksums += remote_checksum.sort_by { |hash| hash.values }
end
end
File.write(checksum_file, JSON.generate(checksums, array_nl: "\n") + "\n")
end
private
def checksum_file
::Bundler::Checksum.checksum_file
end
def lockfile
lockfile_path = Bundler.default_lockfile
lockfile = Bundler::LockfileParser.new(Bundler.read_file(lockfile_path))
end
end
end

52
vendor/gems/bundler-checksum/lib/bundler/checksum/command/verify.rb vendored Normal file
View file

@ -0,0 +1,52 @@
# frozen_string_literal: true
module Bundler::Checksum::Command
module Verify
extend self
def execute
$stderr.puts 'Verifying bundle checksums'
verified = true
local_checksums.each do |gem|
name = gem.fetch(:name)
version = gem.fetch(:version)
platform = gem.fetch(:platform)
checksum = gem.fetch(:checksum)
$stderr.puts "Verifying #{name}==#{version} #{platform}"
unless validate_gem_checksum(name, version, platform, checksum)
verified = false
end
end
verified
end
private
def local_checksums
::Bundler::Checksum.checksums_from_file
end
def validate_gem_checksum(gem_name, gem_version, gem_platform, local_checksum)
remote_checksums = Helper.remote_checksums_for_gem(gem_name, gem_version)
if remote_checksums.empty?
$stderr.puts "#{gem_name} #{gem_version} not found on Rubygems, skipping"
return false
end
remote_platform_checksum = remote_checksums.find { |g| g[:name] == gem_name && g[:platform] == gem_platform.to_s }
if local_checksum == remote_platform_checksum[:checksum]
true
else
$stderr.puts "Gem #{gem_name} #{gem_version} #{gem_platform} failed checksum verification"
$stderr.puts "LOCAL: #{local_checksum}"
$stderr.puts "REMOTE: #{remote_platform_checksum[:checksum]}"
return false
end
end
end
end

8
vendor/gems/bundler-checksum/lib/bundler/checksum/version.rb vendored Normal file
View file

@ -0,0 +1,8 @@
# frozen_string_literal: true
module Bundler
module Checksum
# bundler-checksum version
VERSION = '0.1.0'
end
end

11
vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile vendored Normal file
View file

@ -0,0 +1,11 @@
# frozen_string_literal: true
source 'https://rubygems.org'
if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental
$:.unshift(File.expand_path('../../lib', __dir__))
require 'bundler-checksum'
Bundler::Checksum.patch!
end
gem 'rails', '~> 6.1.6.1'

54
vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.checksum vendored Normal file
View file

@ -0,0 +1,54 @@
[
{"name":"actioncable","version":"6.1.6.1","platform":"ruby","checksum":"11f079141cf032026881e4a79ae0cc93753351089c1b6ca1ed30a8a6a21f961b"},
{"name":"actionmailbox","version":"6.1.6.1","platform":"ruby","checksum":"a4cc16fe634c9de4e22669fc4bf20d5b84f65039c7e3d7308c804b82726d03d2"},
{"name":"actionmailer","version":"6.1.6.1","platform":"ruby","checksum":"13964bff4a75efd705304cb7aeb71380a4b11d404c7304b67f3bc3208cde12a7"},
{"name":"actionpack","version":"6.1.6.1","platform":"ruby","checksum":"f3e0a82a62aa36fecadbacbb266e38338da032f18aaf97674f335671b420bdd4"},
{"name":"actiontext","version":"6.1.6.1","platform":"ruby","checksum":"ff26b96769b6f4bdf3c0e74f613b232b2cdab7e46f1433c9cfa4fdcd081afac0"},
{"name":"actionview","version":"6.1.6.1","platform":"ruby","checksum":"a87fc7d2c4fe9b6357492a3ee361be8169f3f319f47bf70fda1b1718b944d06b"},
{"name":"activejob","version":"6.1.6.1","platform":"ruby","checksum":"9efee4499d31aaaab73b843a09564d4a2aabcd51c2088361a92e08766ab0db65"},
{"name":"activemodel","version":"6.1.6.1","platform":"ruby","checksum":"239953365a7da4bcb9a3819b8ac2557a58a3ba89ddd36bee9bb3eca818e4a3e2"},
{"name":"activerecord","version":"6.1.6.1","platform":"ruby","checksum":"82f74804ab34ea549fd593e5ced68c32426564786127d2de9b933ba78467d0b0"},
{"name":"activestorage","version":"6.1.6.1","platform":"ruby","checksum":"3fbf4c355a69a46e14676004ad8e06245bdce7f96858e72782715218326aafc5"},
{"name":"activesupport","version":"6.1.6.1","platform":"ruby","checksum":"5fc9fd6fe6f755e7523bb3aaf4370fb91a8416b39e3202939fd8bded4fec606d"},
{"name":"builder","version":"3.2.4","platform":"ruby","checksum":"99caf08af60c8d7f3a6b004029c4c3c0bdaebced6c949165fe98f1db27fbbc10"},
{"name":"concurrent-ruby","version":"1.1.10","platform":"ruby","checksum":"244cb1ca0d91ec2c15ca2209507c39fb163336994428e16fbd3f465c87bd8e68"},
{"name":"crass","version":"1.0.6","platform":"ruby","checksum":"dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d"},
{"name":"erubi","version":"1.11.0","platform":"ruby","checksum":"fda72d577feaf3bdcd646d33fa630be5f92f48e179a9278e4175a9cec20e7f85"},
{"name":"globalid","version":"1.0.0","platform":"ruby","checksum":"1253641b1dc3392721c964351773755d75135d3d3c5cc65d88b0a3880a60bed8"},
{"name":"i18n","version":"1.12.0","platform":"ruby","checksum":"91e3cc1b97616d308707eedee413d82ee021d751c918661fb82152793e64aced"},
{"name":"loofah","version":"2.18.0","platform":"ruby","checksum":"61975a247a6aeb8f09ac5a3430305451efc4525c0b9b79c05feaec35a8b9d5a3"},
{"name":"mail","version":"2.7.1","platform":"ruby","checksum":"ec2a3d489f7510b90d8eaa3f6abaad7038cf1d663cdf8ee66d0214a0bdf99c03"},
{"name":"marcel","version":"1.0.2","platform":"ruby","checksum":"a013b677ef46cbcb49fd5c59b3d35803d2ee04dd75d8bfdc43533fc5a31f7e4e"},
{"name":"method_source","version":"1.0.0","platform":"ruby","checksum":"d779455a2b5666a079ce58577bfad8534f571af7cec8107f4dce328f0981dede"},
{"name":"mini_mime","version":"1.1.2","platform":"ruby","checksum":"a54aec0cc7438a03a850adb00daca2bdb60747f839e28186994df057cea87151"},
{"name":"minitest","version":"5.16.2","platform":"ruby","checksum":"c1be0c6b57fab451faa08e74ffa71e7d6a259b90f4bacb881c7f4808ec8b4991"},
{"name":"nio4r","version":"2.5.8","platform":"java","checksum":"b2b1800f6bf7ce4b797ca8b639ad278a99c9c904fb087a91d944f38e4bd71401"},
{"name":"nio4r","version":"2.5.8","platform":"ruby","checksum":"3becb4ad95ab8ac0a9bd2e1b16466869402be62848082bf6329ae9091f276676"},
{"name":"nokogiri","version":"1.13.8","platform":"aarch64-linux","checksum":"d6b2c45a57738f12fe27783939fe1394e7049246288c7770d3b1fee7f49432a6"},
{"name":"nokogiri","version":"1.13.8","platform":"arm64-darwin","checksum":"00217e48a6995e81dd83014325c0ea0b015023a8922c7bdb2ef1416aa87c1f43"},
{"name":"nokogiri","version":"1.13.8","platform":"java","checksum":"9d04c616900e2b5118e501436ebb9bc48520d08f3695d012a314006e28082f72"},
{"name":"nokogiri","version":"1.13.8","platform":"ruby","checksum":"79c279298b2f22fd4e760f49990c7930436bac1b1cfeff7bacff192f30edea3c"},
{"name":"nokogiri","version":"1.13.8","platform":"x64-mingw-ucrt","checksum":"98f7dac7583f07a84ec3fcc01dc03a66fce10f412cd363fce7de749acdb2a42d"},
{"name":"nokogiri","version":"1.13.8","platform":"x64-mingw32","checksum":"117a71b37f2e1d774a9f031d393e72d5d04b92af8036e0c1a8dd509c247b2013"},
{"name":"nokogiri","version":"1.13.8","platform":"x86-linux","checksum":"6d04342456edfb8fbc041d0c2cf5a59baaa7aacdda414b2333100b02f85d441d"},
{"name":"nokogiri","version":"1.13.8","platform":"x86-mingw32","checksum":"0529d558b4280a55bc7af500d3d4d590b7c059c814a0cea52e4e18cb30c25d15"},
{"name":"nokogiri","version":"1.13.8","platform":"x86_64-darwin","checksum":"8966d79e687b271df87a4b240456597c43cd98584e3f783fc35de4f066486421"},
{"name":"nokogiri","version":"1.13.8","platform":"x86_64-linux","checksum":"344f1bc66feac787e5b2053c6e9095d1f33605083e58ddf2b8d4eef257bccc5f"},
{"name":"racc","version":"1.6.0","platform":"java","checksum":"d449a3c279026451b9fd5f34e829dc5f6e0ef6b9b472b7ff89fd3877fe8fe8cf"},
{"name":"racc","version":"1.6.0","platform":"ruby","checksum":"2dede3b136eeabd0f7b8c9356b958b3d743c00158e2615acab431af141354551"},
{"name":"rack","version":"2.2.4","platform":"ruby","checksum":"ea2232b638cbd919129c8c8ad8012ecaccc09f848152a7e705d2139d0137ac2b"},
{"name":"rack-test","version":"2.0.2","platform":"ruby","checksum":"adadd0e957f63a34199a9fdf905a920a0b0a50795735095b4ac4bd3c13385466"},
{"name":"rails","version":"6.1.6.1","platform":"ruby","checksum":"17024921a3913fb341f584542b06adf6bb12977a8b92d5fce093c3996c963686"},
{"name":"rails-dom-testing","version":"2.0.3","platform":"ruby","checksum":"b140c4f39f6e609c8113137b9a60dfc2ecb89864e496f87f23a68b3b8f12d8d1"},
{"name":"rails-html-sanitizer","version":"1.4.3","platform":"ruby","checksum":"2ebba6ad9a0b100f79fda853a46851e7664febe1728223f9734281e0d55940d6"},
{"name":"railties","version":"6.1.6.1","platform":"ruby","checksum":"bafecdf2dcbe4ea44e1ab7081fd797aa87ae9bbcd0f3a4372b662a1b93949733"},
{"name":"rake","version":"13.0.6","platform":"ruby","checksum":"5ce4bf5037b4196c24ac62834d8db1ce175470391026bd9e557d669beeb19097"},
{"name":"sprockets","version":"4.1.1","platform":"ruby","checksum":"68b10b0e574fc2a080e4779d025bf39bc7a20bc8659e32f827cccce9581348e2"},
{"name":"sprockets-rails","version":"3.4.2","platform":"ruby","checksum":"36d6327757ccf7460a00d1d52b2d5ef0019a4670503046a129fa1fb1300931ad"},
{"name":"thor","version":"1.2.1","platform":"ruby","checksum":"b1752153dc9c6b8d3fcaa665e9e1a00a3e73f28da5e238b81c404502e539d446"},
{"name":"tzinfo","version":"2.0.5","platform":"ruby","checksum":"c5352fd901544d396745d013f46a04ae2ed081ce806d942099825b7c2b09a167"},
{"name":"websocket-driver","version":"0.7.5","platform":"java","checksum":"fffa83aa188e9ac90e32a385832ec9d26acdf019538e1c7d703f2c8a323b39c8"},
{"name":"websocket-driver","version":"0.7.5","platform":"ruby","checksum":"a280c3f44dcbb0323d58bc78dc49350c05d589ab7d13267fcff08d9d5ae76b28"},
{"name":"websocket-extensions","version":"0.1.5","platform":"ruby","checksum":"1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241"},
{"name":"zeitwerk","version":"2.6.0","platform":"ruby","checksum":"6cb2ee4645c6e597640d6f2d8cc91a59a6699ab38896a5c3fac3eefeb5c84d76"}
]

139
vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock vendored Normal file
View file

@ -0,0 +1,139 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.6.1)
actionpack (= 6.1.6.1)
activesupport (= 6.1.6.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.6.1)
actionpack (= 6.1.6.1)
activejob (= 6.1.6.1)
activerecord (= 6.1.6.1)
activestorage (= 6.1.6.1)
activesupport (= 6.1.6.1)
mail (>= 2.7.1)
actionmailer (6.1.6.1)
actionpack (= 6.1.6.1)
actionview (= 6.1.6.1)
activejob (= 6.1.6.1)
activesupport (= 6.1.6.1)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.6.1)
actionview (= 6.1.6.1)
activesupport (= 6.1.6.1)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.6.1)
actionpack (= 6.1.6.1)
activerecord (= 6.1.6.1)
activestorage (= 6.1.6.1)
activesupport (= 6.1.6.1)
nokogiri (>= 1.8.5)
actionview (6.1.6.1)
activesupport (= 6.1.6.1)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.1.6.1)
activesupport (= 6.1.6.1)
globalid (>= 0.3.6)
activemodel (6.1.6.1)
activesupport (= 6.1.6.1)
activerecord (6.1.6.1)
activemodel (= 6.1.6.1)
activesupport (= 6.1.6.1)
activestorage (6.1.6.1)
actionpack (= 6.1.6.1)
activejob (= 6.1.6.1)
activerecord (= 6.1.6.1)
activesupport (= 6.1.6.1)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.6.1)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
tzinfo (~> 2.0)
zeitwerk (~> 2.3)
builder (3.2.4)
concurrent-ruby (1.1.10)
crass (1.0.6)
erubi (1.11.0)
globalid (1.0.0)
activesupport (>= 5.0)
i18n (1.12.0)
concurrent-ruby (~> 1.0)
loofah (2.18.0)
crass (~> 1.0.2)
nokogiri (>= 1.5.9)
mail (2.7.1)
mini_mime (>= 0.1.1)
marcel (1.0.2)
method_source (1.0.0)
mini_mime (1.1.2)
minitest (5.16.2)
nio4r (2.5.8)
nokogiri (1.13.8-arm64-darwin)
racc (~> 1.4)
nokogiri (1.13.8-x86_64-linux)
racc (~> 1.4)
racc (1.6.0)
rack (2.2.4)
rack-test (2.0.2)
rack (>= 1.3)
rails (6.1.6.1)
actioncable (= 6.1.6.1)
actionmailbox (= 6.1.6.1)
actionmailer (= 6.1.6.1)
actionpack (= 6.1.6.1)
actiontext (= 6.1.6.1)
actionview (= 6.1.6.1)
activejob (= 6.1.6.1)
activemodel (= 6.1.6.1)
activerecord (= 6.1.6.1)
activestorage (= 6.1.6.1)
activesupport (= 6.1.6.1)
bundler (>= 1.15.0)
railties (= 6.1.6.1)
sprockets-rails (>= 2.0.0)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.4.3)
loofah (~> 2.3)
railties (6.1.6.1)
actionpack (= 6.1.6.1)
activesupport (= 6.1.6.1)
method_source
rake (>= 12.2)
thor (~> 1.0)
rake (13.0.6)
sprockets (4.1.1)
concurrent-ruby (~> 1.0)
rack (> 1, < 3)
sprockets-rails (3.4.2)
actionpack (>= 5.2)
activesupport (>= 5.2)
sprockets (>= 3.0.0)
thor (1.2.1)
tzinfo (2.0.5)
concurrent-ruby (~> 1.0)
websocket-driver (0.7.5)
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
zeitwerk (2.6.0)
PLATFORMS
arm64-darwin-21
x86_64-linux
DEPENDENCIES
rails (~> 6.1.6.1)
BUNDLED WITH
2.3.19

15
vendor/gems/bundler-checksum/test/project_with_checksum_lock/scripts/test vendored Executable file
View file

@ -0,0 +1,15 @@
#!/bin/sh
set -x
set -e
# Check there's no differences after re-initialising
ruby -I ../../lib ../../bin/bundler-checksum init
git diff --exit-code Gemfile.checksum
# Verify against rubygems.org
ruby -I ../../lib ../../bin/bundler-checksum verify
# Test installing with bundler-checksum
export BUNDLER_CHECKSUM_VERIFICATION_OPT_IN=1
bundle install

13
vendor/gems/omniauth-azure-oauth2/Gemfile.lock vendored
View file

@ -3,7 +3,7 @@ PATH
specs:
omniauth-azure-oauth2 (0.0.10)
jwt (>= 1.0, < 3.0)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.4)
GEM
@ -19,16 +19,17 @@ GEM
multi_xml (0.6.0)
mustermann (2.0.2)
ruby2_keywords (~> 0.0.1)
oauth2 (2.0.6)
oauth2 (2.0.3)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.1)
omniauth (1.9.1)
version_gem (~> 1.0)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@ -70,4 +71,4 @@ DEPENDENCIES
sinatra
BUNDLED WITH
2.3.20
2.3.21

4
vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb vendored
View file

@ -59,8 +59,10 @@ module OmniAuth
super.merge(resource: azure_resource || options.resource)
end
# for compatibility with OmniAuth 2.0
# see https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6
def callback_url
full_host + script_name + callback_path
full_host + callback_path
end
def raw_info

2
vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec vendored
View file

@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.version = OmniAuth::AzureOauth2::VERSION
gem.license = "MIT"
gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_runtime_dependency 'omniauth', '~> 2.0'
gem.add_dependency 'jwt', ['>= 1.0', '< 3.0']
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4'

21
vendor/gems/omniauth-cas3/Gemfile.lock vendored
View file

@ -4,29 +4,30 @@ PATH
omniauth-cas3 (1.1.4)
addressable (~> 2.3)
nokogiri (~> 1.7, >= 1.7.1)
omniauth (~> 1.2, < 3)
omniauth (~> 2.0)
GEM
remote: https://rubygems.org/
specs:
addressable (2.8.0)
public_suffix (>= 2.0.2, < 5.0)
addressable (2.8.1)
public_suffix (>= 2.0.2, < 6.0)
awesome_print (1.9.2)
crack (0.4.5)
rexml
diff-lcs (1.5.0)
hashdiff (1.0.1)
hashie (5.0.0)
mini_portile2 (2.8.0)
nokogiri (1.13.7)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
omniauth (1.9.1)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
public_suffix (4.0.7)
rack (>= 2.2.3)
rack-protection
public_suffix (5.0.0)
racc (1.6.0)
rack (2.2.4)
rack-protection (2.2.2)
rack
rack-test (0.8.3)
rack (>= 1.0, < 3)
rake (10.5.0)
@ -44,7 +45,7 @@ GEM
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.11.0)
rspec-support (3.11.0)
webmock (3.14.0)
webmock (3.18.1)
addressable (>= 2.8.0)
crack (>= 0.3.2)
hashdiff (>= 0.4.0, < 2.0.0)
@ -61,4 +62,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
2.3.18
2.3.21

2
vendor/gems/omniauth-cas3/omniauth-cas3.gemspec vendored
View file

@ -14,7 +14,7 @@ Gem::Specification.new do |gem|
gem.require_paths = ["lib"]
gem.version = Omniauth::Cas3::VERSION
gem.add_dependency 'omniauth', '~> 1.2', '< 3'
gem.add_dependency 'omniauth', '~> 2.0'
gem.add_dependency 'nokogiri', '~> 1.7', '>= 1.7.1'
gem.add_dependency 'addressable', '~> 2.3'

11
vendor/gems/omniauth-gitlab/Gemfile.lock vendored
View file

@ -2,7 +2,7 @@ PATH
remote: .
specs:
omniauth-gitlab (4.0.0)
omniauth (~> 1.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
GEM
@ -24,13 +24,16 @@ GEM
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.0)
omniauth (1.9.1)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
rack (2.2.3.1)
rack (2.2.4)
rack-protection (2.2.2)
rack
rake (13.0.6)
rash_alt (0.4.12)
hashie (>= 3.4)

2
vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec vendored
View file

@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
gem.test_files = Dir['spec/**/*.rb']
gem.require_paths = ['lib']
gem.add_dependency 'omniauth', '~> 1.0'
gem.add_dependency 'omniauth', '~> 2.0'
gem.add_dependency 'omniauth-oauth2', '~> 1.7.1'
gem.add_development_dependency 'rspec', '~> 3.1'
gem.add_development_dependency 'rspec-its', '~> 1.0'

101
vendor/gems/omniauth-google-oauth2/CHANGELOG.md vendored
View file

@ -1,6 +1,106 @@
# Changelog
All notable changes to this project will be documented in this file.
## 1.0.1 - 2022-03-10
### Added
- Output granted scopes in credentials block of the auth hash.
- Migrated to GitHub actions.
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- Overriding the `redirect_uri` via params or JSON request body.
## 1.0.0 - 2021-03-14
### Added
- Support for Omniauth 2.x!
### Deprecated
- Nothing.
### Removed
- Support for Omniauth 1.x.
### Fixed
- Nothing.
## 0.8.2 - 2021-03-14
### Added
- Constrains the version to Omniauth 1.x.
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- Nothing.
## 0.8.1 - 2020-12-12
### Added
- Support reading the access token from a json request body.
### Deprecated
- Nothing.
### Removed
- No longer verify the iat claim for JWT.
### Fixed
- A few minor issues with .rubocop.yml.
- Issues with image resizing code when the image came with size information from Google.
## 0.8.0 - 2019-08-21
### Added
- Updated omniauth-oauth2 to v1.6.0 for security fixes.
### Deprecated
- Nothing.
### Removed
- Ruby 2.1 support.
### Fixed
- Nothing.
## 0.7.0 - 2019-06-03
### Added
- Ensure `info[:email]` is always verified, and include `unverified_email`
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- Nothing.
## 0.6.1 - 2019-03-07
### Added
- Return `email` and `email_verified` keys in response.
### Deprecated
- Nothing.
### Removed
- Nothing.
### Fixed
- Nothing.
## 0.6.0 - 2018-12-28
### Added
@ -12,6 +112,7 @@ All notable changes to this project will be documented in this file.
### Removed
- Support for JWT 1.x.
- Support for `raw_friend_info` and `raw_image_info`.
- Stop using Google+ API endpoints.
### Fixed
- Nothing.

14
vendor/gems/omniauth-google-oauth2/Gemfile.lock vendored
View file

@ -1,10 +1,11 @@
PATH
remote: .
specs:
omniauth-google-oauth2 (0.6.0)
omniauth-google-oauth2 (1.0.1)
jwt (>= 2.0)
omniauth (>= 1.9, < 3)
omniauth-oauth2 (>= 1.5)
oauth2 (~> 2.0)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.7.1)
GEM
remote: https://rubygems.org/
@ -25,9 +26,10 @@ GEM
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.0)
omniauth (1.9.2)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@ -35,6 +37,8 @@ GEM
parser (3.1.2.0)
ast (~> 2.4.1)
rack (2.2.4)
rack-protection (2.2.2)
rack
rainbow (3.1.1)
rake (12.3.3)
rash_alt (0.4.12)

90
vendor/gems/omniauth-google-oauth2/README.md vendored
View file

@ -1,5 +1,4 @@
[![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2)
[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2)
# OmniAuth Google OAuth2 Strategy
@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET']
end
OmniAuth.config.allowed_request_methods = %i[get]
```
You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2`
@ -54,10 +54,10 @@ You can configure several options, which you pass in to the `provider` method vi
* `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are:
* `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent.
* `consent`: The user will always be prompted for consent, even if he has previously allowed access a given set of scopes.
* `consent`: The user will always be prompted for consent, even if they have previously allowed access a given set of scopes.
* `select_account`: The user will always be prompted to select a user account. This allows a user who has multiple current account sessions to select one amongst them.
If no value is specified, the user only sees the authentication page if he is not logged in and only sees the consent page the first time he authorizes a given set of scopes.
If no value is specified, the user only sees the authentication page if they are not logged in and only sees the consent page the first time they authorize a given set of scopes.
* `image_aspect_ratio`: The shape of the user's profile picture. Possible values are:
* `original`: Picture maintains its original aspect ratio.
@ -73,7 +73,7 @@ You can configure several options, which you pass in to the `provider` method vi
* `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string `'domain.com'` or an array `%w(domain.com domain.co)`. More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds.
* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds. Note this only works if you use jwt 2.1, as the leeway option was removed in later versions.
* `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field. Always try adjusting the leeway before disabling JWT processing.
@ -81,9 +81,11 @@ You can configure several options, which you pass in to the `provider` method vi
* `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details.
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL.
* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL.
Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select his account when logging in and the user's profile picture is returned as a thumbnail:
* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state.
Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail:
```ruby
Rails.application.config.middleware.use OmniAuth::Builder do
@ -176,6 +178,8 @@ devise :omniauthable, omniauth_providers: [:google_oauth2]
Then make sure your callbacks controller is setup.
```ruby
# app/controllers/users/omniauth_callbacks_controller.rb:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
def google_oauth2
# You need to implement the method below in your model (e.g. app/models/user.rb)
@ -185,7 +189,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google'
sign_in_and_redirect @user, event: :authentication
else
session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) # Removing extra as it can overflow some session stores
session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores
redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n")
end
end
@ -213,6 +217,10 @@ end
For your views you can login using:
```erb
<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %>
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %>
<%# omniauth-google-oauth2 prior 1.0.0: %>
<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %>
<%# Devise prior 4.1.0: %>
@ -223,7 +231,7 @@ An overview is available at https://github.com/plataformatec/devise/wiki/OmniAut
### One-time Code Flow (Hybrid Authentication)
Google describes the One-time Code Flow [here](https://developers.google.com/+/web/signin/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow:
Google describes the One-time Code Flow [here](https://developers.google.com/identity/sign-in/web/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow:
1. The client (web browser) authenticates the user directly via Google's JS API. During this process assorted modals may be rendered by Google.
2. On successful authentication, Google returns a one-time use code, which requires the Google client secret (which is only available server-side).
@ -232,7 +240,7 @@ Google describes the One-time Code Flow [here](https://developers.google.com/+/w
This flow is immune to replay attacks, and conveys no useful information to a man in the middle.
The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
The omniauth-google-oauth2 gem supports this mode of operation when `provider_ignores_state` is set to `true`. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows.
```javascript
// Basic hybrid auth example following the pattern at:
@ -247,7 +255,7 @@ function init() {
// Ready.
$('.google-login-button').click(function(e) {
e.preventDefault();
gapi.auth2.authorize({
client_id: 'YOUR_CLIENT_ID',
cookie_policy: 'single_host_origin',
@ -260,7 +268,7 @@ function init() {
success: function(data) {
// response from server
}
});
});
} else {
// google authentication failed
}
@ -280,6 +288,66 @@ In that case, ensure to send an additional parameter `redirect_uri=` (empty stri
If you're making POST requests to `/auth/google_oauth2/callback` from another domain, then you need to make sure `'X-Requested-With': 'XMLHttpRequest'` header is included with your request, otherwise your server might respond with `OAuth2::Error, : Invalid Value` error.
#### Getting around the `redirect_uri_mismatch` error (See [Issue #365](https://github.com/zquestz/omniauth-google-oauth2/issues/365))
If you are struggling with a persistent `redirect_uri_mismatch`, you can instead pass the `access_token` from [`getAuthResponse`](https://developers.google.com/identity/sign-in/web/reference#googleusergetauthresponseincludeauthorizationdata) directly to the `auth/google_oauth2/callback` endpoint, like so:
```javascript
// Initialize the GoogleAuth object
let googleAuth;
gapi.load('client:auth2', async () => {
await gapi.client.init({ scope: '...', client_id: '...' });
googleAuth = gapi.auth2.getAuthInstance();
});
// Call this when the Google Sign In button is clicked
async function signInGoogle() {
const googleUser = await googleAuth.signIn(); // wait for the user to authorize through the modal
const { access_token } = googleUser.getAuthResponse();
const data = new FormData();
data.append('access_token', access_token);
const response = await api.post('/auth/google_oauth2/callback', data)
console.log(response);
}
```
#### Using Axios
If you're making a GET resquests from another domain using `access_token`.
```
axios
.get(
'url(path to your callback}',
{ params: { access_token: 'token' } },
headers....
)
```
If you're making a POST resquests from another domain using `access_token`.
```
axios
.post(
'url(path to your callback}',
{ access_token: 'token' },
headers....
)
--OR--
axios
.post(
'url(path to your callback}',
null,
{
params: {
access_token: 'token'
},
headers....
}
)
```
## Fixing Protocol Mismatch for `redirect_uri` in Rails
Just set the `full_host` in OmniAuth based on the Rails.env.

3
vendor/gems/omniauth-google-oauth2/examples/Gemfile vendored
View file

@ -2,6 +2,7 @@
source 'https://rubygems.org'
gem 'omniauth-google-oauth2', '~> 0.5'
gem 'omniauth-google-oauth2', '~> 0.8.1'
gem 'rubocop'
gem 'sinatra', '~> 1.4'
gem 'webrick'

4
vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb vendored
View file

@ -10,6 +10,10 @@ Rails.application.config.middleware.use OmniAuth::Builder do
#
provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile'
# Custom redirect_uri
#
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect'
# Manual setup for offline access with a refresh token.
#
# provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline'

2
vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb vendored
View file

@ -2,6 +2,6 @@
module OmniAuth
module GoogleOauth2
VERSION = '0.6.0'
VERSION = '1.0.1'
end
end

86
vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb vendored
View file

@ -1,6 +1,7 @@
# frozen_string_literal: true
require 'jwt'
require 'oauth2'
require 'omniauth/strategies/oauth2'
require 'uri'
@ -13,6 +14,7 @@ module OmniAuth
BASE_SCOPES = %w[profile email openid].freeze
DEFAULT_SCOPE = 'email,profile'
USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo'
IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/
option :name, 'google_oauth2'
option :skip_friends, true
@ -47,6 +49,8 @@ module OmniAuth
prune!(
name: raw_info['name'],
email: verified_email,
unverified_email: raw_info['email'],
email_verified: raw_info['email_verified'],
first_name: raw_info['given_name'],
last_name: raw_info['family_name'],
image: image_url,
@ -56,6 +60,11 @@ module OmniAuth
)
end
credentials do
# Tokens and expiration will be used from OAuth2 strategy credentials block
prune!({ 'scope' => token_info(access_token.token)['scope'] })
end
extra do
hash = {}
hash[:id_token] = access_token['id_token']
@ -72,7 +81,7 @@ module OmniAuth
verify_sub: false,
verify_expiration: true,
verify_not_before: true,
verify_iat: true,
verify_iat: false,
verify_jti: false,
leeway: options[:jwt_leeway])
@ -92,31 +101,51 @@ module OmniAuth
verify_hd(access_token)
access_token
end
alias build_access_token custom_build_access_token
private
def callback_url
options[:redirect_uri] || (full_host + script_name + callback_path)
options[:redirect_uri] || (full_host + callback_path)
end
def get_access_token(request)
if request.xhr? && request.params['code']
verifier = request.params['code']
redirect_uri = request.params['redirect_uri'] || 'postmessage'
client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
elsif request.params['code'] && request.params['redirect_uri']
verifier = request.params['code']
redirect_uri = request.params['redirect_uri']
client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {}))
elsif verify_token(request.params['access_token'])
verifier = request.params['code']
redirect_uri = request.params['redirect_uri']
access_token = request.params['access_token']
if verifier && request.xhr?
client_get_token(verifier, redirect_uri || 'postmessage')
elsif verifier
client_get_token(verifier, redirect_uri || callback_url)
elsif access_token && verify_token(access_token)
::OAuth2::AccessToken.from_hash(client, request.params.dup)
else
verifier = request.params['code']
client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params))
elsif request.content_type =~ /json/i
begin
body = JSON.parse(request.body.read)
request.body.rewind # rewind request body for downstream middlewares
verifier = body && body['code']
access_token = body && body['access_token']
redirect_uri ||= body && body['redirect_uri']
if verifier
client_get_token(verifier, redirect_uri || 'postmessage')
elsif verify_token(access_token)
::OAuth2::AccessToken.from_hash(client, body.dup)
end
rescue JSON::ParserError => e
warn "[omniauth google-oauth2] JSON parse error=#{e}"
end
end
end
def client_get_token(verifier, redirect_uri)
client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params)
end
def get_token_params
deep_symbolize(options.auth_token_params || {})
end
def get_scope(params)
raw_scope = params[:scope] || DEFAULT_SCOPE
scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten
@ -124,7 +153,11 @@ module OmniAuth
scope_list.join(' ')
end
def get_token_options(redirect_uri)
def verified_email
raw_info['email_verified'] ? raw_info['email'] : nil
end
def get_token_options(redirect_uri = '')
{ redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true))
end
@ -135,10 +168,6 @@ module OmniAuth
end
end
def verified_email
raw_info['email_verified'] ? raw_info['email'] : nil
end
def image_url
return nil unless raw_info['picture']
@ -149,6 +178,10 @@ module OmniAuth
if path_index && image_size_opts_passed?
u.path.insert(path_index, image_params)
u.path = u.path.gsub('//', '/')
# Check if the image is already sized!
split_path = u.path.split('/')
u.path = u.path.sub("/#{split_path[-3]}", '') if split_path[-3] =~ IMAGE_SIZE_REGEXP
end
u.query = strip_unnecessary_query_parameters(u.query)
@ -187,12 +220,21 @@ module OmniAuth
URI.encode_www_form(stripped_params)
end
def token_info(access_token)
return nil unless access_token
@token_info ||= Hash.new do |h, k|
h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed
end
@token_info[access_token]
end
def verify_token(access_token)
return false unless access_token
raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo',
params: { access_token: access_token }).parsed
raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud'])
token_info = token_info(access_token)
token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud'])
end
def verify_hd(access_token)

9
vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec vendored
View file

@ -15,14 +15,15 @@ Gem::Specification.new do |gem|
gem.email = ['quest@mac.com']
gem.homepage = 'https://github.com/zquestz/omniauth-google-oauth2'
gem.files = Dir.glob("lib/**/*.*")
gem.files = Dir.glob("lib/**/*.*")
gem.require_paths = ['lib']
gem.required_ruby_version = '>= 2.1'
gem.required_ruby_version = '>= 2.2'
gem.add_runtime_dependency 'jwt', '>= 2.0'
gem.add_runtime_dependency 'omniauth', '>= 1.9', '< 3'
gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.5'
gem.add_runtime_dependency 'oauth2', '~> 2.0'
gem.add_runtime_dependency 'omniauth', '~> 2.0'
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1'
gem.add_development_dependency 'rake', '~> 12.0'
gem.add_development_dependency 'rspec', '~> 3.6'

170
vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb vendored
View file

@ -3,6 +3,7 @@
require 'spec_helper'
require 'json'
require 'omniauth-google-oauth2'
require 'stringio'
describe OmniAuth::Strategies::GoogleOauth2 do
let(:request) { double('Request', params: {}, cookies: {}, env: {}) }
@ -177,8 +178,8 @@ describe OmniAuth::Strategies::GoogleOauth2 do
describe 'scope' do
it 'should expand scope shortcuts' do
@options = { scope: 'plus.me' }
expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/plus.me')
@options = { scope: 'calendar' }
expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/calendar')
end
it 'should leave base scopes as is' do
@ -288,14 +289,92 @@ describe OmniAuth::Strategies::GoogleOauth2 do
end
end
describe '#callback_path' do
describe '#callback_url' do
let(:base_url) { 'https://example.com' }
it 'has the correct default callback path' do
expect(subject.callback_path).to eq('/auth/google_oauth2/callback')
allow(subject).to receive(:full_host) { base_url }
allow(subject).to receive(:script_name) { '' }
expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback')
end
it 'should set the callback path with script_name if present' do
allow(subject).to receive(:full_host) { base_url }
allow(subject).to receive(:script_name) { '/v1' }
expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback')
end
it 'should set the callback_path parameter if present' do
@options = { callback_path: '/auth/foo/callback' }
expect(subject.callback_path).to eq('/auth/foo/callback')
allow(subject).to receive(:full_host) { base_url }
allow(subject).to receive(:script_name) { '' }
expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback')
end
end
describe '#info' do
let(:client) do
OAuth2::Client.new('abc', 'def') do |builder|
builder.request :url_encoded
builder.adapter :test do |stub|
stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] }
end
end
end
let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) }
before { allow(subject).to receive(:access_token).and_return(access_token) }
context 'with verified email' do
let(:response_hash) do
{ email: 'something@domain.invalid', email_verified: true }
end
it 'should return equal email and unverified_email' do
expect(subject.info[:email]).to eq('something@domain.invalid')
expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
end
end
context 'with unverified email' do
let(:response_hash) do
{ email: 'something@domain.invalid', email_verified: false }
end
it 'should return nil email, and correct unverified email' do
expect(subject.info[:email]).to eq(nil)
expect(subject.info[:unverified_email]).to eq('something@domain.invalid')
end
end
end
describe '#credentials' do
let(:client) { OAuth2::Client.new('abc', 'def') }
let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') }
before(:each) do
allow(subject).to receive(:access_token).and_return(access_token)
subject.options.client_options[:connection_build] = proc do |builder|
builder.request :url_encoded
builder.adapter :test do |stub|
stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do
[200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump(
aud: '000000000000.apps.googleusercontent.com',
sub: '123456789',
scope: 'profile email'
)]
end
end
end
end
it 'should return access token and (optionally) refresh token' do
expect(subject.credentials.to_h).to \
match(hash_including(
'token' => 'valid_access_token',
'refresh_token' => 'valid_refresh_token',
'scope' => 'profile email',
'expires_at' => 123_456_789,
'expires' => true
))
end
end
@ -313,7 +392,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do
before { allow(subject).to receive(:access_token).and_return(access_token) }
describe 'id_token' do
shared_examples 'id_token issued by valid issuer' do |issuer| # rubocop:disable Metrics/BlockLength
shared_examples 'id_token issued by valid issuer' do |issuer|
context 'when the id_token is passed into the access token' do
let(:token_info) do
{
@ -426,6 +505,12 @@ describe OmniAuth::Strategies::GoogleOauth2 do
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50/photo.jpg')
end
it 'should return the image with size specified in the `image_size` option when sizing is in the picture' do
@options = { image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh4.googleusercontent.com/url/s96-c/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh4.googleusercontent.com/url/s50/photo.jpg')
end
it 'should handle a picture with too many slashes correctly' do
@options = { image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url//photo.jpg' } }
@ -456,24 +541,48 @@ describe OmniAuth::Strategies::GoogleOauth2 do
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg')
end
it 'should return the image with width and height specified in the `image_size` option when sizing is in the picture' do
@options = { image_size: { width: 50, height: 40 } }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80-c/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg')
end
it 'should return square image when `image_aspect_ratio` is specified' do
@options = { image_aspect_ratio: 'square' }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg')
end
it 'should return square image when `image_aspect_ratio` is specified and sizing is in the picture' do
@options = { image_aspect_ratio: 'square' }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/c/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg')
end
it 'should return square sized image when `image_aspect_ratio` and `image_size` is set' do
@options = { image_aspect_ratio: 'square', image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg')
end
it 'should return square sized image when `image_aspect_ratio` and `image_size` is set and sizing is in the picture' do
@options = { image_aspect_ratio: 'square', image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/s90/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg')
end
it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width' do
@options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg')
end
it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width and sizing is in the picture' do
@options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80/photo.jpg' } }
expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg')
end
it 'should return original image if image url does not end in `photo.jpg`' do
@options = { image_size: 50 }
allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photograph.jpg' } }
@ -547,9 +656,58 @@ describe OmniAuth::Strategies::GoogleOauth2 do
expect(token.client).to eq(:client)
end
it 'reads the code from a json request body' do
body = StringIO.new(%({"code":"json_access_token"}))
client = double(:client)
auth_code = double(:auth_code)
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:content_type).and_return('application/json')
allow(request).to receive(:body).and_return(body)
allow(client).to receive(:auth_code).and_return(auth_code)
expect(subject).to receive(:client).and_return(client)
expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'postmessage' }, {})
subject.build_access_token
end
it 'reads the redirect uri from a json request body' do
body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"}))
client = double(:client)
auth_code = double(:auth_code)
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:content_type).and_return('application/json')
allow(request).to receive(:body).and_return(body)
allow(client).to receive(:auth_code).and_return(auth_code)
expect(subject).to receive(:client).and_return(client)
expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {})
subject.build_access_token
end
it 'reads the access token from a json request body' do
body = StringIO.new(%({"access_token":"valid_access_token"}))
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:content_type).and_return('application/json')
allow(request).to receive(:body).and_return(body)
expect(subject).to receive(:client).and_return(:client)
expect(subject).to receive(:verify_token).with('valid_access_token').and_return true
token = subject.build_access_token
expect(token).to be_instance_of(::OAuth2::AccessToken)
expect(token.token).to eq('valid_access_token')
expect(token.client).to eq(:client)
end
it 'should use callback_url without query_string if this is not an AJAX request' do
allow(request).to receive(:xhr?).and_return(false)
allow(request).to receive(:params).and_return('code' => 'valid_code')
allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded')
client = double(:client)
auth_code = double(:auth_code)

15
vendor/gems/omniauth-salesforce/Gemfile.lock vendored
View file

@ -2,7 +2,7 @@ PATH
remote: .
specs:
omniauth-salesforce (1.0.5)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
omniauth-oauth2 (~> 1.0)
GEM
@ -53,16 +53,17 @@ GEM
notiffany (0.1.3)
nenv (~> 0.1)
shellany (~> 0.0)
oauth2 (2.0.7)
oauth2 (2.0.3)
faraday (>= 0.17.3, < 3.0)
jwt (>= 1.0, < 3.0)
multi_xml (~> 0.5)
rack (>= 1.2, < 3)
rash_alt (>= 0.4, < 1)
version_gem (~> 1.1)
omniauth (1.9.2)
version_gem (~> 1.0)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
omniauth-oauth2 (1.7.3)
oauth2 (>= 1.4, < 3)
omniauth (>= 1.9, < 3)
@ -71,6 +72,8 @@ GEM
method_source (~> 1.0)
public_suffix (5.0.0)
rack (2.2.4)
rack-protection (2.2.2)
rack
rack-test (2.0.2)
rack (>= 1.3)
rash_alt (0.4.12)
@ -118,4 +121,4 @@ DEPENDENCIES
webmock
BUNDLED WITH
2.3.20
2.3.21

2
vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec vendored
View file

@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.version = OmniAuth::Salesforce::VERSION
gem.license = "MIT"
gem.add_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_dependency 'omniauth', '~> 2.0'
gem.add_dependency 'omniauth-oauth2', '~> 1.0'
gem.add_development_dependency 'rspec', '~> 2.7'
gem.add_development_dependency 'rack-test'

9
vendor/gems/omniauth_crowd/Gemfile.lock vendored
View file

@ -4,7 +4,7 @@ PATH
omniauth_crowd (2.4.0)
activesupport
nokogiri (>= 1.4.4)
omniauth (~> 1.0, < 3)
omniauth (~> 2.0)
GEM
remote: http://rubygems.org/
@ -29,12 +29,15 @@ GEM
nokogiri (1.13.8)
mini_portile2 (~> 2.8.0)
racc (~> 1.4)
omniauth (1.9.1)
omniauth (2.1.0)
hashie (>= 3.4.6)
rack (>= 1.6.2, < 3)
rack (>= 2.2.3)
rack-protection
public_suffix (4.0.7)
racc (1.6.0)
rack (2.2.4)
rack-protection (2.2.2)
rack
rack-test (2.0.2)
rack (>= 1.3)
rake (13.0.6)

2
vendor/gems/omniauth_crowd/omniauth_crowd.gemspec vendored
View file

@ -15,7 +15,7 @@ Gem::Specification.new do |gem|
gem.require_paths = ["lib"]
gem.version = OmniAuth::Crowd::VERSION
gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3'
gem.add_runtime_dependency 'omniauth', '~> 2.0'
gem.add_runtime_dependency 'nokogiri', '>= 1.4.4'
gem.add_runtime_dependency 'activesupport', '>= 0'
gem.add_development_dependency(%q<rack>, [">= 0"])