diff --git a/.gitlab/ci/rules.gitlab-ci.yml b/.gitlab/ci/rules.gitlab-ci.yml index 30e779936d3..6181aefae12 100644 --- a/.gitlab/ci/rules.gitlab-ci.yml +++ b/.gitlab/ci/rules.gitlab-ci.yml @@ -1544,6 +1544,12 @@ changes: ["vendor/gems/devise-pbkdf2-encryptable/**/*"] - <<: *if-merge-request-labels-run-all-rspec +.vendor:rules:bundler-checksum: + rules: + - <<: *if-merge-request + changes: ["vendor/gems/bundler-checksum/**/*"] + - <<: *if-merge-request-labels-run-all-rspec + ################## # Releases rules # ################## diff --git a/.gitlab/ci/vendored-gems.gitlab-ci.yml b/.gitlab/ci/vendored-gems.gitlab-ci.yml index 468c0e72ede..de314df298f 100644 --- a/.gitlab/ci/vendored-gems.gitlab-ci.yml +++ b/.gitlab/ci/vendored-gems.gitlab-ci.yml @@ -69,3 +69,11 @@ vendor devise-pbkdf2-encryptable: trigger: include: vendor/gems/devise-pbkdf2-encryptable/.gitlab-ci.yml strategy: depend + +vendor bundler-checksum: + extends: + - .vendor:rules:bundler-checksum + needs: [] + trigger: + include: vendor/gems/bundler-checksum/.gitlab-ci.yml + strategy: depend diff --git a/Gemfile b/Gemfile index c2e8019a26b..8d2f7915efb 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,8 @@ source 'https://rubygems.org' +gem 'bundler-checksum', '~> 0.1.0', path: 'vendor/gems/bundler-checksum', require: false + gem 'rails', '~> 6.1.6.1' gem 'bootsnap', '~> 1.13.0', require: false @@ -36,7 +38,8 @@ gem 'doorkeeper', '~> 5.5.0.rc2' gem 'doorkeeper-openid_connect', '~> 1.7.5' gem 'rexml', '~> 3.2.5' gem 'ruby-saml', '~> 1.13.0' -gem 'omniauth', '~> 1.8' +gem 'omniauth-rails_csrf_protection' +gem 'omniauth', '~> 2.1.0' gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-azure-activedirectory-v2', '~> 1.0' gem 'omniauth-azure-oauth2', '~> 0.0.9', path: 'vendor/gems/omniauth-azure-oauth2' # See gem README.md @@ -44,16 +47,16 @@ gem 'omniauth-cas3', '~> 1.1.4', path: 'vendor/gems/omniauth-cas3' # See vendor/ gem 'omniauth-dingtalk-oauth2', '~> 1.0' gem 'omniauth-alicloud', '~> 1.0.1' gem 'omniauth-facebook', '~> 4.0.0' -gem 'omniauth-github', '~> 1.4' +gem 'omniauth-github', '2.0.0' gem 'omniauth-gitlab', '~> 4.0.0', path: 'vendor/gems/omniauth-gitlab' # See vendor/gems/omniauth-gitlab/README.md -gem 'omniauth-google-oauth2', '~> 0.6.0', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md +gem 'omniauth-google-oauth2', '~> 1.0.1', path: 'vendor/gems/omniauth-google-oauth2' # See gem README.md gem 'omniauth-oauth2-generic', '~> 0.2.2' -gem 'omniauth-saml', '~> 1.10' +gem 'omniauth-saml', '~> 2.0.0' gem 'omniauth-shibboleth', '~> 1.3.0' gem 'omniauth-twitter', '~> 1.4' gem 'omniauth_crowd', '~> 2.4.0', path: 'vendor/gems/omniauth_crowd' # See vendor/gems/omniauth_crowd/README.md gem 'omniauth-authentiq', '~> 0.3.3' -gem 'gitlab-omniauth-openid-connect', '~> 0.9.0', require: 'omniauth_openid_connect' +gem 'gitlab-omniauth-openid-connect', '~> 0.10.0', require: 'omniauth_openid_connect' gem 'omniauth-salesforce', '~> 1.0.5', path: 'vendor/gems/omniauth-salesforce' # See gem README.md gem 'omniauth-atlassian-oauth2', '~> 0.2.0' gem 'rack-oauth2', '~> 1.21.2' diff --git a/Gemfile.lock b/Gemfile.lock index 74a89c79d5e..2ec930c3296 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,3 +1,9 @@ +PATH + remote: vendor/gems/bundler-checksum + specs: + bundler-checksum (0.1.0) + bundler + PATH remote: vendor/gems/devise-pbkdf2-encryptable specs: @@ -29,7 +35,7 @@ PATH specs: omniauth-azure-oauth2 (0.0.10) jwt (>= 1.0, < 3.0) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.4) PATH @@ -38,28 +44,29 @@ PATH omniauth-cas3 (1.1.4) addressable (~> 2.3) nokogiri (~> 1.7, >= 1.7.1) - omniauth (~> 1.2, < 3) + omniauth (~> 2.0) PATH remote: vendor/gems/omniauth-gitlab specs: omniauth-gitlab (4.0.0) - omniauth (~> 1.0) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.7.1) PATH remote: vendor/gems/omniauth-google-oauth2 specs: - omniauth-google-oauth2 (0.6.0) + omniauth-google-oauth2 (1.0.1) jwt (>= 2.0) - omniauth (>= 1.9, < 3) - omniauth-oauth2 (>= 1.5) + oauth2 (~> 2.0) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.7.1) PATH remote: vendor/gems/omniauth-salesforce specs: omniauth-salesforce (1.0.5) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.0) PATH @@ -68,7 +75,7 @@ PATH omniauth_crowd (2.4.0) activesupport nokogiri (>= 1.4.4) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) GEM remote: https://rubygems.org/ @@ -565,9 +572,9 @@ GEM gitlab-mail_room (0.0.9) gitlab-markup (1.8.0) gitlab-net-dns (0.9.1) - gitlab-omniauth-openid-connect (0.9.1) + gitlab-omniauth-openid-connect (0.10.0) addressable (~> 2.7) - omniauth (~> 1.9) + omniauth (>= 1.9, < 3) openid_connect (~> 1.2) gitlab-sidekiq-fetcher (0.8.0) sidekiq (~> 6.1) @@ -913,9 +920,10 @@ GEM train-core wmi-lite (~> 1.0) oj (3.13.21) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection omniauth-alicloud (1.0.1) omniauth-oauth2 (~> 1.7.1) omniauth-atlassian-oauth2 (0.2.0) @@ -932,9 +940,9 @@ GEM omniauth-oauth2 (~> 1.7) omniauth-facebook (4.0.0) omniauth-oauth2 (~> 1.2) - omniauth-github (1.4.0) - omniauth (~> 1.5) - omniauth-oauth2 (>= 1.4.0, < 2.0) + omniauth-github (2.0.0) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.7.1) omniauth-oauth (1.2.0) oauth omniauth (>= 1.0, < 3) @@ -943,9 +951,12 @@ GEM omniauth (>= 1.9, < 3) omniauth-oauth2-generic (0.2.2) omniauth-oauth2 (~> 1.0) - omniauth-saml (1.10.0) - omniauth (~> 1.3, >= 1.3.2) - ruby-saml (~> 1.7) + omniauth-rails_csrf_protection (1.0.1) + actionpack (>= 4.2) + omniauth (~> 2.0) + omniauth-saml (2.0.0) + omniauth (~> 2.0) + ruby-saml (~> 1.9) omniauth-shibboleth (1.3.0) omniauth (>= 1.0.0) omniauth-twitter (1.4.0) @@ -1054,6 +1065,8 @@ GEM httpclient json-jwt (>= 1.11.0) rack (>= 2.1.0) + rack-protection (2.2.2) + rack rack-proxy (0.7.2) rack rack-test (1.1.0) @@ -1446,7 +1459,7 @@ GEM validate_email (0.1.6) activemodel (>= 3.0) mail (>= 2.2.5) - validate_url (1.0.13) + validate_url (1.0.15) activemodel (>= 3.0.0) public_suffix validates_hostname (1.0.11) @@ -1533,6 +1546,7 @@ DEPENDENCIES browser (~> 4.2) bullet (~> 7.0.2) bundler-audit (~> 0.7.0.1) + bundler-checksum (~> 0.1.0)! capybara (~> 3.35.3) capybara-screenshot (~> 1.0.22) carrierwave (~> 1.3) @@ -1599,7 +1613,7 @@ DEPENDENCIES gitlab-mail_room (~> 0.0.9) gitlab-markup (~> 1.8.0) gitlab-net-dns (~> 0.9.1) - gitlab-omniauth-openid-connect (~> 0.9.0) + gitlab-omniauth-openid-connect (~> 0.10.0) gitlab-sidekiq-fetcher (= 0.8.0) gitlab-styles (~> 8.0.0) gitlab_chronic_duration (~> 0.10.6.2) @@ -1666,7 +1680,7 @@ DEPENDENCIES octokit (~> 4.15) ohai (~> 16.10) oj (~> 3.13.21) - omniauth (~> 1.8) + omniauth (~> 2.1.0) omniauth-alicloud (~> 1.0.1) omniauth-atlassian-oauth2 (~> 0.2.0) omniauth-auth0 (~> 2.0.0) @@ -1676,12 +1690,13 @@ DEPENDENCIES omniauth-cas3 (~> 1.1.4)! omniauth-dingtalk-oauth2 (~> 1.0) omniauth-facebook (~> 4.0.0) - omniauth-github (~> 1.4) + omniauth-github (= 2.0.0) omniauth-gitlab (~> 4.0.0)! - omniauth-google-oauth2 (~> 0.6.0)! + omniauth-google-oauth2 (~> 1.0.1)! omniauth-oauth2-generic (~> 0.2.2) + omniauth-rails_csrf_protection omniauth-salesforce (~> 1.0.5)! - omniauth-saml (~> 1.10) + omniauth-saml (~> 2.0.0) omniauth-shibboleth (~> 1.3.0) omniauth-twitter (~> 1.4) omniauth_crowd (~> 2.4.0)! diff --git a/app/assets/javascripts/pages/dashboard/todos/index/todos.js b/app/assets/javascripts/pages/dashboard/todos/index/todos.js index c2a4ba095fa..b6f42a27002 100644 --- a/app/assets/javascripts/pages/dashboard/todos/index/todos.js +++ b/app/assets/javascripts/pages/dashboard/todos/index/todos.js @@ -140,10 +140,10 @@ export default class Todos { restoreBtn.classList.add('hidden'); doneBtn.classList.remove('hidden'); } else if (target === doneBtn) { - row.classList.add('done-reversible'); + row.classList.add('done-reversible', 'gl-bg-gray-50', 'gl-border-gray-100'); restoreBtn.classList.remove('hidden'); } else if (target === restoreBtn) { - row.classList.remove('done-reversible'); + row.classList.remove('done-reversible', 'gl-bg-gray-50', 'gl-border-gray-100'); doneBtn.classList.remove('hidden'); } else { row.parentNode.removeChild(row); diff --git a/app/assets/stylesheets/page_bundles/todos.scss b/app/assets/stylesheets/page_bundles/todos.scss index e7813e3b56e..3eacf98688e 100644 --- a/app/assets/stylesheets/page_bundles/todos.scss +++ b/app/assets/stylesheets/page_bundles/todos.scss @@ -9,12 +9,6 @@ // workaround because we cannot use border-collapse border-top: 1px solid transparent; - &:hover { - background-color: var(--blue-50, $blue-50); - border-color: var(--blue-200, $blue-200); - cursor: pointer; - } - // overwrite border style of .content-list &:last-child { border-bottom: 1px solid transparent; @@ -26,8 +20,6 @@ &.todo-pending.done-reversible { &:hover { - border-color: var(--border-color, $border-color); - background-color: var(--gray-50, $gray-50); border-top: 1px solid transparent; .todo-avatar, @@ -40,20 +32,12 @@ .todo-item { opacity: 0.2; } - - .btn { - background-color: var(--gray-50, $gray-50); - } } } .todo-item { @include transition(opacity); - .status-box { - line-height: inherit; - } - .todo-label, .todo-project { a { @@ -66,22 +50,6 @@ color: var(--gl-text-color, $gl-text-color); } - pre { - border: 0; - background: var(--gray-50, $gray-50); - border-radius: 0; - color: var(--gray-500, $gray-500); - margin: 0 20px; - overflow: hidden; - } - - .note-image-attach { - margin-top: 4px; - margin-left: 0; - max-width: 200px; - float: none; - } - .gl-label-scoped { --label-inset-border: inset 0 0 0 1px currentColor; } diff --git a/app/views/dashboard/todos/_todo.html.haml b/app/views/dashboard/todos/_todo.html.haml index 8d82116bf10..b4668b1e52a 100644 --- a/app/views/dashboard/todos/_todo.html.haml +++ b/app/views/dashboard/todos/_todo.html.haml @@ -1,4 +1,4 @@ -%li.todo{ class: "todo-#{todo.done? ? 'done' : 'pending'}", id: dom_id(todo), data: { url: todo_target_path(todo) } } +%li.todo.gl-hover-border-blue-200.gl-hover-bg-blue-50.gl-hover-cursor-pointer{ class: "todo-#{todo.done? ? 'done' : 'pending'}", id: dom_id(todo), data: { url: todo_target_path(todo) } } .gl-display-flex.gl-flex-direction-row .todo-avatar.gl-display-none.gl-sm-display-inline-block = author_avatar(todo, size: 40) @@ -49,13 +49,13 @@ .todo-actions.gl-ml-3 - if todo.pending? - = link_to dashboard_todo_path(todo), method: :delete, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-done-todo', data: { href: dashboard_todo_path(todo) } do + = link_to dashboard_todo_path(todo), method: :delete, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-done-todo', data: { href: dashboard_todo_path(todo) } do = gl_loading_icon(inline: true) = _('Done') - = link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-undo-todo hidden', data: { href: restore_dashboard_todo_path(todo) } do + = link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-undo-todo hidden', data: { href: restore_dashboard_todo_path(todo) } do = gl_loading_icon(inline: true) = _('Undo') - else - = link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button btn btn-default btn-loading d-flex align-items-center js-add-todo', data: { href: restore_dashboard_todo_path(todo) } do + = link_to restore_dashboard_todo_path(todo), method: :patch, class: 'gl-button gl-bg-gray-50 btn btn-default btn-loading d-flex align-items-center js-add-todo', data: { href: restore_dashboard_todo_path(todo) } do = gl_loading_icon(inline: true) = _('Add a to do') diff --git a/app/views/notify/_successful_pipeline.html.haml b/app/views/notify/_successful_pipeline.html.haml index e77db14a9c5..88e0bbf6125 100644 --- a/app/views/notify/_successful_pipeline.html.haml +++ b/app/views/notify/_successful_pipeline.html.haml @@ -16,7 +16,8 @@ %table.table-info{ border: "0", cellpadding: "0", cellspacing: "0", style: "width:100%;" } %tbody %tr - %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;" } Project + %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;" } + = _('Project') %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;" } - namespace_name = @project.group ? @project.group.name : @project.namespace.owner.name - namespace_url = @project.group ? group_url(@project.group) : user_url(@project.namespace.owner) @@ -26,7 +27,8 @@ %a.muted{ href: project_url(@project), style: "color:#333333;text-decoration:none;" } = @project.name %tr - %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Branch + %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } + = _('Branch') %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" } %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" } %tbody @@ -37,7 +39,8 @@ %a.muted{ href: commits_url(@pipeline), style: "color:#333333;text-decoration:none;" } = @pipeline.source_ref %tr - %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit + %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } + = _('Commit') %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:400;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" } %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" } %tbody @@ -55,7 +58,8 @@ = @pipeline.git_commit_message.truncate(50) - commit = @pipeline.commit %tr - %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Commit Author + %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } + = s_('Notify|Commit Author') %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" } %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" } %tbody @@ -71,7 +75,8 @@ = commit.author_name - if commit.different_committer? %tr - %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } Committed by + %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:300;padding:14px 0;margin:0;border-top:1px solid #ededed;" } + = s_('Notify|Committed by') %td{ style: "font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;font-size:15px;line-height:1.4;color:#8c8c8c;font-weight:500;padding:14px 0;margin:0;color:#333333;width:75%;padding-left:5px;border-top:1px solid #ededed;" } %table.img{ border: "0", cellpadding: "0", cellspacing: "0", style: "border-collapse:collapse;" } %tbody diff --git a/app/views/notify/pipeline_fixed_email.html.haml b/app/views/notify/pipeline_fixed_email.html.haml index f2dbb3b20b7..33b83b104b1 100644 --- a/app/views/notify/pipeline_fixed_email.html.haml +++ b/app/views/notify/pipeline_fixed_email.html.haml @@ -1 +1 @@ -= render 'notify/successful_pipeline', title: "Pipeline has been fixed and ##{@pipeline.id} has passed!" += render 'notify/successful_pipeline', title: s_('Notify|Pipeline has been fixed and #%{pipeline_id} has passed!') % {pipeline_id: @pipeline.id} diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index 38bd1034b36..2454b5ea818 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -11,6 +11,17 @@ if Gitlab::Auth::Ldap::Config.enabled? end end +module OmniAuth + module Strategies + class AzureActivedirectoryV2 + # override until https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 is merged + def callback_url + full_host + callback_path + end + end + end +end + OmniAuth.config.full_host = Gitlab::OmniauthInitializer.full_host OmniAuth.config.allowed_request_methods = [:post] diff --git a/doc/api/groups.md b/doc/api/groups.md index d051fec06a7..9e44c99d294 100644 --- a/doc/api/groups.md +++ b/doc/api/groups.md @@ -988,8 +988,8 @@ PUT /groups/:id | `unique_project_download_limit` **(ULTIMATE)** | integer | no | Maximum number of unique projects a user can download in the specified time period before they are banned. Available only on top-level groups. Default: 0, Maximum: 10,000. | | `unique_project_download_limit_interval_in_seconds` **(ULTIMATE)** | integer | no | Time period during which a user can download a maximum amount of projects before they are banned. Available only on top-level groups. Default: 0, Maximum: 864,000 seconds (10 days). | | `unique_project_download_limit_allowlist` **(ULTIMATE)** | array of strings | no | List of usernames excluded from the unique project download limit. Available only on top-level groups. Default: `[]`, Maximum: 100 usernames. | -| `auto_ban_user_on_excessive_projects_download` **(ULTIMATE)** | boolean | no | When enabled, users will get automatically banned from the group when they download more than the maximum number of unique projects in the time period specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds` respectively. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4 | -| `ip_restriction_ranges` **(PREMIUM)** | string | no | Comman separated IP addresses or subnet masks value to restrict group access, [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4 | +| `auto_ban_user_on_excessive_projects_download` **(ULTIMATE)** | boolean | no | When enabled, users are automatically banned from the group when they download more than the maximum number of unique projects specified by `unique_project_download_limit` and `unique_project_download_limit_interval_in_seconds`. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/94159) in GitLab 15.4. | +| `ip_restriction_ranges` **(PREMIUM)** | string | no | Comma-separated list of IP addresses or subnet masks to restrict group access. [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/351493) in GitLab 15.4. | NOTE: The `projects` and `shared_projects` attributes in the response are deprecated and [scheduled for removal in API v5](https://gitlab.com/gitlab-org/gitlab/-/issues/213797). diff --git a/doc/user/project/settings/import_export.md b/doc/user/project/settings/import_export.md index b415f836795..375e4a62b86 100644 --- a/doc/user/project/settings/import_export.md +++ b/doc/user/project/settings/import_export.md @@ -57,7 +57,15 @@ moved to your configured `uploads_directory`. Every 24 hours, a worker deletes t ### Items that are exported -The following items are exported: +The [`import_export.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/import_export/project/import_export.yml) +file lists the items exported and imported when migrating projects using file exports. View this file in the branch +for your version of GitLab to see the list of items relevant to you. For example, +[`import_export.yml` on the `14-10-stable-ee` branch](https://gitlab.com/gitlab-org/gitlab/-/blob/14-10-stable-ee/lib/gitlab/import_export/project/import_export.yml). + +Migrating projects with file exports uses the same export and import mechanisms as creating projects from templates at the [group](../../group/custom_project_templates.md) and +[instance](../../admin_area/custom_project_templates.md) levels. Therefore, the list of exported items is the same. + +Items that are exported include: - Project and wiki repositories - Project uploads @@ -100,15 +108,6 @@ Items that are **not** exported include: - Deploy keys allowed to push to protected branches - Secure Files -These content rules also apply to creating projects from templates on the -[group](../../group/custom_project_templates.md) -or [instance](../../admin_area/custom_project_templates.md) -levels, because the same export and import mechanisms are used. - -NOTE: -For more details on the specific data persisted in a project export, see the -[`import_export.yml`](https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/import_export/project/import_export.yml) file. - ## Import a project and its data > Default maximum import file size [changed](https://gitlab.com/gitlab-org/gitlab/-/issues/251106) from 50 MB to unlimited in GitLab 13.8. @@ -179,7 +178,8 @@ Imported users can be mapped by their public email addresses on self-managed ins - Public email addresses are not set by default. Users must [set it in their profiles](../../profile/index.md#set-your-public-email) for mapping to work correctly. - For contributions to be mapped correctly, users must be an existing member of the namespace, - or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original author and the MRs, notes, or issues that are owned by the importer. + or they can be added as a member of the project. Otherwise, a supplementary comment is left to mention that the original + author and the merge requests, notes, or issues that are owned by the importer. - Imported users are set as [direct members](../members/index.md) in the imported project. @@ -416,5 +416,5 @@ Error adding importer user to Project members. Validation failed: User project bots cannot be added to other groups / projects ``` -To use [Import REST APIs](../../../api/project_import_export.md), +To use [Import REST API](../../../api/project_import_export.md), pass regular user account credentials such as [personal access tokens](../../profile/personal_access_tokens.md). diff --git a/locale/gitlab.pot b/locale/gitlab.pot index e432108c84d..20d52f11c9a 100644 --- a/locale/gitlab.pot +++ b/locale/gitlab.pot @@ -27117,6 +27117,12 @@ msgstr "" msgid "Notify|CI/CD project settings" msgstr "" +msgid "Notify|Commit Author" +msgstr "" + +msgid "Notify|Committed by" +msgstr "" + msgid "Notify|Don't want to receive updates from GitLab administrators?" msgstr "" @@ -27195,6 +27201,9 @@ msgstr "" msgid "Notify|Pipeline %{pipeline_link} triggered by" msgstr "" +msgid "Notify|Pipeline has been fixed and #%{pipeline_id} has passed!" +msgstr "" + msgid "Notify|Remote mirror" msgstr "" diff --git a/vendor/gems/bundler-checksum/.gitlab-ci.yml b/vendor/gems/bundler-checksum/.gitlab-ci.yml new file mode 100644 index 00000000000..f6bdb73a039 --- /dev/null +++ b/vendor/gems/bundler-checksum/.gitlab-ci.yml @@ -0,0 +1,28 @@ +workflow: + rules: + - if: $CI_MERGE_REQUEST_ID + +.test: + cache: + key: bundler-checksum + paths: + - vendor/gems/bundler-checksum/vendor/ruby + before_script: + - cd vendor/gems/bundler-checksum + - ruby -v # Print out ruby version for debugging + - gem install bundler --no-document # Bundler is not installed with the image + - bundle config set --local path 'vendor' # Install dependencies into ./vendor/ruby + - bundle config set with 'development' + - bundle config set --local frozen 'true' # Disallow Gemfile.lock changes on CI + - bundle config # Show bundler configuration + - bundle install -j $(nproc) + script: + - pushd test/project_with_checksum_lock && scripts/test + +test-2.7: + image: "ruby:2.7" + extends: .test + +test-3.0: + image: "ruby:3.0" + extends: .test diff --git a/vendor/gems/bundler-checksum/Gemfile b/vendor/gems/bundler-checksum/Gemfile new file mode 100644 index 00000000000..9a78debe9a3 --- /dev/null +++ b/vendor/gems/bundler-checksum/Gemfile @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +source 'https://rubygems.org/' + +gemspec diff --git a/vendor/gems/bundler-checksum/Gemfile.lock b/vendor/gems/bundler-checksum/Gemfile.lock new file mode 100644 index 00000000000..8ae053f0105 --- /dev/null +++ b/vendor/gems/bundler-checksum/Gemfile.lock @@ -0,0 +1,18 @@ +PATH + remote: . + specs: + bundler-checksum (0.1.0) + bundler + +GEM + remote: https://rubygems.org/ + specs: + +PLATFORMS + ruby + +DEPENDENCIES + bundler-checksum! + +BUNDLED WITH + 2.3.17 diff --git a/vendor/gems/bundler-checksum/LICENSE b/vendor/gems/bundler-checksum/LICENSE new file mode 100644 index 00000000000..7f53e1576a1 --- /dev/null +++ b/vendor/gems/bundler-checksum/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2022-present GitLab B.V. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/gems/bundler-checksum/README.md b/vendor/gems/bundler-checksum/README.md new file mode 100644 index 00000000000..1420dc49b94 --- /dev/null +++ b/vendor/gems/bundler-checksum/README.md @@ -0,0 +1,32 @@ +# bundler-checksum + +Bundler patch for verifying local gem checksums + +## Install + +Add the following to your Gemfile: + +``` +if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental + require 'bundler-checksum' + Bundler::Checksum.patch! +end +``` + +## Usage + +Once the gem is installed, bundler-checksum will verify gems before +installation. + +If a new or updated gem is to be installed, the remote checksum of that gem is stored in `Gemfile.checksum`. +Checksum entries for other versions of the gem are removed from `Gemfile.checksum`. + +If a version of a gem is to be installed that is already present in `Gemfile.checksum`, the remote and local +checksums are compared and an error is prompted if they do not match. + +Gem checksums for all platforms are stored in `Gemfile.checksum`. +When `bundler-checksum` runs it will only verify the checksum for the platform that `bundle` wants to download. + + +## Development + diff --git a/vendor/gems/bundler-checksum/bin/bundler-checksum b/vendor/gems/bundler-checksum/bin/bundler-checksum new file mode 100755 index 00000000000..2d0aea827bc --- /dev/null +++ b/vendor/gems/bundler-checksum/bin/bundler-checksum @@ -0,0 +1,6 @@ +#!/usr/bin/env ruby + +require 'bundler-checksum' +require 'bundler/checksum/command' + +Bundler::Checksum::Command.execute(ARGV) diff --git a/vendor/gems/bundler-checksum/bundler-checksum.gemspec b/vendor/gems/bundler-checksum/bundler-checksum.gemspec new file mode 100644 index 00000000000..c04312480b6 --- /dev/null +++ b/vendor/gems/bundler-checksum/bundler-checksum.gemspec @@ -0,0 +1,22 @@ +# frozen_string_literal: true + +require_relative 'lib/bundler/checksum/version' + +Gem::Specification.new do |spec| + spec.name = 'bundler-checksum' + spec.version = Bundler::Checksum::VERSION + spec.authors = ['dustinmm80'] + spec.email = ['dcollins@gitlab.com'] + + spec.summary = 'Track checksums locally with Bundler' + spec.description = 'Track checksums locally with Bundler' + spec.homepage = 'https://gitlab.com/gitlab-org/gitlab/-/tree/master/vendor/gems/bundler-checksum' + spec.license = 'MIT' + + spec.files = Dir['bin/*', 'lib/**/*.rb'] + spec.bindir = 'bin' + spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) } + spec.require_paths = ['lib'] + + spec.add_dependency 'bundler' +end diff --git a/vendor/gems/bundler-checksum/lib/bundler-checksum.rb b/vendor/gems/bundler-checksum/lib/bundler-checksum.rb new file mode 100644 index 00000000000..600cd4f7107 --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler-checksum.rb @@ -0,0 +1 @@ +require 'bundler/checksum' diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum.rb new file mode 100644 index 00000000000..c8d78eba111 --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum.rb @@ -0,0 +1,109 @@ +# frozen_string_literal: true + +require 'bundler' +require 'bundler/checksum/version' +require 'json' + +module Bundler + module Patches + # This module monkey-patches Bundler to check Gemfile.checksum + # when installing gems that are from RubyGems + module RubyGemsInstallerPatch + def pre_install_checks + super && validate_local_package_checksum + end + + private + + def validate_local_package_checksum + cached_checksum = fetch_checksum_from_file(spec) + + if cached_checksum.nil? + raise SecurityError, "Cached checksum for #{spec.full_name} not found. Please (re-)generate Gemfile.checksum" + end + + validate_file_checksum(cached_checksum) + end + + def fetch_checksum_from_file(spec) + ::Bundler::Checksum.checksum_for(spec.name, spec.version.to_s, spec.platform.to_s) + end + + # Modified from + # https://github.com/rubygems/rubygems/blob/243173279e79a38f03e318eea8825d1c8824e119/bundler/lib/bundler/rubygems_gem_installer.rb#L116 + def validate_file_checksum(checksum) + return true if Bundler.settings[:disable_checksum_validation] + + source = @package.instance_variable_get(:@gem) + + # Contary to upstream, we raise instead of silently returning + raise "#{@package.inspect} does not have :@gem" unless source + raise "#{source.inspect} does not respond to :with_read_io" unless source.respond_to?(:with_read_io) + + digest = source.with_read_io do |io| + digest = SharedHelpers.digest(:SHA256).new + digest << io.read(16_384) until io.eof? + io.rewind + send(checksum_type(checksum), digest) + end + unless digest == checksum + raise SecurityError, <<-MESSAGE + Bundler cannot continue installing #{spec.name} (#{spec.version}). + The checksum for the downloaded `#{spec.full_name}.gem` does not match \ + the checksum from the checksum file. This means the contents of the downloaded \ + gem is different from what was recorded in the checksum file, and could be potential security issue. + gem is different from what was uploaded to the server, and could be a potential security issue. + + To resolve this issue: + 1. delete the downloaded gem located at: `#{spec.gem_dir}/#{spec.full_name}.gem` + 2. run `bundle install` + + If you wish to continue installing the downloaded gem, and are certain it does not pose a \ + security issue despite the mismatching checksum, do the following: + 1. run `bundle config set --local disable_checksum_validation true` to turn off checksum verification + 2. run `bundle install` + + (More info: The expected SHA256 checksum was #{checksum.inspect}, but the \ + checksum for the downloaded gem was #{digest.inspect}.) + MESSAGE + end + true + end + end + end +end + +module Bundler + module Checksum + class << self + def checksum_file + @checksum_file ||= File.join(File.dirname(Bundler.default_gemfile), 'Gemfile.checksum') + end + + def checksums_from_file + @checksums_from_file ||= JSON.parse(File.open(checksum_file).read, symbolize_names: true) + rescue JSON::ParserError => e + raise "Invalid checksum file: #{e.message}" + end + + def checksum_for(gem_name, gem_version, gem_platform) + item = checksums_from_file.detect do |item| + item[:name] == gem_name && + item[:platform] == gem_platform && + item[:version] == gem_version + end + + item&.fetch(:checksum) + end + + def patch! + return if defined?(@patched) && @patched + @patched = true + + Bundler.ui.info "Patching bundler with bundler-checksum..." + require 'bundler/rubygems_gem_installer' + ::Bundler::RubyGemsGemInstaller.prepend(Bundler::Patches::RubyGemsInstallerPatch) + end + end + end +end diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum/command.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum/command.rb new file mode 100644 index 00000000000..438f41f6e69 --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum/command.rb @@ -0,0 +1,27 @@ +# frozen_string_literal: true + +module Bundler::Checksum + module Command + autoload :Init, File.expand_path("command/init", __dir__) + autoload :Verify, File.expand_path("command/verify", __dir__) + autoload :Helper, File.expand_path("command/helper", __dir__) + + def self.execute(args) + if args.empty? + $stderr.puts 'A command must be given [init,update,verify]' + end + + if args.first == 'init' + Init.execute + elsif args.first == 'update' + $stderr.puts 'Not implemented, please use init' + elsif args.first == 'verify' + verified = Verify.execute + + unless verified + exit 1 + end + end + end + end +end diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum/command/helper.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/helper.rb new file mode 100644 index 00000000000..fa06bfe3da4 --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/helper.rb @@ -0,0 +1,28 @@ +# frozen_string_literal: true + +require 'json' +require 'net/http' + +module Bundler::Checksum::Command + module Helper + extend self + + def remote_checksums_for_gem(gem_name, gem_version) + response = Net::HTTP.get_response(URI( + "https://rubygems.org/api/v1/versions/#{gem_name}.json" + )) + + return [] unless response.code == '200' + + gem_candidates = JSON.parse(response.body, symbolize_names: true) + gem_candidates.select! { |g| g[:number] == gem_version.to_s } + + gem_candidates.map { + |g| {:name => gem_name, :version => gem_version, :platform => g[:platform], :checksum => g[:sha]} + } + + rescue JSON::ParserError + [] + end + end +end diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum/command/init.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/init.rb new file mode 100644 index 00000000000..fed0e11080f --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/init.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +require 'openssl' + +module Bundler::Checksum::Command + module Init + extend self + + def execute + $stderr.puts "Initializing checksum file #{checksum_file}" + + checksums = [] + + compact_index_cache = Bundler::Fetcher::CompactIndex + .new(nil, Bundler::Source::Rubygems::Remote.new(Bundler::URI("https://rubygems.org")), nil) + .send(:compact_index_client) + .instance_variable_get(:@cache) + + seen = [] + Bundler.definition.resolve.sort_by(&:name).each do |spec| + next unless spec.source.is_a?(Bundler::Source::Rubygems) + + next if seen.include?(spec.name) + seen << spec.name + + $stderr.puts "Adding #{spec.name}==#{spec.version}" + + compact_index_dependencies = compact_index_cache.dependencies(spec.name).select { |item| item.first == spec.version.to_s } + + if !compact_index_dependencies.empty? + compact_index_checksums = compact_index_dependencies.map do |version, platform, dependencies, requirements| + { + name: spec.name, + version: spec.version.to_s, + platform: Gem::Platform.new(platform).to_s, + checksum: requirements.detect { |requirement| requirement.first == 'checksum' }.flatten[1] + } + end + + checksums += compact_index_checksums.sort_by { |hash| hash.values } + else + remote_checksum = Helper.remote_checksums_for_gem(spec.name, spec.version) + + if remote_checksum.empty? + raise "#{spec.name} #{spec.version} not found on Rubygems!" + end + + checksums += remote_checksum.sort_by { |hash| hash.values } + end + end + + File.write(checksum_file, JSON.generate(checksums, array_nl: "\n") + "\n") + end + + private + + def checksum_file + ::Bundler::Checksum.checksum_file + end + + def lockfile + lockfile_path = Bundler.default_lockfile + lockfile = Bundler::LockfileParser.new(Bundler.read_file(lockfile_path)) + end + end +end diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum/command/verify.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/verify.rb new file mode 100644 index 00000000000..ba2eea6ea0c --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum/command/verify.rb @@ -0,0 +1,52 @@ +# frozen_string_literal: true + +module Bundler::Checksum::Command + module Verify + extend self + + def execute + $stderr.puts 'Verifying bundle checksums' + + verified = true + + local_checksums.each do |gem| + name = gem.fetch(:name) + version = gem.fetch(:version) + platform = gem.fetch(:platform) + checksum = gem.fetch(:checksum) + + $stderr.puts "Verifying #{name}==#{version} #{platform}" + unless validate_gem_checksum(name, version, platform, checksum) + verified = false + end + end + + verified + end + + private + + def local_checksums + ::Bundler::Checksum.checksums_from_file + end + + def validate_gem_checksum(gem_name, gem_version, gem_platform, local_checksum) + remote_checksums = Helper.remote_checksums_for_gem(gem_name, gem_version) + if remote_checksums.empty? + $stderr.puts "#{gem_name} #{gem_version} not found on Rubygems, skipping" + return false + end + + remote_platform_checksum = remote_checksums.find { |g| g[:name] == gem_name && g[:platform] == gem_platform.to_s } + + if local_checksum == remote_platform_checksum[:checksum] + true + else + $stderr.puts "Gem #{gem_name} #{gem_version} #{gem_platform} failed checksum verification" + $stderr.puts "LOCAL: #{local_checksum}" + $stderr.puts "REMOTE: #{remote_platform_checksum[:checksum]}" + return false + end + end + end +end diff --git a/vendor/gems/bundler-checksum/lib/bundler/checksum/version.rb b/vendor/gems/bundler-checksum/lib/bundler/checksum/version.rb new file mode 100644 index 00000000000..41e958b2db9 --- /dev/null +++ b/vendor/gems/bundler-checksum/lib/bundler/checksum/version.rb @@ -0,0 +1,8 @@ +# frozen_string_literal: true + +module Bundler + module Checksum + # bundler-checksum version + VERSION = '0.1.0' + end +end diff --git a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile new file mode 100644 index 00000000000..238bd09669f --- /dev/null +++ b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile @@ -0,0 +1,11 @@ +# frozen_string_literal: true + +source 'https://rubygems.org' + +if ENV['BUNDLER_CHECKSUM_VERIFICATION_OPT_IN'] # this verification is still experimental + $:.unshift(File.expand_path('../../lib', __dir__)) + require 'bundler-checksum' + Bundler::Checksum.patch! +end + +gem 'rails', '~> 6.1.6.1' diff --git a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.checksum b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.checksum new file mode 100644 index 00000000000..cf70611c97a --- /dev/null +++ b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.checksum @@ -0,0 +1,54 @@ +[ +{"name":"actioncable","version":"6.1.6.1","platform":"ruby","checksum":"11f079141cf032026881e4a79ae0cc93753351089c1b6ca1ed30a8a6a21f961b"}, +{"name":"actionmailbox","version":"6.1.6.1","platform":"ruby","checksum":"a4cc16fe634c9de4e22669fc4bf20d5b84f65039c7e3d7308c804b82726d03d2"}, +{"name":"actionmailer","version":"6.1.6.1","platform":"ruby","checksum":"13964bff4a75efd705304cb7aeb71380a4b11d404c7304b67f3bc3208cde12a7"}, +{"name":"actionpack","version":"6.1.6.1","platform":"ruby","checksum":"f3e0a82a62aa36fecadbacbb266e38338da032f18aaf97674f335671b420bdd4"}, +{"name":"actiontext","version":"6.1.6.1","platform":"ruby","checksum":"ff26b96769b6f4bdf3c0e74f613b232b2cdab7e46f1433c9cfa4fdcd081afac0"}, +{"name":"actionview","version":"6.1.6.1","platform":"ruby","checksum":"a87fc7d2c4fe9b6357492a3ee361be8169f3f319f47bf70fda1b1718b944d06b"}, +{"name":"activejob","version":"6.1.6.1","platform":"ruby","checksum":"9efee4499d31aaaab73b843a09564d4a2aabcd51c2088361a92e08766ab0db65"}, +{"name":"activemodel","version":"6.1.6.1","platform":"ruby","checksum":"239953365a7da4bcb9a3819b8ac2557a58a3ba89ddd36bee9bb3eca818e4a3e2"}, +{"name":"activerecord","version":"6.1.6.1","platform":"ruby","checksum":"82f74804ab34ea549fd593e5ced68c32426564786127d2de9b933ba78467d0b0"}, +{"name":"activestorage","version":"6.1.6.1","platform":"ruby","checksum":"3fbf4c355a69a46e14676004ad8e06245bdce7f96858e72782715218326aafc5"}, +{"name":"activesupport","version":"6.1.6.1","platform":"ruby","checksum":"5fc9fd6fe6f755e7523bb3aaf4370fb91a8416b39e3202939fd8bded4fec606d"}, +{"name":"builder","version":"3.2.4","platform":"ruby","checksum":"99caf08af60c8d7f3a6b004029c4c3c0bdaebced6c949165fe98f1db27fbbc10"}, +{"name":"concurrent-ruby","version":"1.1.10","platform":"ruby","checksum":"244cb1ca0d91ec2c15ca2209507c39fb163336994428e16fbd3f465c87bd8e68"}, +{"name":"crass","version":"1.0.6","platform":"ruby","checksum":"dc516022a56e7b3b156099abc81b6d2b08ea1ed12676ac7a5657617f012bd45d"}, +{"name":"erubi","version":"1.11.0","platform":"ruby","checksum":"fda72d577feaf3bdcd646d33fa630be5f92f48e179a9278e4175a9cec20e7f85"}, +{"name":"globalid","version":"1.0.0","platform":"ruby","checksum":"1253641b1dc3392721c964351773755d75135d3d3c5cc65d88b0a3880a60bed8"}, +{"name":"i18n","version":"1.12.0","platform":"ruby","checksum":"91e3cc1b97616d308707eedee413d82ee021d751c918661fb82152793e64aced"}, +{"name":"loofah","version":"2.18.0","platform":"ruby","checksum":"61975a247a6aeb8f09ac5a3430305451efc4525c0b9b79c05feaec35a8b9d5a3"}, +{"name":"mail","version":"2.7.1","platform":"ruby","checksum":"ec2a3d489f7510b90d8eaa3f6abaad7038cf1d663cdf8ee66d0214a0bdf99c03"}, +{"name":"marcel","version":"1.0.2","platform":"ruby","checksum":"a013b677ef46cbcb49fd5c59b3d35803d2ee04dd75d8bfdc43533fc5a31f7e4e"}, +{"name":"method_source","version":"1.0.0","platform":"ruby","checksum":"d779455a2b5666a079ce58577bfad8534f571af7cec8107f4dce328f0981dede"}, +{"name":"mini_mime","version":"1.1.2","platform":"ruby","checksum":"a54aec0cc7438a03a850adb00daca2bdb60747f839e28186994df057cea87151"}, +{"name":"minitest","version":"5.16.2","platform":"ruby","checksum":"c1be0c6b57fab451faa08e74ffa71e7d6a259b90f4bacb881c7f4808ec8b4991"}, +{"name":"nio4r","version":"2.5.8","platform":"java","checksum":"b2b1800f6bf7ce4b797ca8b639ad278a99c9c904fb087a91d944f38e4bd71401"}, +{"name":"nio4r","version":"2.5.8","platform":"ruby","checksum":"3becb4ad95ab8ac0a9bd2e1b16466869402be62848082bf6329ae9091f276676"}, +{"name":"nokogiri","version":"1.13.8","platform":"aarch64-linux","checksum":"d6b2c45a57738f12fe27783939fe1394e7049246288c7770d3b1fee7f49432a6"}, +{"name":"nokogiri","version":"1.13.8","platform":"arm64-darwin","checksum":"00217e48a6995e81dd83014325c0ea0b015023a8922c7bdb2ef1416aa87c1f43"}, +{"name":"nokogiri","version":"1.13.8","platform":"java","checksum":"9d04c616900e2b5118e501436ebb9bc48520d08f3695d012a314006e28082f72"}, +{"name":"nokogiri","version":"1.13.8","platform":"ruby","checksum":"79c279298b2f22fd4e760f49990c7930436bac1b1cfeff7bacff192f30edea3c"}, +{"name":"nokogiri","version":"1.13.8","platform":"x64-mingw-ucrt","checksum":"98f7dac7583f07a84ec3fcc01dc03a66fce10f412cd363fce7de749acdb2a42d"}, +{"name":"nokogiri","version":"1.13.8","platform":"x64-mingw32","checksum":"117a71b37f2e1d774a9f031d393e72d5d04b92af8036e0c1a8dd509c247b2013"}, +{"name":"nokogiri","version":"1.13.8","platform":"x86-linux","checksum":"6d04342456edfb8fbc041d0c2cf5a59baaa7aacdda414b2333100b02f85d441d"}, +{"name":"nokogiri","version":"1.13.8","platform":"x86-mingw32","checksum":"0529d558b4280a55bc7af500d3d4d590b7c059c814a0cea52e4e18cb30c25d15"}, +{"name":"nokogiri","version":"1.13.8","platform":"x86_64-darwin","checksum":"8966d79e687b271df87a4b240456597c43cd98584e3f783fc35de4f066486421"}, +{"name":"nokogiri","version":"1.13.8","platform":"x86_64-linux","checksum":"344f1bc66feac787e5b2053c6e9095d1f33605083e58ddf2b8d4eef257bccc5f"}, +{"name":"racc","version":"1.6.0","platform":"java","checksum":"d449a3c279026451b9fd5f34e829dc5f6e0ef6b9b472b7ff89fd3877fe8fe8cf"}, +{"name":"racc","version":"1.6.0","platform":"ruby","checksum":"2dede3b136eeabd0f7b8c9356b958b3d743c00158e2615acab431af141354551"}, +{"name":"rack","version":"2.2.4","platform":"ruby","checksum":"ea2232b638cbd919129c8c8ad8012ecaccc09f848152a7e705d2139d0137ac2b"}, +{"name":"rack-test","version":"2.0.2","platform":"ruby","checksum":"adadd0e957f63a34199a9fdf905a920a0b0a50795735095b4ac4bd3c13385466"}, +{"name":"rails","version":"6.1.6.1","platform":"ruby","checksum":"17024921a3913fb341f584542b06adf6bb12977a8b92d5fce093c3996c963686"}, +{"name":"rails-dom-testing","version":"2.0.3","platform":"ruby","checksum":"b140c4f39f6e609c8113137b9a60dfc2ecb89864e496f87f23a68b3b8f12d8d1"}, +{"name":"rails-html-sanitizer","version":"1.4.3","platform":"ruby","checksum":"2ebba6ad9a0b100f79fda853a46851e7664febe1728223f9734281e0d55940d6"}, +{"name":"railties","version":"6.1.6.1","platform":"ruby","checksum":"bafecdf2dcbe4ea44e1ab7081fd797aa87ae9bbcd0f3a4372b662a1b93949733"}, +{"name":"rake","version":"13.0.6","platform":"ruby","checksum":"5ce4bf5037b4196c24ac62834d8db1ce175470391026bd9e557d669beeb19097"}, +{"name":"sprockets","version":"4.1.1","platform":"ruby","checksum":"68b10b0e574fc2a080e4779d025bf39bc7a20bc8659e32f827cccce9581348e2"}, +{"name":"sprockets-rails","version":"3.4.2","platform":"ruby","checksum":"36d6327757ccf7460a00d1d52b2d5ef0019a4670503046a129fa1fb1300931ad"}, +{"name":"thor","version":"1.2.1","platform":"ruby","checksum":"b1752153dc9c6b8d3fcaa665e9e1a00a3e73f28da5e238b81c404502e539d446"}, +{"name":"tzinfo","version":"2.0.5","platform":"ruby","checksum":"c5352fd901544d396745d013f46a04ae2ed081ce806d942099825b7c2b09a167"}, +{"name":"websocket-driver","version":"0.7.5","platform":"java","checksum":"fffa83aa188e9ac90e32a385832ec9d26acdf019538e1c7d703f2c8a323b39c8"}, +{"name":"websocket-driver","version":"0.7.5","platform":"ruby","checksum":"a280c3f44dcbb0323d58bc78dc49350c05d589ab7d13267fcff08d9d5ae76b28"}, +{"name":"websocket-extensions","version":"0.1.5","platform":"ruby","checksum":"1c6ba63092cda343eb53fc657110c71c754c56484aad42578495227d717a8241"}, +{"name":"zeitwerk","version":"2.6.0","platform":"ruby","checksum":"6cb2ee4645c6e597640d6f2d8cc91a59a6699ab38896a5c3fac3eefeb5c84d76"} +] diff --git a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock new file mode 100644 index 00000000000..8f4bb5fa40d --- /dev/null +++ b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/Gemfile.lock @@ -0,0 +1,139 @@ +GEM + remote: https://rubygems.org/ + specs: + actioncable (6.1.6.1) + actionpack (= 6.1.6.1) + activesupport (= 6.1.6.1) + nio4r (~> 2.0) + websocket-driver (>= 0.6.1) + actionmailbox (6.1.6.1) + actionpack (= 6.1.6.1) + activejob (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) + mail (>= 2.7.1) + actionmailer (6.1.6.1) + actionpack (= 6.1.6.1) + actionview (= 6.1.6.1) + activejob (= 6.1.6.1) + activesupport (= 6.1.6.1) + mail (~> 2.5, >= 2.5.4) + rails-dom-testing (~> 2.0) + actionpack (6.1.6.1) + actionview (= 6.1.6.1) + activesupport (= 6.1.6.1) + rack (~> 2.0, >= 2.0.9) + rack-test (>= 0.6.3) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.0, >= 1.2.0) + actiontext (6.1.6.1) + actionpack (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) + nokogiri (>= 1.8.5) + actionview (6.1.6.1) + activesupport (= 6.1.6.1) + builder (~> 3.1) + erubi (~> 1.4) + rails-dom-testing (~> 2.0) + rails-html-sanitizer (~> 1.1, >= 1.2.0) + activejob (6.1.6.1) + activesupport (= 6.1.6.1) + globalid (>= 0.3.6) + activemodel (6.1.6.1) + activesupport (= 6.1.6.1) + activerecord (6.1.6.1) + activemodel (= 6.1.6.1) + activesupport (= 6.1.6.1) + activestorage (6.1.6.1) + actionpack (= 6.1.6.1) + activejob (= 6.1.6.1) + activerecord (= 6.1.6.1) + activesupport (= 6.1.6.1) + marcel (~> 1.0) + mini_mime (>= 1.1.0) + activesupport (6.1.6.1) + concurrent-ruby (~> 1.0, >= 1.0.2) + i18n (>= 1.6, < 2) + minitest (>= 5.1) + tzinfo (~> 2.0) + zeitwerk (~> 2.3) + builder (3.2.4) + concurrent-ruby (1.1.10) + crass (1.0.6) + erubi (1.11.0) + globalid (1.0.0) + activesupport (>= 5.0) + i18n (1.12.0) + concurrent-ruby (~> 1.0) + loofah (2.18.0) + crass (~> 1.0.2) + nokogiri (>= 1.5.9) + mail (2.7.1) + mini_mime (>= 0.1.1) + marcel (1.0.2) + method_source (1.0.0) + mini_mime (1.1.2) + minitest (5.16.2) + nio4r (2.5.8) + nokogiri (1.13.8-arm64-darwin) + racc (~> 1.4) + nokogiri (1.13.8-x86_64-linux) + racc (~> 1.4) + racc (1.6.0) + rack (2.2.4) + rack-test (2.0.2) + rack (>= 1.3) + rails (6.1.6.1) + actioncable (= 6.1.6.1) + actionmailbox (= 6.1.6.1) + actionmailer (= 6.1.6.1) + actionpack (= 6.1.6.1) + actiontext (= 6.1.6.1) + actionview (= 6.1.6.1) + activejob (= 6.1.6.1) + activemodel (= 6.1.6.1) + activerecord (= 6.1.6.1) + activestorage (= 6.1.6.1) + activesupport (= 6.1.6.1) + bundler (>= 1.15.0) + railties (= 6.1.6.1) + sprockets-rails (>= 2.0.0) + rails-dom-testing (2.0.3) + activesupport (>= 4.2.0) + nokogiri (>= 1.6) + rails-html-sanitizer (1.4.3) + loofah (~> 2.3) + railties (6.1.6.1) + actionpack (= 6.1.6.1) + activesupport (= 6.1.6.1) + method_source + rake (>= 12.2) + thor (~> 1.0) + rake (13.0.6) + sprockets (4.1.1) + concurrent-ruby (~> 1.0) + rack (> 1, < 3) + sprockets-rails (3.4.2) + actionpack (>= 5.2) + activesupport (>= 5.2) + sprockets (>= 3.0.0) + thor (1.2.1) + tzinfo (2.0.5) + concurrent-ruby (~> 1.0) + websocket-driver (0.7.5) + websocket-extensions (>= 0.1.0) + websocket-extensions (0.1.5) + zeitwerk (2.6.0) + +PLATFORMS + arm64-darwin-21 + x86_64-linux + +DEPENDENCIES + rails (~> 6.1.6.1) + +BUNDLED WITH + 2.3.19 diff --git a/vendor/gems/bundler-checksum/test/project_with_checksum_lock/scripts/test b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/scripts/test new file mode 100755 index 00000000000..bb256449226 --- /dev/null +++ b/vendor/gems/bundler-checksum/test/project_with_checksum_lock/scripts/test @@ -0,0 +1,15 @@ +#!/bin/sh + +set -x +set -e + +# Check there's no differences after re-initialising +ruby -I ../../lib ../../bin/bundler-checksum init +git diff --exit-code Gemfile.checksum + +# Verify against rubygems.org +ruby -I ../../lib ../../bin/bundler-checksum verify + +# Test installing with bundler-checksum +export BUNDLER_CHECKSUM_VERIFICATION_OPT_IN=1 +bundle install diff --git a/vendor/gems/omniauth-azure-oauth2/Gemfile.lock b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock index 0bd5d401175..d2bbe3e8d2f 100644 --- a/vendor/gems/omniauth-azure-oauth2/Gemfile.lock +++ b/vendor/gems/omniauth-azure-oauth2/Gemfile.lock @@ -3,7 +3,7 @@ PATH specs: omniauth-azure-oauth2 (0.0.10) jwt (>= 1.0, < 3.0) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.4) GEM @@ -19,16 +19,17 @@ GEM multi_xml (0.6.0) mustermann (2.0.2) ruby2_keywords (~> 0.0.1) - oauth2 (2.0.6) + oauth2 (2.0.3) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) multi_xml (~> 0.5) rack (>= 1.2, < 3) rash_alt (>= 0.4, < 1) - version_gem (~> 1.1) - omniauth (1.9.1) + version_gem (~> 1.0) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection omniauth-oauth2 (1.7.3) oauth2 (>= 1.4, < 3) omniauth (>= 1.9, < 3) @@ -70,4 +71,4 @@ DEPENDENCIES sinatra BUNDLED WITH - 2.3.20 + 2.3.21 diff --git a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb index f18babc0619..d71911b9876 100644 --- a/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb +++ b/vendor/gems/omniauth-azure-oauth2/lib/omniauth/strategies/azure_oauth2.rb @@ -59,8 +59,10 @@ module OmniAuth super.merge(resource: azure_resource || options.resource) end + # for compatibility with OmniAuth 2.0 + # see https://github.com/RIPAGlobal/omniauth-azure-activedirectory-v2/pull/6 def callback_url - full_host + script_name + callback_path + full_host + callback_path end def raw_info diff --git a/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec index 6e1bc583881..1299285b945 100644 --- a/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec +++ b/vendor/gems/omniauth-azure-oauth2/omniauth-azure-oauth2.gemspec @@ -15,7 +15,7 @@ Gem::Specification.new do |gem| gem.version = OmniAuth::AzureOauth2::VERSION gem.license = "MIT" - gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3' + gem.add_runtime_dependency 'omniauth', '~> 2.0' gem.add_dependency 'jwt', ['>= 1.0', '< 3.0'] gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.4' diff --git a/vendor/gems/omniauth-cas3/Gemfile.lock b/vendor/gems/omniauth-cas3/Gemfile.lock index 4c59eb05d50..a856e78f00f 100644 --- a/vendor/gems/omniauth-cas3/Gemfile.lock +++ b/vendor/gems/omniauth-cas3/Gemfile.lock @@ -4,29 +4,30 @@ PATH omniauth-cas3 (1.1.4) addressable (~> 2.3) nokogiri (~> 1.7, >= 1.7.1) - omniauth (~> 1.2, < 3) + omniauth (~> 2.0) GEM remote: https://rubygems.org/ specs: - addressable (2.8.0) - public_suffix (>= 2.0.2, < 5.0) + addressable (2.8.1) + public_suffix (>= 2.0.2, < 6.0) awesome_print (1.9.2) crack (0.4.5) rexml diff-lcs (1.5.0) hashdiff (1.0.1) hashie (5.0.0) - mini_portile2 (2.8.0) nokogiri (1.13.7) - mini_portile2 (~> 2.8.0) racc (~> 1.4) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) - public_suffix (4.0.7) + rack (>= 2.2.3) + rack-protection + public_suffix (5.0.0) racc (1.6.0) rack (2.2.4) + rack-protection (2.2.2) + rack rack-test (0.8.3) rack (>= 1.0, < 3) rake (10.5.0) @@ -44,7 +45,7 @@ GEM diff-lcs (>= 1.2.0, < 2.0) rspec-support (~> 3.11.0) rspec-support (3.11.0) - webmock (3.14.0) + webmock (3.18.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -61,4 +62,4 @@ DEPENDENCIES webmock BUNDLED WITH - 2.3.18 + 2.3.21 diff --git a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec index abbcaa268d0..c976d85df99 100644 --- a/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec +++ b/vendor/gems/omniauth-cas3/omniauth-cas3.gemspec @@ -14,7 +14,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = Omniauth::Cas3::VERSION - gem.add_dependency 'omniauth', '~> 1.2', '< 3' + gem.add_dependency 'omniauth', '~> 2.0' gem.add_dependency 'nokogiri', '~> 1.7', '>= 1.7.1' gem.add_dependency 'addressable', '~> 2.3' diff --git a/vendor/gems/omniauth-gitlab/Gemfile.lock b/vendor/gems/omniauth-gitlab/Gemfile.lock index b5979104080..b59ba59b95b 100644 --- a/vendor/gems/omniauth-gitlab/Gemfile.lock +++ b/vendor/gems/omniauth-gitlab/Gemfile.lock @@ -2,7 +2,7 @@ PATH remote: . specs: omniauth-gitlab (4.0.0) - omniauth (~> 1.0) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.7.1) GEM @@ -24,13 +24,16 @@ GEM rack (>= 1.2, < 3) rash_alt (>= 0.4, < 1) version_gem (~> 1.0) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection omniauth-oauth2 (1.7.3) oauth2 (>= 1.4, < 3) omniauth (>= 1.9, < 3) - rack (2.2.3.1) + rack (2.2.4) + rack-protection (2.2.2) + rack rake (13.0.6) rash_alt (0.4.12) hashie (>= 3.4) diff --git a/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec b/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec index be25cb50af6..ca4b8d904f0 100644 --- a/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec +++ b/vendor/gems/omniauth-gitlab/omniauth-gitlab.gemspec @@ -16,7 +16,7 @@ Gem::Specification.new do |gem| gem.test_files = Dir['spec/**/*.rb'] gem.require_paths = ['lib'] - gem.add_dependency 'omniauth', '~> 1.0' + gem.add_dependency 'omniauth', '~> 2.0' gem.add_dependency 'omniauth-oauth2', '~> 1.7.1' gem.add_development_dependency 'rspec', '~> 3.1' gem.add_development_dependency 'rspec-its', '~> 1.0' diff --git a/vendor/gems/omniauth-google-oauth2/CHANGELOG.md b/vendor/gems/omniauth-google-oauth2/CHANGELOG.md index 7d3e1234f2d..5b252048fd6 100644 --- a/vendor/gems/omniauth-google-oauth2/CHANGELOG.md +++ b/vendor/gems/omniauth-google-oauth2/CHANGELOG.md @@ -1,6 +1,106 @@ # Changelog All notable changes to this project will be documented in this file. +## 1.0.1 - 2022-03-10 + +### Added +- Output granted scopes in credentials block of the auth hash. +- Migrated to GitHub actions. + +### Deprecated +- Nothing. + +### Removed +- Nothing. + +### Fixed +- Overriding the `redirect_uri` via params or JSON request body. + +## 1.0.0 - 2021-03-14 + +### Added +- Support for Omniauth 2.x! + +### Deprecated +- Nothing. + +### Removed +- Support for Omniauth 1.x. + +### Fixed +- Nothing. + +## 0.8.2 - 2021-03-14 + +### Added +- Constrains the version to Omniauth 1.x. + +### Deprecated +- Nothing. + +### Removed +- Nothing. + +### Fixed +- Nothing. + +## 0.8.1 - 2020-12-12 + +### Added +- Support reading the access token from a json request body. + +### Deprecated +- Nothing. + +### Removed +- No longer verify the iat claim for JWT. + +### Fixed +- A few minor issues with .rubocop.yml. +- Issues with image resizing code when the image came with size information from Google. + +## 0.8.0 - 2019-08-21 + +### Added +- Updated omniauth-oauth2 to v1.6.0 for security fixes. + +### Deprecated +- Nothing. + +### Removed +- Ruby 2.1 support. + +### Fixed +- Nothing. + +## 0.7.0 - 2019-06-03 + +### Added +- Ensure `info[:email]` is always verified, and include `unverified_email` + +### Deprecated +- Nothing. + +### Removed +- Nothing. + +### Fixed +- Nothing. + +## 0.6.1 - 2019-03-07 + +### Added +- Return `email` and `email_verified` keys in response. + +### Deprecated +- Nothing. + +### Removed +- Nothing. + +### Fixed +- Nothing. + ## 0.6.0 - 2018-12-28 ### Added @@ -12,6 +112,7 @@ All notable changes to this project will be documented in this file. ### Removed - Support for JWT 1.x. - Support for `raw_friend_info` and `raw_image_info`. +- Stop using Google+ API endpoints. ### Fixed - Nothing. diff --git a/vendor/gems/omniauth-google-oauth2/Gemfile.lock b/vendor/gems/omniauth-google-oauth2/Gemfile.lock index a7f71e0a376..6c3f5ff3f68 100644 --- a/vendor/gems/omniauth-google-oauth2/Gemfile.lock +++ b/vendor/gems/omniauth-google-oauth2/Gemfile.lock @@ -1,10 +1,11 @@ PATH remote: . specs: - omniauth-google-oauth2 (0.6.0) + omniauth-google-oauth2 (1.0.1) jwt (>= 2.0) - omniauth (>= 1.9, < 3) - omniauth-oauth2 (>= 1.5) + oauth2 (~> 2.0) + omniauth (~> 2.0) + omniauth-oauth2 (~> 1.7.1) GEM remote: https://rubygems.org/ @@ -25,9 +26,10 @@ GEM rack (>= 1.2, < 3) rash_alt (>= 0.4, < 1) version_gem (~> 1.0) - omniauth (1.9.2) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection omniauth-oauth2 (1.7.3) oauth2 (>= 1.4, < 3) omniauth (>= 1.9, < 3) @@ -35,6 +37,8 @@ GEM parser (3.1.2.0) ast (~> 2.4.1) rack (2.2.4) + rack-protection (2.2.2) + rack rainbow (3.1.1) rake (12.3.3) rash_alt (0.4.12) diff --git a/vendor/gems/omniauth-google-oauth2/README.md b/vendor/gems/omniauth-google-oauth2/README.md index 5d811693a60..80c611392ca 100644 --- a/vendor/gems/omniauth-google-oauth2/README.md +++ b/vendor/gems/omniauth-google-oauth2/README.md @@ -1,5 +1,4 @@ [![Gem Version](https://badge.fury.io/rb/omniauth-google-oauth2.svg)](https://badge.fury.io/rb/omniauth-google-oauth2) -[![Build Status](https://travis-ci.org/zquestz/omniauth-google-oauth2.svg)](https://travis-ci.org/zquestz/omniauth-google-oauth2) # OmniAuth Google OAuth2 Strategy @@ -34,6 +33,7 @@ Here's an example for adding the middleware to a Rails app in `config/initialize Rails.application.config.middleware.use OmniAuth::Builder do provider :google_oauth2, ENV['GOOGLE_CLIENT_ID'], ENV['GOOGLE_CLIENT_SECRET'] end +OmniAuth.config.allowed_request_methods = %i[get] ``` You can now access the OmniAuth Google OAuth2 URL: `/auth/google_oauth2` @@ -54,10 +54,10 @@ You can configure several options, which you pass in to the `provider` method vi * `prompt`: A space-delimited list of string values that determines whether the user is re-prompted for authentication and/or consent. Possible values are: * `none`: No authentication or consent pages will be displayed; it will return an error if the user is not already authenticated and has not pre-configured consent for the requested scopes. This can be used as a method to check for existing authentication and/or consent. - * `consent`: The user will always be prompted for consent, even if he has previously allowed access a given set of scopes. + * `consent`: The user will always be prompted for consent, even if they have previously allowed access a given set of scopes. * `select_account`: The user will always be prompted to select a user account. This allows a user who has multiple current account sessions to select one amongst them. - If no value is specified, the user only sees the authentication page if he is not logged in and only sees the consent page the first time he authorizes a given set of scopes. + If no value is specified, the user only sees the authentication page if they are not logged in and only sees the consent page the first time they authorize a given set of scopes. * `image_aspect_ratio`: The shape of the user's profile picture. Possible values are: * `original`: Picture maintains its original aspect ratio. @@ -73,7 +73,7 @@ You can configure several options, which you pass in to the `provider` method vi * `hd`: (Optional) Limit sign-in to a particular Google Apps hosted domain. This can be simply string `'domain.com'` or an array `%w(domain.com domain.co)`. More information at: https://developers.google.com/accounts/docs/OpenIDConnect#hd-param -* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds. +* `jwt_leeway`: Number of seconds passed to the JWT library as leeway. Defaults to 60 seconds. Note this only works if you use jwt 2.1, as the leeway option was removed in later versions. * `skip_jwt`: Skip JWT processing. This is for users who are seeing JWT decoding errors with the `iat` field. Always try adjusting the leeway before disabling JWT processing. @@ -81,9 +81,11 @@ You can configure several options, which you pass in to the `provider` method vi * `include_granted_scopes`: If this is provided with the value true, and the authorization request is granted, the authorization will include any previous authorizations granted to this user/application combination for other scopes. See Google's [Incremental Authorization](https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth) for additional details. -* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `[:extra][:id_info]` in the authentication hash with the value of the user's OpenID ID URL. +* `openid_realm`: Set the OpenID realm value, to allow upgrading from OpenID based authentication to OAuth 2 based authentication. When this is set correctly an `openid_id` value will be set in `['extra']['id_info']` in the authentication hash with the value of the user's OpenID ID URL. -Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select his account when logging in and the user's profile picture is returned as a thumbnail: +* `provider_ignores_state`: You will need to set this to `true` when using the `One-time Code Flow` below. In this flow there is no server side redirect that would set the state. + +Here's an example of a possible configuration where the strategy name is changed, the user is asked for extra permissions, the user is always prompted to select their account when logging in and the user's profile picture is returned as a thumbnail: ```ruby Rails.application.config.middleware.use OmniAuth::Builder do @@ -176,6 +178,8 @@ devise :omniauthable, omniauth_providers: [:google_oauth2] Then make sure your callbacks controller is setup. ```ruby +# app/controllers/users/omniauth_callbacks_controller.rb: + class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController def google_oauth2 # You need to implement the method below in your model (e.g. app/models/user.rb) @@ -185,7 +189,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController flash[:notice] = I18n.t 'devise.omniauth_callbacks.success', kind: 'Google' sign_in_and_redirect @user, event: :authentication else - session['devise.google_data'] = request.env['omniauth.auth'].except(:extra) # Removing extra as it can overflow some session stores + session['devise.google_data'] = request.env['omniauth.auth'].except('extra') # Removing extra as it can overflow some session stores redirect_to new_user_registration_url, alert: @user.errors.full_messages.join("\n") end end @@ -213,6 +217,10 @@ end For your views you can login using: ```erb +<%# omniauth-google-oauth2 1.0.x uses OmniAuth 2 and requires using HTTP Post to initiate authentication: %> +<%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path, method: :post %> + +<%# omniauth-google-oauth2 prior 1.0.0: %> <%= link_to "Sign in with Google", user_google_oauth2_omniauth_authorize_path %> <%# Devise prior 4.1.0: %> @@ -223,7 +231,7 @@ An overview is available at https://github.com/plataformatec/devise/wiki/OmniAut ### One-time Code Flow (Hybrid Authentication) -Google describes the One-time Code Flow [here](https://developers.google.com/+/web/signin/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow: +Google describes the One-time Code Flow [here](https://developers.google.com/identity/sign-in/web/server-side-flow). This hybrid authentication flow has significant functional and security advantages over a pure server-side or pure client-side flow. The following steps occur in this flow: 1. The client (web browser) authenticates the user directly via Google's JS API. During this process assorted modals may be rendered by Google. 2. On successful authentication, Google returns a one-time use code, which requires the Google client secret (which is only available server-side). @@ -232,7 +240,7 @@ Google describes the One-time Code Flow [here](https://developers.google.com/+/w This flow is immune to replay attacks, and conveys no useful information to a man in the middle. -The omniauth-google-oauth2 gem supports this mode of operation out of the box. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows. +The omniauth-google-oauth2 gem supports this mode of operation when `provider_ignores_state` is set to `true`. Implementors simply need to add the appropriate JavaScript to their web page, and they can take advantage of this flow. An example JavaScript snippet follows. ```javascript // Basic hybrid auth example following the pattern at: @@ -247,7 +255,7 @@ function init() { // Ready. $('.google-login-button').click(function(e) { e.preventDefault(); - + gapi.auth2.authorize({ client_id: 'YOUR_CLIENT_ID', cookie_policy: 'single_host_origin', @@ -260,7 +268,7 @@ function init() { success: function(data) { // response from server } - }); + }); } else { // google authentication failed } @@ -280,6 +288,66 @@ In that case, ensure to send an additional parameter `redirect_uri=` (empty stri If you're making POST requests to `/auth/google_oauth2/callback` from another domain, then you need to make sure `'X-Requested-With': 'XMLHttpRequest'` header is included with your request, otherwise your server might respond with `OAuth2::Error, : Invalid Value` error. +#### Getting around the `redirect_uri_mismatch` error (See [Issue #365](https://github.com/zquestz/omniauth-google-oauth2/issues/365)) + +If you are struggling with a persistent `redirect_uri_mismatch`, you can instead pass the `access_token` from [`getAuthResponse`](https://developers.google.com/identity/sign-in/web/reference#googleusergetauthresponseincludeauthorizationdata) directly to the `auth/google_oauth2/callback` endpoint, like so: + +```javascript +// Initialize the GoogleAuth object +let googleAuth; +gapi.load('client:auth2', async () => { + await gapi.client.init({ scope: '...', client_id: '...' }); + googleAuth = gapi.auth2.getAuthInstance(); +}); + +// Call this when the Google Sign In button is clicked +async function signInGoogle() { + const googleUser = await googleAuth.signIn(); // wait for the user to authorize through the modal + const { access_token } = googleUser.getAuthResponse(); + + const data = new FormData(); + data.append('access_token', access_token); + + const response = await api.post('/auth/google_oauth2/callback', data) + console.log(response); +} +``` + +#### Using Axios +If you're making a GET resquests from another domain using `access_token`. +``` +axios + .get( + 'url(path to your callback}', + { params: { access_token: 'token' } }, + headers.... + ) +``` + +If you're making a POST resquests from another domain using `access_token`. +``` +axios + .post( + 'url(path to your callback}', + { access_token: 'token' }, + headers.... + ) + +--OR-- + +axios + .post( + 'url(path to your callback}', + null, + { + params: { + access_token: 'token' + }, + headers.... + } + ) +``` + ## Fixing Protocol Mismatch for `redirect_uri` in Rails Just set the `full_host` in OmniAuth based on the Rails.env. diff --git a/vendor/gems/omniauth-google-oauth2/examples/Gemfile b/vendor/gems/omniauth-google-oauth2/examples/Gemfile index cd02ff9bf7d..ba019344a67 100644 --- a/vendor/gems/omniauth-google-oauth2/examples/Gemfile +++ b/vendor/gems/omniauth-google-oauth2/examples/Gemfile @@ -2,6 +2,7 @@ source 'https://rubygems.org' -gem 'omniauth-google-oauth2', '~> 0.5' +gem 'omniauth-google-oauth2', '~> 0.8.1' gem 'rubocop' gem 'sinatra', '~> 1.4' +gem 'webrick' diff --git a/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb b/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb index 127b62a9aaf..0a94164d766 100644 --- a/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb +++ b/vendor/gems/omniauth-google-oauth2/examples/omni_auth.rb @@ -10,6 +10,10 @@ Rails.application.config.middleware.use OmniAuth::Builder do # provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile' + # Custom redirect_uri + # + # provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], scope: 'email,profile', redirect_uri: 'https://localhost:3000/redirect' + # Manual setup for offline access with a refresh token. # # provider :google_oauth2, ENV['GOOGLE_KEY'], ENV['GOOGLE_SECRET'], access_type: 'offline' diff --git a/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb b/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb index 565fb5d6642..93ae5e9e990 100644 --- a/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb +++ b/vendor/gems/omniauth-google-oauth2/lib/omniauth/google_oauth2/version.rb @@ -2,6 +2,6 @@ module OmniAuth module GoogleOauth2 - VERSION = '0.6.0' + VERSION = '1.0.1' end end diff --git a/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb b/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb index 62e2d4462e5..4ce32eb80d1 100644 --- a/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb +++ b/vendor/gems/omniauth-google-oauth2/lib/omniauth/strategies/google_oauth2.rb @@ -1,6 +1,7 @@ # frozen_string_literal: true require 'jwt' +require 'oauth2' require 'omniauth/strategies/oauth2' require 'uri' @@ -13,6 +14,7 @@ module OmniAuth BASE_SCOPES = %w[profile email openid].freeze DEFAULT_SCOPE = 'email,profile' USER_INFO_URL = 'https://www.googleapis.com/oauth2/v3/userinfo' + IMAGE_SIZE_REGEXP = /(s\d+(-c)?)|(w\d+-h\d+(-c)?)|(w\d+(-c)?)|(h\d+(-c)?)|c/ option :name, 'google_oauth2' option :skip_friends, true @@ -47,6 +49,8 @@ module OmniAuth prune!( name: raw_info['name'], email: verified_email, + unverified_email: raw_info['email'], + email_verified: raw_info['email_verified'], first_name: raw_info['given_name'], last_name: raw_info['family_name'], image: image_url, @@ -56,6 +60,11 @@ module OmniAuth ) end + credentials do + # Tokens and expiration will be used from OAuth2 strategy credentials block + prune!({ 'scope' => token_info(access_token.token)['scope'] }) + end + extra do hash = {} hash[:id_token] = access_token['id_token'] @@ -72,7 +81,7 @@ module OmniAuth verify_sub: false, verify_expiration: true, verify_not_before: true, - verify_iat: true, + verify_iat: false, verify_jti: false, leeway: options[:jwt_leeway]) @@ -92,31 +101,51 @@ module OmniAuth verify_hd(access_token) access_token end + alias build_access_token custom_build_access_token private def callback_url - options[:redirect_uri] || (full_host + script_name + callback_path) + options[:redirect_uri] || (full_host + callback_path) end def get_access_token(request) - if request.xhr? && request.params['code'] - verifier = request.params['code'] - redirect_uri = request.params['redirect_uri'] || 'postmessage' - client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {})) - elsif request.params['code'] && request.params['redirect_uri'] - verifier = request.params['code'] - redirect_uri = request.params['redirect_uri'] - client.auth_code.get_token(verifier, get_token_options(redirect_uri), deep_symbolize(options.auth_token_params || {})) - elsif verify_token(request.params['access_token']) + verifier = request.params['code'] + redirect_uri = request.params['redirect_uri'] + access_token = request.params['access_token'] + if verifier && request.xhr? + client_get_token(verifier, redirect_uri || 'postmessage') + elsif verifier + client_get_token(verifier, redirect_uri || callback_url) + elsif access_token && verify_token(access_token) ::OAuth2::AccessToken.from_hash(client, request.params.dup) - else - verifier = request.params['code'] - client.auth_code.get_token(verifier, get_token_options(callback_url), deep_symbolize(options.auth_token_params)) + elsif request.content_type =~ /json/i + begin + body = JSON.parse(request.body.read) + request.body.rewind # rewind request body for downstream middlewares + verifier = body && body['code'] + access_token = body && body['access_token'] + redirect_uri ||= body && body['redirect_uri'] + if verifier + client_get_token(verifier, redirect_uri || 'postmessage') + elsif verify_token(access_token) + ::OAuth2::AccessToken.from_hash(client, body.dup) + end + rescue JSON::ParserError => e + warn "[omniauth google-oauth2] JSON parse error=#{e}" + end end end + def client_get_token(verifier, redirect_uri) + client.auth_code.get_token(verifier, get_token_options(redirect_uri), get_token_params) + end + + def get_token_params + deep_symbolize(options.auth_token_params || {}) + end + def get_scope(params) raw_scope = params[:scope] || DEFAULT_SCOPE scope_list = raw_scope.split(' ').map { |item| item.split(',') }.flatten @@ -124,7 +153,11 @@ module OmniAuth scope_list.join(' ') end - def get_token_options(redirect_uri) + def verified_email + raw_info['email_verified'] ? raw_info['email'] : nil + end + + def get_token_options(redirect_uri = '') { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true)) end @@ -135,10 +168,6 @@ module OmniAuth end end - def verified_email - raw_info['email_verified'] ? raw_info['email'] : nil - end - def image_url return nil unless raw_info['picture'] @@ -149,6 +178,10 @@ module OmniAuth if path_index && image_size_opts_passed? u.path.insert(path_index, image_params) u.path = u.path.gsub('//', '/') + + # Check if the image is already sized! + split_path = u.path.split('/') + u.path = u.path.sub("/#{split_path[-3]}", '') if split_path[-3] =~ IMAGE_SIZE_REGEXP end u.query = strip_unnecessary_query_parameters(u.query) @@ -187,12 +220,21 @@ module OmniAuth URI.encode_www_form(stripped_params) end + def token_info(access_token) + return nil unless access_token + + @token_info ||= Hash.new do |h, k| + h[k] = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', params: { access_token: access_token }).parsed + end + + @token_info[access_token] + end + def verify_token(access_token) return false unless access_token - raw_response = client.request(:get, 'https://www.googleapis.com/oauth2/v3/tokeninfo', - params: { access_token: access_token }).parsed - raw_response['aud'] == options.client_id || options.authorized_client_ids.include?(raw_response['aud']) + token_info = token_info(access_token) + token_info['aud'] == options.client_id || options.authorized_client_ids.include?(token_info['aud']) end def verify_hd(access_token) diff --git a/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec b/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec index fb66d7ee282..a50d67bc9a0 100644 --- a/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec +++ b/vendor/gems/omniauth-google-oauth2/omniauth-google-oauth2.gemspec @@ -15,14 +15,15 @@ Gem::Specification.new do |gem| gem.email = ['quest@mac.com'] gem.homepage = 'https://github.com/zquestz/omniauth-google-oauth2' - gem.files = Dir.glob("lib/**/*.*") + gem.files = Dir.glob("lib/**/*.*") gem.require_paths = ['lib'] - gem.required_ruby_version = '>= 2.1' + gem.required_ruby_version = '>= 2.2' gem.add_runtime_dependency 'jwt', '>= 2.0' - gem.add_runtime_dependency 'omniauth', '>= 1.9', '< 3' - gem.add_runtime_dependency 'omniauth-oauth2', '>= 1.5' + gem.add_runtime_dependency 'oauth2', '~> 2.0' + gem.add_runtime_dependency 'omniauth', '~> 2.0' + gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.7.1' gem.add_development_dependency 'rake', '~> 12.0' gem.add_development_dependency 'rspec', '~> 3.6' diff --git a/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb b/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb index 6bc6f6d9e95..3a2bcf07e54 100644 --- a/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb +++ b/vendor/gems/omniauth-google-oauth2/spec/omniauth/strategies/google_oauth2_spec.rb @@ -3,6 +3,7 @@ require 'spec_helper' require 'json' require 'omniauth-google-oauth2' +require 'stringio' describe OmniAuth::Strategies::GoogleOauth2 do let(:request) { double('Request', params: {}, cookies: {}, env: {}) } @@ -177,8 +178,8 @@ describe OmniAuth::Strategies::GoogleOauth2 do describe 'scope' do it 'should expand scope shortcuts' do - @options = { scope: 'plus.me' } - expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/plus.me') + @options = { scope: 'calendar' } + expect(subject.authorize_params['scope']).to eq('https://www.googleapis.com/auth/calendar') end it 'should leave base scopes as is' do @@ -288,14 +289,92 @@ describe OmniAuth::Strategies::GoogleOauth2 do end end - describe '#callback_path' do + describe '#callback_url' do + let(:base_url) { 'https://example.com' } + it 'has the correct default callback path' do - expect(subject.callback_path).to eq('/auth/google_oauth2/callback') + allow(subject).to receive(:full_host) { base_url } + allow(subject).to receive(:script_name) { '' } + expect(subject.send(:callback_url)).to eq(base_url + '/auth/google_oauth2/callback') + end + + it 'should set the callback path with script_name if present' do + allow(subject).to receive(:full_host) { base_url } + allow(subject).to receive(:script_name) { '/v1' } + expect(subject.send(:callback_url)).to eq(base_url + '/v1/auth/google_oauth2/callback') end it 'should set the callback_path parameter if present' do @options = { callback_path: '/auth/foo/callback' } - expect(subject.callback_path).to eq('/auth/foo/callback') + allow(subject).to receive(:full_host) { base_url } + allow(subject).to receive(:script_name) { '' } + expect(subject.send(:callback_url)).to eq(base_url + '/auth/foo/callback') + end + end + + describe '#info' do + let(:client) do + OAuth2::Client.new('abc', 'def') do |builder| + builder.request :url_encoded + builder.adapter :test do |stub| + stub.get('/oauth2/v3/userinfo') { [200, { 'content-type' => 'application/json' }, response_hash.to_json] } + end + end + end + let(:access_token) { OAuth2::AccessToken.from_hash(client, {}) } + before { allow(subject).to receive(:access_token).and_return(access_token) } + + context 'with verified email' do + let(:response_hash) do + { email: 'something@domain.invalid', email_verified: true } + end + + it 'should return equal email and unverified_email' do + expect(subject.info[:email]).to eq('something@domain.invalid') + expect(subject.info[:unverified_email]).to eq('something@domain.invalid') + end + end + + context 'with unverified email' do + let(:response_hash) do + { email: 'something@domain.invalid', email_verified: false } + end + + it 'should return nil email, and correct unverified email' do + expect(subject.info[:email]).to eq(nil) + expect(subject.info[:unverified_email]).to eq('something@domain.invalid') + end + end + end + + describe '#credentials' do + let(:client) { OAuth2::Client.new('abc', 'def') } + let(:access_token) { OAuth2::AccessToken.from_hash(client, access_token: 'valid_access_token', expires_at: 123_456_789, refresh_token: 'valid_refresh_token') } + before(:each) do + allow(subject).to receive(:access_token).and_return(access_token) + subject.options.client_options[:connection_build] = proc do |builder| + builder.request :url_encoded + builder.adapter :test do |stub| + stub.get('/oauth2/v3/tokeninfo?access_token=valid_access_token') do + [200, { 'Content-Type' => 'application/json; charset=UTF-8' }, JSON.dump( + aud: '000000000000.apps.googleusercontent.com', + sub: '123456789', + scope: 'profile email' + )] + end + end + end + end + + it 'should return access token and (optionally) refresh token' do + expect(subject.credentials.to_h).to \ + match(hash_including( + 'token' => 'valid_access_token', + 'refresh_token' => 'valid_refresh_token', + 'scope' => 'profile email', + 'expires_at' => 123_456_789, + 'expires' => true + )) end end @@ -313,7 +392,7 @@ describe OmniAuth::Strategies::GoogleOauth2 do before { allow(subject).to receive(:access_token).and_return(access_token) } describe 'id_token' do - shared_examples 'id_token issued by valid issuer' do |issuer| # rubocop:disable Metrics/BlockLength + shared_examples 'id_token issued by valid issuer' do |issuer| context 'when the id_token is passed into the access token' do let(:token_info) do { @@ -426,6 +505,12 @@ describe OmniAuth::Strategies::GoogleOauth2 do expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50/photo.jpg') end + it 'should return the image with size specified in the `image_size` option when sizing is in the picture' do + @options = { image_size: 50 } + allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh4.googleusercontent.com/url/s96-c/photo.jpg' } } + expect(subject.info[:image]).to eq('https://lh4.googleusercontent.com/url/s50/photo.jpg') + end + it 'should handle a picture with too many slashes correctly' do @options = { image_size: 50 } allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url//photo.jpg' } } @@ -456,24 +541,48 @@ describe OmniAuth::Strategies::GoogleOauth2 do expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg') end + it 'should return the image with width and height specified in the `image_size` option when sizing is in the picture' do + @options = { image_size: { width: 50, height: 40 } } + allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80-c/photo.jpg' } } + expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40/photo.jpg') + end + it 'should return square image when `image_aspect_ratio` is specified' do @options = { image_aspect_ratio: 'square' } allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } } expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg') end + it 'should return square image when `image_aspect_ratio` is specified and sizing is in the picture' do + @options = { image_aspect_ratio: 'square' } + allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/c/photo.jpg' } } + expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/c/photo.jpg') + end + it 'should return square sized image when `image_aspect_ratio` and `image_size` is set' do @options = { image_aspect_ratio: 'square', image_size: 50 } allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } } expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg') end + it 'should return square sized image when `image_aspect_ratio` and `image_size` is set and sizing is in the picture' do + @options = { image_aspect_ratio: 'square', image_size: 50 } + allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/s90/photo.jpg' } } + expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/s50-c/photo.jpg') + end + it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width' do @options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } } allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photo.jpg' } } expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg') end + it 'should return square sized image when `image_aspect_ratio` and `image_size` has height and width and sizing is in the picture' do + @options = { image_aspect_ratio: 'square', image_size: { width: 50, height: 40 } } + allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/w100-h80/photo.jpg' } } + expect(subject.info[:image]).to eq('https://lh3.googleusercontent.com/url/w50-h40-c/photo.jpg') + end + it 'should return original image if image url does not end in `photo.jpg`' do @options = { image_size: 50 } allow(subject).to receive(:raw_info) { { 'picture' => 'https://lh3.googleusercontent.com/url/photograph.jpg' } } @@ -547,9 +656,58 @@ describe OmniAuth::Strategies::GoogleOauth2 do expect(token.client).to eq(:client) end + it 'reads the code from a json request body' do + body = StringIO.new(%({"code":"json_access_token"})) + client = double(:client) + auth_code = double(:auth_code) + + allow(request).to receive(:xhr?).and_return(false) + allow(request).to receive(:content_type).and_return('application/json') + allow(request).to receive(:body).and_return(body) + allow(client).to receive(:auth_code).and_return(auth_code) + expect(subject).to receive(:client).and_return(client) + + expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'postmessage' }, {}) + + subject.build_access_token + end + + it 'reads the redirect uri from a json request body' do + body = StringIO.new(%({"code":"json_access_token", "redirect_uri":"sample"})) + client = double(:client) + auth_code = double(:auth_code) + + allow(request).to receive(:xhr?).and_return(false) + allow(request).to receive(:content_type).and_return('application/json') + allow(request).to receive(:body).and_return(body) + allow(client).to receive(:auth_code).and_return(auth_code) + expect(subject).to receive(:client).and_return(client) + + expect(auth_code).to receive(:get_token).with('json_access_token', { redirect_uri: 'sample' }, {}) + + subject.build_access_token + end + + it 'reads the access token from a json request body' do + body = StringIO.new(%({"access_token":"valid_access_token"})) + + allow(request).to receive(:xhr?).and_return(false) + allow(request).to receive(:content_type).and_return('application/json') + allow(request).to receive(:body).and_return(body) + expect(subject).to receive(:client).and_return(:client) + + expect(subject).to receive(:verify_token).with('valid_access_token').and_return true + + token = subject.build_access_token + expect(token).to be_instance_of(::OAuth2::AccessToken) + expect(token.token).to eq('valid_access_token') + expect(token.client).to eq(:client) + end + it 'should use callback_url without query_string if this is not an AJAX request' do allow(request).to receive(:xhr?).and_return(false) allow(request).to receive(:params).and_return('code' => 'valid_code') + allow(request).to receive(:content_type).and_return('application/x-www-form-urlencoded') client = double(:client) auth_code = double(:auth_code) diff --git a/vendor/gems/omniauth-salesforce/Gemfile.lock b/vendor/gems/omniauth-salesforce/Gemfile.lock index 0eb983bcd76..0317b16dd9f 100644 --- a/vendor/gems/omniauth-salesforce/Gemfile.lock +++ b/vendor/gems/omniauth-salesforce/Gemfile.lock @@ -2,7 +2,7 @@ PATH remote: . specs: omniauth-salesforce (1.0.5) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) omniauth-oauth2 (~> 1.0) GEM @@ -53,16 +53,17 @@ GEM notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - oauth2 (2.0.7) + oauth2 (2.0.3) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) multi_xml (~> 0.5) rack (>= 1.2, < 3) rash_alt (>= 0.4, < 1) - version_gem (~> 1.1) - omniauth (1.9.2) + version_gem (~> 1.0) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection omniauth-oauth2 (1.7.3) oauth2 (>= 1.4, < 3) omniauth (>= 1.9, < 3) @@ -71,6 +72,8 @@ GEM method_source (~> 1.0) public_suffix (5.0.0) rack (2.2.4) + rack-protection (2.2.2) + rack rack-test (2.0.2) rack (>= 1.3) rash_alt (0.4.12) @@ -118,4 +121,4 @@ DEPENDENCIES webmock BUNDLED WITH - 2.3.20 + 2.3.21 diff --git a/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec b/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec index 0b9cfbd73ff..9c87746e9fd 100755 --- a/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec +++ b/vendor/gems/omniauth-salesforce/omniauth-salesforce.gemspec @@ -15,7 +15,7 @@ Gem::Specification.new do |gem| gem.version = OmniAuth::Salesforce::VERSION gem.license = "MIT" - gem.add_dependency 'omniauth', '~> 1.0', '< 3' + gem.add_dependency 'omniauth', '~> 2.0' gem.add_dependency 'omniauth-oauth2', '~> 1.0' gem.add_development_dependency 'rspec', '~> 2.7' gem.add_development_dependency 'rack-test' diff --git a/vendor/gems/omniauth_crowd/Gemfile.lock b/vendor/gems/omniauth_crowd/Gemfile.lock index 56c9bd4cc7e..43518582535 100644 --- a/vendor/gems/omniauth_crowd/Gemfile.lock +++ b/vendor/gems/omniauth_crowd/Gemfile.lock @@ -4,7 +4,7 @@ PATH omniauth_crowd (2.4.0) activesupport nokogiri (>= 1.4.4) - omniauth (~> 1.0, < 3) + omniauth (~> 2.0) GEM remote: http://rubygems.org/ @@ -29,12 +29,15 @@ GEM nokogiri (1.13.8) mini_portile2 (~> 2.8.0) racc (~> 1.4) - omniauth (1.9.1) + omniauth (2.1.0) hashie (>= 3.4.6) - rack (>= 1.6.2, < 3) + rack (>= 2.2.3) + rack-protection public_suffix (4.0.7) racc (1.6.0) rack (2.2.4) + rack-protection (2.2.2) + rack rack-test (2.0.2) rack (>= 1.3) rake (13.0.6) diff --git a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec index 1707c7f3f10..dcbf403419f 100644 --- a/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec +++ b/vendor/gems/omniauth_crowd/omniauth_crowd.gemspec @@ -15,7 +15,7 @@ Gem::Specification.new do |gem| gem.require_paths = ["lib"] gem.version = OmniAuth::Crowd::VERSION - gem.add_runtime_dependency 'omniauth', '~> 1.0', '< 3' + gem.add_runtime_dependency 'omniauth', '~> 2.0' gem.add_runtime_dependency 'nokogiri', '>= 1.4.4' gem.add_runtime_dependency 'activesupport', '>= 0' gem.add_development_dependency(%q, [">= 0"])