diff --git a/config/locales/en.yml b/config/locales/en.yml index 5aac76cf14..a63917aebe 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -3095,8 +3095,11 @@ en: errors: messages: # Common error messages - invalid_request: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.' - invalid_redirect_uri: "The requested redirect URI is malformed or doesn't match client redirect URI." + invalid_request: + unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.' + missing_param: 'Missing required parameter: %{value}.' + request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.' + invalid_redirect_uri: "The requested redirect uri is malformed or doesn't match client redirect URI." unauthorized_client: 'The client is not authorized to perform this request using this method.' access_denied: 'The resource owner or authorization server denied the request.' invalid_scope: 'The requested scope is invalid, unknown, or malformed.' @@ -3111,6 +3114,7 @@ en: # Access grant errors unsupported_response_type: 'The authorization server does not support this response type.' + unsupported_response_mode: 'The authorization server does not support this response mode.' # Access token errors invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.' @@ -3121,6 +3125,11 @@ en: revoked: "The access token was revoked" expired: "The access token expired" unknown: "The access token is invalid" + revoke: + unauthorized: "You are not authorized to revoke this token." + + forbidden_token: + missing_scope: 'Access to this resource requires scope "%{oauth_scopes}".' unsupported_browser: title: "Your browser is outdated and unsupported." diff --git a/docs/development/contribution-documentation/documentation-style-guide/README.md b/docs/development/contribution-documentation/documentation-style-guide/README.md index ace36bfc8b..2d8b659766 100644 --- a/docs/development/contribution-documentation/documentation-style-guide/README.md +++ b/docs/development/contribution-documentation/documentation-style-guide/README.md @@ -59,16 +59,28 @@ Find an overview of content per folder here: Please respect the following when working with directories and files: -1. When you create a new topic, i.e. a new documentation page, always create a new folder and a new README.md file in that folder. -2. Do not use special characters and spaces, or capital letters in file names, directory names, branch names and anything that generates a path. +1. When you create a new topic, i.e. a new documentation page, always create a new folder with a **lowercase name** and a new **README.md** file in that folder. -3. When creating a file or directory and it has more than one word in its name, use underscores (`_`) instead of spaces or dashes. For example use open_details-view_work_packages.png. This applies to both image files and Markdown files. + Example: `new-feature/README.md` -4. For image files, do not exceed 200KB. +2. Use **lowercase latin characters and numbers**. + + Do not use special characters, umlauts and spaces, or capital letters in file names, directory names, branch names and anything that generates a path. + +3. Use **no spaces** + + When creating a directory and it has more than one word in its name, use dashes (`-`) instead of spaces. + + Example: `new-feature` + + When creating a file and it has more than one word in its name, use dashes (`-`) or underscores (`_`) instead of spaces. + + Example: `open_details-view_work_packages.png` + + Only exception is the markdown file which always needs to be named **README.md** If you are unsure where to place a document or a content addition, this should not stop you from authoring and contributing. Use your best judgment, and then add a comment to your pull request. - ## No duplication of information @@ -391,7 +403,7 @@ When you take screenshots: ### Save images -- Save the image with a file name that describes the image. Use lower cases. +- Save the image with a file name that describes the image. Use lower cases and no spaces (see [file names requirements](#directory-and-file-names)). - Make sure to not exceed the maximum image size of 200KB. @@ -403,7 +415,7 @@ When you take screenshots: ### Add the image link to content -The Markdown code for including an image in a document is: `![Image description which will be the alt tag](img/document_image_title_vX_Y.png)` +The Markdown code for including an image in a document is: `![Image description which will be the alt tag](document_image_title_v_x_y.png)` The image description is the alt text for the rendered image on the documentation page. For accessibility and SEO, use descriptions that are short and precise. diff --git a/docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md b/docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md index a5629ae16d..219b8d0ba8 100644 --- a/docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md +++ b/docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md @@ -20,7 +20,7 @@ Please have a look at [this instruction](../manage-cloud-subscription/). ## Does OpenProject comply with GDPR? -The protection of personal data is for OpenProject more than just a legal requirement. We are highly committed to data security and privacy. We are a company based in Berlin, the European Union, and the awareness and importance for data security and privacy actions have always been a major topic for us. OpenProject complies with GDPR and we handle our customer’s data with care. Get more detailed information [here](https://www.openproject.org/security-and-privacy/). +Yes. The protection of personal data is for OpenProject more than just a legal requirement. We are highly committed to data security and privacy. We are a company based in Berlin, the European Union, and the awareness and importance for data security and privacy actions have always been a major topic for us. OpenProject complies with GDPR and we handle our customer’s data with care. Get more detailed information [here](https://www.openproject.org/security-and-privacy/). ## Is the Enterprise cloud certified? @@ -32,6 +32,8 @@ For more information please visit the [information regarding security measures]( The OpenProject Enterprise cloud environment is hosted on a logically isolated virtual cloud at Amazon Web Services with all services being located in Ireland. AWS is a GDPR compliant cloud infrastructure provider with extensive security and compliance programs as well as unparalleled access control mechanisms to ensure data privacy. Employed facilities are compliant with the ISO 27001 and 27018 standards. OpenProject Enterprise cloud environment is continuously backing up user data with data at rest being fully encrypted with AES-256. Each individual's instance is logically separated and data is persisted in a unique database schema, reducing the risk of intersection or data leaks between instances. You can find more information [here](https://www.openproject.org/security-and-privacy/). +We also offer hosting in a German data center on request. Please [contact us](../../../../contact-us/) if you are interested. + ## Can I get a custom domain name instead of example.openproject.com? @@ -60,8 +62,7 @@ Access to the database (including the PostgreSQL tables) is restricted for the E ## Can I use LDAP authentican in my Enterprise cloud environment? -You can use [LDAP authentication](../../../system-admin-guide/authentication/ldap-authentication/) in your -cloud environment. **However**, usually LDAP servers will _not_ be exposed to the internet, which they have to be for this to work. +You can use [LDAP authentication](../../../system-admin-guide/authentication/ldap-authentication/) in your cloud environment. **However**, usually LDAP servers will _not_ be exposed to the internet, which they have to be for this to work. Whitelisting IPs is no option since the OpenProject servers' IPs are not permanent and can change without notice. Moreover we do not have a mechanism to list all IP addresses currently in use. diff --git a/docs/enterprise-guide/enterprise-on-premises-guide/enterprise-on-premises-faq/README.md b/docs/enterprise-guide/enterprise-on-premises-guide/enterprise-on-premises-faq/README.md index 22f5ff9361..d49e513458 100644 --- a/docs/enterprise-guide/enterprise-on-premises-guide/enterprise-on-premises-faq/README.md +++ b/docs/enterprise-guide/enterprise-on-premises-guide/enterprise-on-premises-faq/README.md @@ -11,7 +11,7 @@ keywords: Enterprise on-premises FAQ, enterprise edition, self-hosted # Frequently asked questions (FAQ) for Enterprise on-premises -## How can I upgrade to the OpenProject Enterprise on-premises edition? +## How can I upgrade from the Community to the Enterprise on-premises edition? The Enterprise on-premises edition is an upgrade of the self-hosted Community Edition. When you are already using the Community Edition, you can purchase an Enterprise on-premises edition license to upgrade to the Enterprise on-premises edition. To do this, follow these steps: @@ -19,9 +19,7 @@ The Enterprise on-premises edition is an upgrade of the self-hosted Community Ed 2. Click on the "Book now" button. 3. Follow the steps to purchase the Enterprise on-premises edition license. You will then receive an Enterprise on-premises edition license key by email which you can use to upgrade your Community Edition to the Enterprise on-premises edition. -If you prefer to test the Enterprise on-premises edition before purchasing, you can request a 14 day trial license from within your system (*Administration -> Enterprise Edition*). Simply click on the green **Start free trial** button to receive a 14 day trial license. If you like the premium features and want to continue, you can easily book the Enterprise on-premises version via the Enterprise Edition menu in the Administration. Otherwise, you will automatically be downgraded to the Community Edition. - -You will keep your data during the whole process. +If you prefer to test the Enterprise on-premises edition before purchasing, you can request a 14 day trial license from within your system (*Administration -> Enterprise Edition*). Simply click on the green **Start free trial** button to receive a 14 day trial license. If you want to continue, you can navigate to our [pricing page](../../../../pricing/) and choose a plan. Otherwise, you will automatically be downgraded to the Community edition. There is no need to cancel the trial. Find more information [here](https://www.openproject.org/blog/enterprise-edition-upgrade-test-free/). @@ -29,7 +27,7 @@ Find more information [here](https://www.openproject.org/blog/enterprise-edition Please use the link "Manage subscription" in the email you received confirming your subscription or contact sales@openproject.com. -## Is it possible to only upgrade *some* users to the Enterprise Edition? +## Is it possible to only upgrade *some* users to the Enterprise edition? This is not possible, as the Premium features affect the whole OpenProject instance and not the individual users. @@ -41,13 +39,25 @@ The Enterprise token is sent to the email address used to create the subscriptio Yes, for Enterprise on-premises and for Community Edition you will have to choose your own domain name during [initial configuration](../../../installation-and-operations/installation/packaged/#initial-configuration) after installing OpenProject. +## Are also the premium features open source? + +Yes, all features, also the premium features, are developed under the GPL v3. + +## Why do you not offer all features for free? + +The developers of OpenProject love this project. And they love open source development. They work hard to build powerful new features and fix bugs with every release. However, they also need to pay rent, taxes, health insurance and so on. To be able to work on OpenProject and keep the speed, they need funding. + ## How can I change my payment details (e.g. new credit card)? Please use the link "Manage subscription" in the first email you received from our system. Alternatively, please contact support via email. -## How can I downgrade from Enterprise Edition to Community Edition? +## How can I downgrade from Enterprise on-premises to Community edition? + +To downgrade to the Community edition you will simply need to cancel the paid Enterprise plan. As soon as the subscription terminates, you will automatically switch back to the Community version. Please note that you will not be able to use the premium features anymore and you will not be eligible for support. As soon as your subscription or your trial ends you will automatically be downgraded to the Community Edition. + +## Can I migrate from the hosted Enterprise cloud edition to a self-hosted Community or Enterprise on-premises edition? -You don't have to do anything. Just don't renew your subscription. As soon as your subscription or your trial ends you will automatically be downgraded to the Community Edition. You can keep your data. +Yes. If you want to switch from a hosted version of OpenProject (Enterprise cloud edition) to a self-hosted version (Community edition or Enterprise on-premises) we can provide you a full dump of your data. Since this requires manual effort for us, we may charge for this service . Please [contact us](../../../../contct-us/) to get a quotation. ## I can't login via SSO to update my Enterprise on-premises token. What do I do? diff --git a/docs/system-admin-guide/authentication/openid-providers/README.md b/docs/system-admin-guide/authentication/openid-providers/README.md index fd494e3cf5..cbca94c73f 100644 --- a/docs/system-admin-guide/authentication/openid-providers/README.md +++ b/docs/system-admin-guide/authentication/openid-providers/README.md @@ -24,7 +24,84 @@ You can configure the following options. 4. Enter the **Secret**. 5. Press the blue **create** button. -![Sys-admin-authentication-add-openid-provider](Sys-admin-authentication-add-openid-provider.png) + + + + +## Google Workspace + + + +### Step 1: Create the OAuth consent screen + +1. Navigate to your GCP console. (https://console.cloud.google.com/) +2. Go to **APIs & Services** > OAuth consent screen. + +![g1-apis-and-services-oauth-consent-screen](g1-apis-and-services-oauth-consent-screen.png) + + + +3. Create a new project and a new app or edit an existing project and an existing app, setting the following fields (shall be Internal): + 1. **App name** (e.g. EXAMPLE.COM SSO) + 2. **User support email** (e.g. user-support@example.com) + 3. **App domains** (at minimum, you must provide the Application home page - e.g. https://example.openproject.com) + 4. **Authorized domains** (e.g. openproject.com) + 5. **Developer Contact information** (e.g. developer@example.com) + 6. Click **SAVE AND CONTINUE** to proceed. + +![g2-edit-app-registration](g2-edit-app-registration.png) + +4. **Scopes** - Press **SAVE AND CONTINUE** +5. **Summary** - Press **SAVE AND CONTINUE** + + + +### Step 2: Create the OAuth Client + +1. Under **APIs & Services**, go to **Credentials**. + +![g3-apis-and-services-credentials](g3-apis-and-services-credentials.png) + +2. Click **Create Credentials** and select **OAuth Client ID**. + + 1. When prompted for your **Application type**, choose **Web Application**. + + 2. Provide a **Name** for your application. (e.g. example-openproject-com) + + 3. Under Authorized redirect URIs, click **Add URI**, and provide your URI (e.g. [example.openproject.com]/auth/google/callback). + + 4. Click **CREATE** or **SAVE** . + +![g4-create-credentials-oauth-client-id](g4-create-credentials-oauth-client-id.png) + +After pressing **CREATE** you will get a pop-up window like the following + +- Note **Client ID** +- Note **Client Secret** + +![g5-oauth-client-created](g5-oauth-client-created.png) + + + +### Step 3: Add Google as an OpenID Provider to OpenProject + +1. Login as Open Project Administrator +2. navigate to -> *Administration* -> *Authentication* and choose -> *OpenID providers*. + 1. **Name** Choose Google + 2. **Display Name** (e.g. **EXAMPLE.COM SSO**) + 3. **Identifier** (**Client ID** from step 2) + 4. **Secret** (**Client Secret** from step 2) +3. Press **Create** + +![g6-add-new-openid-provider-google](g6-add-new-openid-provider-google.png) + +4. The following green notification **Successful creation** should appear + +![g7-successful-creation-google](g7-successful-creation-google.png) + + + + ## Azure Active Directory diff --git a/docs/system-admin-guide/authentication/openid-providers/Sys-admin-authentication-add-openid-provider.png b/docs/system-admin-guide/authentication/openid-providers/Sys-admin-authentication-add-openid-provider.png deleted file mode 100644 index 72384c6349..0000000000 Binary files a/docs/system-admin-guide/authentication/openid-providers/Sys-admin-authentication-add-openid-provider.png and /dev/null differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g1-apis-and-services-oauth-consent-screen.png b/docs/system-admin-guide/authentication/openid-providers/g1-apis-and-services-oauth-consent-screen.png new file mode 100644 index 0000000000..2f9b25c109 Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g1-apis-and-services-oauth-consent-screen.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g2-edit-app-registration.png b/docs/system-admin-guide/authentication/openid-providers/g2-edit-app-registration.png new file mode 100644 index 0000000000..f5a1c028d4 Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g2-edit-app-registration.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g3-apis-and-services-credentials.png b/docs/system-admin-guide/authentication/openid-providers/g3-apis-and-services-credentials.png new file mode 100644 index 0000000000..7c288da32f Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g3-apis-and-services-credentials.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g4-create-credentials-oauth-client-id.png b/docs/system-admin-guide/authentication/openid-providers/g4-create-credentials-oauth-client-id.png new file mode 100644 index 0000000000..94592efd06 Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g4-create-credentials-oauth-client-id.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g5-oauth-client-created.png b/docs/system-admin-guide/authentication/openid-providers/g5-oauth-client-created.png new file mode 100644 index 0000000000..89466bd740 Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g5-oauth-client-created.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g6-add-new-openid-provider-google.png b/docs/system-admin-guide/authentication/openid-providers/g6-add-new-openid-provider-google.png new file mode 100644 index 0000000000..09c616fedf Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g6-add-new-openid-provider-google.png differ diff --git a/docs/system-admin-guide/authentication/openid-providers/g7-successful-creation-google.png b/docs/system-admin-guide/authentication/openid-providers/g7-successful-creation-google.png new file mode 100644 index 0000000000..c9eaef80df Binary files /dev/null and b/docs/system-admin-guide/authentication/openid-providers/g7-successful-creation-google.png differ diff --git a/frontend/src/app/features/boards/board/add-list-modal/add-list-modal.component.ts b/frontend/src/app/features/boards/board/add-list-modal/add-list-modal.component.ts index 854b7b2658..571224dc99 100644 --- a/frontend/src/app/features/boards/board/add-list-modal/add-list-modal.component.ts +++ b/frontend/src/app/features/boards/board/add-list-modal/add-list-modal.component.ts @@ -56,7 +56,7 @@ export class AddListModalComponent extends OpModalComponent implements OnInit { getAutocompleterData = (searchTerm:string):Observable => { // Remove prefix # from search searchTerm = searchTerm.replace(/^#/, ''); - return this.actionService.loadAvailable( this.active, searchTerm) + return this.actionService.loadAvailable(this.active, searchTerm) .pipe(tap((values) => (this.warnIfNoOptions(values)))); }; diff --git a/frontend/src/app/features/boards/board/board-actions/subtasks/board-subtasks-action.service.ts b/frontend/src/app/features/boards/board/board-actions/subtasks/board-subtasks-action.service.ts index 87dd5d15a6..6fc92752d7 100644 --- a/frontend/src/app/features/boards/board/board-actions/subtasks/board-subtasks-action.service.ts +++ b/frontend/src/app/features/boards/board/board-actions/subtasks/board-subtasks-action.service.ts @@ -59,7 +59,7 @@ export class BoardSubtasksActionService extends BoardActionService { return this .apiV3Service .work_packages - .filtered(filters) + .filtered(filters, { pageSize: '-1' }) .get() .pipe( map((collection) => collection.elements), diff --git a/frontend/src/app/features/user-preferences/notifications-settings/inline-create/notification-setting-inline-create.component.ts b/frontend/src/app/features/user-preferences/notifications-settings/inline-create/notification-setting-inline-create.component.ts index 7c62cc0b1c..d158ff4a80 100644 --- a/frontend/src/app/features/user-preferences/notifications-settings/inline-create/notification-setting-inline-create.component.ts +++ b/frontend/src/app/features/user-preferences/notifications-settings/inline-create/notification-setting-inline-create.component.ts @@ -70,7 +70,7 @@ export class NotificationSettingInlineCreateComponent { return this .apiV3Service .projects - .filtered(filters) + .filtered(filters, { pageSize: '-1' }) .get() .pipe( map((collection) => collection.elements.map((project) => ({ diff --git a/frontend/src/app/shared/components/autocompleter/op-autocompleter/op-autocompleter.component.ts b/frontend/src/app/shared/components/autocompleter/op-autocompleter/op-autocompleter.component.ts index 1dda18576e..d4af895a86 100644 --- a/frontend/src/app/shared/components/autocompleter/op-autocompleter/op-autocompleter.component.ts +++ b/frontend/src/app/shared/components/autocompleter/op-autocompleter/op-autocompleter.component.ts @@ -302,10 +302,9 @@ export class OpAutocompleterComponent extends UntilDestroyedMixin implements Aft public opened(_:unknown) { // eslint-disable-line no-unused-vars if (this.openDirectly) { - this.results$ = this.defaultData - ? (this.opAutocompleterService.loadData('', this.resource, this.filters, this.searchKey)) - : (this.getOptionsFn('')); + this.typeahead.next(''); } + this.repositionDropdown(); this.open.emit(); } diff --git a/lib/api/utilities/page_size_helper.rb b/lib/api/utilities/page_size_helper.rb index 6a1cd64a02..385edb93c4 100644 --- a/lib/api/utilities/page_size_helper.rb +++ b/lib/api/utilities/page_size_helper.rb @@ -49,7 +49,10 @@ module API # * the minimum of the per page options specified in the settings # * the maximum page size def resulting_page_size(value, relation = nil) - [value || relation&.base_class&.per_page || Setting.per_page_options_array.min, maximum_page_size] + [ + resolve_page_size(value) || relation&.base_class&.per_page || Setting.per_page_options_array.min, + maximum_page_size + ] .map(&:to_i) .min end diff --git a/spec/lib/api/v3/work_packages/work_package_collection_representer_spec.rb b/spec/lib/api/v3/work_packages/work_package_collection_representer_spec.rb index 101a6a23e4..166f2383b8 100644 --- a/spec/lib/api/v3/work_packages/work_package_collection_representer_spec.rb +++ b/spec/lib/api/v3/work_packages/work_package_collection_representer_spec.rb @@ -350,6 +350,18 @@ describe ::API::V3::WorkPackages::WorkPackageCollectionRepresenter do end end + + context 'with a magic page size' do + let(:page_size_parameter) { -1 } + + it_behaves_like 'offset-paginated APIv3 collection' do + let(:page) { 1 } + let(:page_size) { Setting.apiv3_max_page_size } + let(:actual_count) { 5 } + let(:collection_type) { 'WorkPackageCollection' } + end + end + context 'with a limited page size' do let(:page_size_parameter) { 2 }