openproject

Commit Graph

Author	SHA1	Message	Date
Oliver Günther	31b2862b94	[24365] Allow controllers to specify redirect-safe params	8 years ago
Jens Ulferts	5c73efc616	rely on url_for to fill in request's parameters on session timeout back url	8 years ago
Jens Ulferts	daa2d07e4b	rely on url_for to fill in request's parameters on back url	8 years ago
Oliver Günther	8c42f5ae35	Fix invalid find_project_by_project_id	8 years ago
Oliver Günther	7994631440	Use unreleased version of friendly_id and fix project finder	8 years ago
Oliver Günther	fe0e8dd919	Rename before_filter to before_action	8 years ago
Oliver Günther	638e8ca735	Build simple service to initialize setting on login	8 years ago
Jens Ulferts	ab93799c8b	improve menu performance by rendering to existing controller	8 years ago
Jens Ulferts	8c827bbbec	remove costly eager loading	8 years ago
Oliver Günther	638340e7b6	Fix rubocop issues	9 years ago
Cyril Rohr	1b29d8ec92	Move email settings out of the YAMl configuration file, and into the Settings page	9 years ago
Markus Kahl	6827c832f6	make available standard I18n's #t	9 years ago
Oliver Günther	fb4bf739d9	Allow the configuration to disable APIv2 basic auth	9 years ago
Oliver Günther	82eb512450	Make session name configurable	9 years ago
Oliver Günther	c7e410ef11	Warn users when OP cookie is missing When a user has disabled cookies, trying to log in to the application will result in a 422 error due to CSRF validation trying to use the session in Rails 4+. This commit introduces a separate warning when the OpenProject cookie was not found, which should always be present after the first request to the application.	9 years ago
Jens Ulferts	be21a7a504	update error message for bulk operations across multiple projects	9 years ago
Oliver Günther	a6b4372b09	Always preprocess URLs with CGI.unescape This forces redirect URLs to always pass through the escaping process, in order to process escaped paths (`/mysubdir/%2E%2E/secret/`).	9 years ago
Oliver Günther	fcd450af3f	Fix redirect vulnerability `redirect_back_or_default` was vulnerable to some of the URLs found to be vulnerable in redmine, such as `@test.foo`. This commit extracts the whole functionality into a policy and alters the constraints with a path check to avoid these cases. Thanks to @marutosi for pointing this out. http://www.redmine.org/projects/redmine/repository/revisions/14560	9 years ago
Oliver Günther	6eeea9d1da	Avoid mutator sort on relations https://github.com/rails/rails/pull/13314 removed mutator methods (e.g., `Array#sort!`) from relations. This commit enforces either an ordering on the query itself where applicable, or uses a non-mutator sort.	9 years ago
Jens Ulferts	6e01b27f18	rename service's method to be in accordance with proc	9 years ago
Jens Ulferts	c471080e08	set locale before API v3 request The mechanism was extracted from the rails stack where the locale is taken based on (in that order): * The user's preferences * The accept_language header * The system settings Only languages, that are enabled by the instance are valid. If one is selected (e.g user preference), that is not enabled by the instance, a fallback is taken.	9 years ago
Markus Kahl	dd496297fd	don't use random language as user's language If a user's language is not set ('') the code just used any valid language.	9 years ago
Oliver Günther	7ebac37c14	Repository Management - Refactoring and Preparation Related work package: [#20415](https://community.openproject.org/work_packages/20415). This is a combined refactoring and extraction effort of local SCM functionality for SVM, Git adapters in preparation for the explicit lifetime management of repositories in #20416 and implementation of (local) repository storage quota in #18393. This PR is still heavily WIP and for the time being, depends on the legacy specs for testing. To run the tests, execute the following steps: ~~~ rake test:scm:setup:all rake spec:legacy ~~~ I'm open for ideas on how we integrate scm adapters tests into current specs. --- - [x] Exchange `IO::Open` for `Open3` to avoid countless manual exitcode checks - [x] Extract local functionality in its own Module - [] Extend `LocalClient` module with links to create/delete services for #20415 - [x] Break down unbearable local parse routines (Hound will be over the place until fixed - but down from 260 to < 20) - [x] `entries` - [x] `revisions` - [] local repository factory - [] Specs - [] Fix / Modernize - [] More adapter-related specs	9 years ago
Alex Coles	0ad3cfb4b2	Prefer do…end for controller respond_to blocks `rubocop -a` does not currently normalise formatting consistently (see `ec1bb39f`). Signed-off-by: Alex Coles <alex@alexbcoles.com>	9 years ago
Markus Kahl	bcd981df5c	consider X-Authentication-Scheme; opt scoped realm	9 years ago
Markus Kahl	d854df5175	suppress browser prompt on authenticate failure	9 years ago
Alex Coles	e02eb0181d	Migrate AR finder/query methods in controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	9 years ago
Alex Coles	ec1bb39f9b	Fix syntax (w/Rubocop) in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	9 years ago
Alex Coles	57618b25ec	Replace dynamic finder usages with #find_by, etc. This patch replaces all dynamic finders, for the sake of consistency, although only some methods are deprecated. See: https://github.com/rails/activerecord-deprecated_finders#active-record-deprecated-finders * Revert some `User#find_by_login` usages in cuke steps accidentally removed in `74228b59`. User Story # 20325 Signed-off-by: Alex Coles <alex@alexbcoles.com>	9 years ago
Alex Coles	bc5abb34ab	Remove explicit require_dependency of Principal This should no longer be necessary (thanks also to `8edff983`). This effectively reverts `423152fa06` Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Markus Kahl	560d970b0f	in-regex comments	10 years ago
Markus Kahl	4abd716dd6	more comments	10 years ago
Markus Kahl	52fe1da137	don't redirect back to logout	10 years ago
Alex Coles	e0191e759c	Update year in copyright header to 2015 [ci skip]	10 years ago
Alex Coles	3629ded2ae	Handle ActionController::ParameterMissing globally See `6d11fac2`. Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Alex Coles	bb0e6e6aa5	Fix syntax (w/Rubocop) in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Alex Coles	336446c59d	Use 1.9+ Hash syntax in (Rails) controllers Signed-off-by: Alex Coles <alex@alexbcoles.com>	10 years ago
Richard	72b6e26461	Twist redirect to back url method to work with JSON params.	10 years ago
Martin Linkhorst	8877883c63	given openproject runs in a subdirectory we cannot allow redirecting to a different subdirectory. also tries to catch shenanigans to circumvent the check like ".." in the path.	10 years ago
Marek Takac	2269f9a8ee	Fixed authorization service calls	10 years ago
Martin Linkhorst	1f36d43b70	there was a wrong parenthesis: the last match needs to be ANDed with all the prior checks. instead of changing it, refactored the code to be more clear. still allows redirects to different sub-uris.	10 years ago
Philipp Tessenow	d8cb82a2e8	explicitly allow home path in back_url	10 years ago
Philipp Tessenow	0cdbaf39f6	fix protocol-relative redirection test - escape forward slash in regexp - allow redirection to home_path '/'	10 years ago
jplang	1db8642ac6	[security] fixed back url verification --HG-- extra : convert_revision : svn%3Ae93f8b46-1217-0410-a6f0-8f06a7374b81/trunk%4013018	10 years ago
Marek Takac	1ca62def08	Used named params in AuthorizationService constructor	11 years ago
Marek Takac	bb8aa422b1	Refactored Authorization service	11 years ago
Marek Takac	ac2c89c0d7	Initial foundations for API v3 User Story # 8769 Squashed commit of the following: commit `fac82d68b6` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 11 15:53:21 2014 +0200 Removed cascade false call from root api commit `fedff52220` Merge: `7b2942c` `e204fa9` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 11 14:17:27 2014 +0200 Merge commit `7b2942c419` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 11 14:11:58 2014 +0200 Generated new Gemfile.lock commit `7af2f77bbc` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 15:03:47 2014 +0200 Removed print call commit `bb19cddee9` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 14:39:35 2014 +0200 Removed 'spec/factories/priority_factory.rb commit `e8bbf476f1` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 14:38:31 2014 +0200 Replaced lambda calls with '->' commit `9d8a1c2423` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 19:19:40 2014 +0200 Clean up commit `08f80e8c91` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 19:03:38 2014 +0200 Delete ::ConnectionManagement-call(env)> commit `190c2e2d86` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 17:40:34 2014 +0200 Reset Gemfile.lock commit `0a32dcaef0` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 14:43:58 2014 +0200 Small refactoring of the API specs commit `963bb3e848` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 4 17:10:15 2014 +0200 Basic implementation of APIv3 work package #get commit `ffdb5641a7` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 4 17:08:48 2014 +0200 Basic implementation of APIv3 work package #get commit `8d64840f02` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 3 16:33:02 2014 +0200 Clening up commit `2caf393c94` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 3 16:30:50 2014 +0200 Work package #patch - incomplete tests commit `d6b9a4f263` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:42:26 2014 +0200 Renamed #done_ratio to #percentage_done commit `583ba0b525` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:30:42 2014 +0200 Cleanup commit `34bfb88377` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:14:09 2014 +0200 Added basic test & improved patch work package commit `377070acfe` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 15:38:58 2014 +0200 Implemented basic batch update for work packages commit `9df0ffb916` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 14:41:56 2014 +0200 Set default limit and offset for GET work packages resource commit `f1ac16b23f` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 14:18:00 2014 +0200 Created GET endpoint work work packages resource & N+1 query optimization commit `9a7bb32f46` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 19:29:04 2014 +0200 Basic authorization for work package GET and PATCH commit `da4b778d51` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 15:51:10 2014 +0200 Completed basic implementation of get, patch, head and options requests for work package resource commit `c8e8ab68af` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 10:47:43 2014 +0200 Added target version attributes to the work package resource commit `2ab0bea6ac` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 18:08:13 2014 +0200 Implemented work package update with some child resources commit `17edd10bb5` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 16:31:18 2014 +0200 Minor refactoring of work packages api commit `a63f17622c` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 16:28:48 2014 +0200 Created GET work package endpoint commit `abcf2e50b4` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 14:40:47 2014 +0200 Created OP API entry point commit `4564bae6f5` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 13:39:57 2014 +0200 Refactor authorize method (created service object) commit `cb464d9329` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 11:15:31 2014 +0200 Created basic structure for Work packages API commit `00f3b7a291` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 16:29:30 2014 +0200 WorkPackage mapper changes commit `622ebd04eb` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 01:30:02 2014 +0200 Added relationships to WorkPackage mapper commit `80ebe54d90` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 01:14:57 2014 +0200 Created WorkPackage mapper class commit `2da9225aef` Author: Marek Takac <m.takac@finn.de> Date: Mon May 12 19:21:07 2014 +0200 Mappers for Grape API commit `5cd59c4ad6` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 16:54:24 2014 +0200 Created some decorators commit `a5cb66e5b6` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 15:31:25 2014 +0200 Added pundit for authorization commit `f909e89687` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 14:49:20 2014 +0200 Created work package representer & current_user helper method for API commit `5aad3c087a` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 14:24:47 2014 +0200 Created basic structure for Work packages API commit `b25a348619` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 14:04:37 2014 +0200 Set up Grape API v3 commit `be76a6500e` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 13:58:38 2014 +0200 Added grape commit `e204fa9de8` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 15:03:47 2014 +0200 Removed print call commit `39b921adc7` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 14:39:35 2014 +0200 Removed 'spec/factories/priority_factory.rb commit `94c64ab855` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 10 14:38:31 2014 +0200 Replaced lambda calls with '->' commit `c2101b0352` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 19:19:40 2014 +0200 Clean up commit `a03bc0d84c` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 19:03:38 2014 +0200 Delete ::ConnectionManagement-call(env)> commit `8b2fe0b01e` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 17:40:34 2014 +0200 Reset Gemfile.lock commit `5d6618eea4` Merge: `f325a36` `dab75c3` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 16:10:51 2014 +0200 Merge branch 'dev' into feature/api_v3_base commit `f325a36d6f` Author: Marek Takac <m.takac@finn.de> Date: Fri Jun 6 14:43:58 2014 +0200 Small refactoring of the API specs commit `84f78d669d` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 4 17:10:15 2014 +0200 Basic implementation of APIv3 work package #get commit `82786a9717` Author: Marek Takac <m.takac@finn.de> Date: Wed Jun 4 17:08:48 2014 +0200 Basic implementation of APIv3 work package #get commit `b7dd82f85f` Merge: `f4ba4e8` `5525bc3` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 3 17:15:48 2014 +0200 Merge commit `5525bc3d52` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 3 16:33:02 2014 +0200 Clening up commit `9d27e3d412` Author: Marek Takac <m.takac@finn.de> Date: Tue Jun 3 16:30:50 2014 +0200 Work package #patch - incomplete tests commit `58ceeee83e` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:42:26 2014 +0200 Renamed #done_ratio to #percentage_done commit `7165e32bc4` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:30:42 2014 +0200 Cleanup commit `235ecdeabe` Author: Marek Takac <m.takac@finn.de> Date: Wed May 28 17:14:09 2014 +0200 Added basic test & improved patch work package commit `625f273dc1` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 15:38:58 2014 +0200 Implemented basic batch update for work packages commit `20239886d4` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 14:41:56 2014 +0200 Set default limit and offset for GET work packages resource commit `ad79163fd3` Author: Marek Takac <m.takac@finn.de> Date: Fri May 23 14:18:00 2014 +0200 Created GET endpoint work work packages resource & N+1 query optimization commit `c3dcba77f0` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 19:29:04 2014 +0200 Basic authorization for work package GET and PATCH commit `73d8a8551d` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 15:51:10 2014 +0200 Completed basic implementation of get, patch, head and options requests for work package resource commit `479fc4b005` Author: Marek Takac <m.takac@finn.de> Date: Thu May 22 10:47:43 2014 +0200 Added target version attributes to the work package resource commit `a72cff36a9` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 18:08:13 2014 +0200 Implemented work package update with some child resources commit `6689628a74` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 16:31:18 2014 +0200 Minor refactoring of work packages api commit `97d4e9a1e6` Author: Marek Takac <m.takac@finn.de> Date: Wed May 21 16:28:48 2014 +0200 Created GET work package endpoint commit `1490621af1` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 14:40:47 2014 +0200 Created OP API entry point commit `1e080b7936` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 13:39:57 2014 +0200 Refactor authorize method (created service object) commit `1b0b894456` Author: Marek Takac <m.takac@finn.de> Date: Tue May 20 11:15:31 2014 +0200 Created basic structure for Work packages API commit `6c8f83ae54` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 16:29:30 2014 +0200 WorkPackage mapper changes commit `d2a7f29201` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 01:30:02 2014 +0200 Added relationships to WorkPackage mapper commit `0122cd4392` Author: Marek Takac <m.takac@finn.de> Date: Tue May 13 01:14:57 2014 +0200 Created WorkPackage mapper class commit `6a40cdd6bf` Author: Marek Takac <m.takac@finn.de> Date: Mon May 12 19:21:07 2014 +0200 Mappers for Grape API commit `0a4f39be58` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 16:54:24 2014 +0200 Created some decorators commit `21e1c42b54` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 15:31:25 2014 +0200 Added pundit for authorization commit `a76f23ec51` Author: Marek Takac <m.takac@finn.de> Date: Tue Apr 29 14:49:20 2014 +0200 Created work package representer & current_user helper method for API commit `4d92b35994` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 14:24:47 2014 +0200 Created basic structure for Work packages API commit `d19a5d698a` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 14:04:37 2014 +0200 Set up Grape API v3 commit `b270fa6164` Author: Marek Takac <m.takac@finn.de> Date: Mon Apr 28 13:58:38 2014 +0200 Added grape Signed-off-by: Alex Coles <alex@alexbcoles.com>	11 years ago
Michael Frister	98f81665db	CSRF Protection: Prevent login CSRF	11 years ago
Michael Frister	ed7ffdc616	CSRF Protection: Don't attempt to catch unused InvalidAuthenticityToken Rails doesn't raise InvalidAuthenticityToken since 3.0.4 For more information, see http://weblog.rubyonrails.org/2011/2/8/csrf-protection-bypass-in-ruby-on-rails/	11 years ago
Michael Frister	c2fdfd0f1d	Fix API requests without CSRF token being rejected	11 years ago

1 2 3 4 5

214 Commits (dd3f829adcb4eb32985f601ec4063cc3f6719e5e)