Skip to content

Commit

Permalink
Updated more gems, restored missing access policies inside an after_i…
Browse files Browse the repository at this point in the history
…nitialize block
  • Loading branch information
Dantemss committed Oct 9, 2024
1 parent 7bdfb96 commit e6a5259
Show file tree
Hide file tree
Showing 6 changed files with 53 additions and 44 deletions.
6 changes: 3 additions & 3 deletions Gemfile
Original file line number Diff line number Diff line change
Expand Up @@ -73,13 +73,13 @@ gem 'omniauth-google-oauth2'
gem 'redis-rails'

# Utilities for OpenStax websites
gem 'openstax_utilities', github: 'openstax/openstax_utilities', ref: '4a22dd7fb557174f805bb8cc29cd8e60695983f5'
gem 'openstax_utilities'

# API versioning and documentation
gem 'openstax_api'

# Notify developers of Exceptions in production
gem 'openstax_rescue_from', github: 'openstax/rescue_from', ref: '7a6dcfa0a70e843d2801795e151888bb9f03386a'
gem 'openstax_rescue_from'

# Sentry integration
gem 'sentry-ruby'
Expand Down Expand Up @@ -113,7 +113,7 @@ gem 'delayed_job_worker_pool'
gem 'delayed_job_heartbeat_plugin'

# JSON Api builder
gem 'representable', '~> 3.0.0'
gem 'representable'

# Keyword search
gem 'keyword_search', '~> 1.5.0'
Expand Down
44 changes: 16 additions & 28 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -18,20 +18,6 @@ GIT
railties (>= 3.1)
sass-rails

GIT
remote: https://github.com/openstax/openstax_utilities.git
revision: 4a22dd7fb557174f805bb8cc29cd8e60695983f5
ref: 4a22dd7fb557174f805bb8cc29cd8e60695983f5
specs:
openstax_utilities (5.1.1)
aws-sdk-autoscaling
faraday
faraday-http-cache
keyword_search
lev
rails (>= 5.0, < 8.0)
request_store

GIT
remote: https://github.com/openstax/path_prefixer.git
revision: e3edfc70589bc90fcffba63b417260a88c1377d7
Expand All @@ -48,14 +34,6 @@ GIT
specs:
pattern-library (1.1.18)

GIT
remote: https://github.com/openstax/rescue_from.git
revision: 7a6dcfa0a70e843d2801795e151888bb9f03386a
ref: 7a6dcfa0a70e843d2801795e151888bb9f03386a
specs:
openstax_rescue_from (4.2.0)
rails (>= 3.1, < 7.0)

GEM
remote: https://rubygems.org/
specs:
Expand Down Expand Up @@ -264,7 +242,6 @@ GEM
activesupport (>= 4.0, < 7.3)
rspec (>= 3.0)
declarative (0.0.20)
declarative-option (0.1.0)
delayed_job (4.1.12)
activesupport (>= 3.0, < 8.0)
delayed_job_active_record (4.1.10)
Expand Down Expand Up @@ -534,13 +511,23 @@ GEM
uber
openstax_healthcheck (1.0.1)
rails (>= 3.0)
openstax_rescue_from (4.2.1)
rails (>= 3.1, < 7.0)
openstax_salesforce (8.1.0)
openstax_active_force
rails (>= 5.0, < 7.0)
restforce
openstax_transaction_retry (1.2.0)
activerecord (>= 5.1)
transaction_isolation (>= 1.0.5)
openstax_utilities (5.1.2)
aws-sdk-autoscaling
faraday
faraday-http-cache
keyword_search
lev
rails (>= 5.0, < 8.0)
request_store
ostruct (0.6.0)
p3p (2.0.0)
rack (>= 1.6.2)
Expand Down Expand Up @@ -651,9 +638,9 @@ GEM
io-console (~> 0.5)
render_anywhere (0.0.12)
rails (>= 3.0.7)
representable (3.0.4)
representable (3.2.0)
declarative (< 0.1.0)
declarative-option (< 0.2.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
uber (< 0.2.0)
request_store (1.7.0)
rack (>= 1.4)
Expand Down Expand Up @@ -771,6 +758,7 @@ GEM
tilt (2.4.0)
timecop (0.9.10)
timeout (0.4.1)
trailblazer-option (0.1.2)
transaction_isolation (1.0.5)
activerecord (>= 3.0.11)
tzinfo (2.0.6)
Expand Down Expand Up @@ -878,9 +866,9 @@ DEPENDENCIES
openstax_api
openstax_healthcheck
openstax_path_prefixer!
openstax_rescue_from!
openstax_rescue_from
openstax_salesforce
openstax_utilities!
openstax_utilities
p3p
parallel_tests
pattern-library!
Expand All @@ -896,7 +884,7 @@ DEPENDENCIES
rails-settings-cached
redis-rails
render_anywhere
representable (~> 3.0.0)
representable
rspec-instafail
rspec-rails
rubocop
Expand Down
18 changes: 18 additions & 0 deletions config/initializers/access_policies.rb
Original file line number Diff line number Diff line change
@@ -1 +1,19 @@
require_relative 'doorkeeper'

Rails.application.config.after_initialize do
OSU::AccessPolicy.register(Doorkeeper::Application, Doorkeeper::ApplicationAccessPolicy)
OSU::AccessPolicy.register(User, UserAccessPolicy)
OSU::AccessPolicy.register(AnonymousUser, UserAccessPolicy)
OSU::AccessPolicy.register(Identity, IdentityAccessPolicy)
OSU::AccessPolicy.register(ContactInfo, ContactInfoAccessPolicy)
OSU::AccessPolicy.register(EmailAddress, ContactInfoAccessPolicy)
OSU::AccessPolicy.register(Authentication, AuthenticationAccessPolicy)
OSU::AccessPolicy.register(ApplicationUser, ApplicationUserAccessPolicy)
OSU::AccessPolicy.register(Message, MessageAccessPolicy)
OSU::AccessPolicy.register(Group, GroupAccessPolicy)
OSU::AccessPolicy.register(GroupMember, GroupMemberAccessPolicy)
OSU::AccessPolicy.register(GroupOwner, GroupOwnerAccessPolicy)
OSU::AccessPolicy.register(GroupNesting, GroupNestingAccessPolicy)
OSU::AccessPolicy.register(ApplicationGroup, ApplicationGroupAccessPolicy)
OSU::AccessPolicy.register(ExternalId, ExternalIdAccessPolicy)
end
7 changes: 5 additions & 2 deletions config/puma.rb
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,6 @@

NUM_WORKERS = ENV.fetch('WEB_CONCURRENCY') { Etc.nprocessors }.to_i

worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i

stdout_redirect(
ENV.fetch('STDOUT_LOGFILE', "#{APP_DIR}/log/puma.stdout.log"),
ENV.fetch('STDERR_LOGFILE', "#{APP_DIR}/log/puma.stderr.log"),
Expand Down Expand Up @@ -52,6 +50,11 @@
min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count }
threads min_threads_count, max_threads_count

# Specifies the `worker_timeout` threshold that Puma will use to wait before
# terminating a worker in development environments.
#
worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i

if ENV['SOCKET']
# Specifies the `socket` to which Puma will bind to receive requests.
bind ENV['SOCKET']
Expand Down
6 changes: 3 additions & 3 deletions lib/sso_cookie_jar.rb
Original file line number Diff line number Diff line change
Expand Up @@ -18,11 +18,11 @@ def delete(options = {})
@parent_jar.delete @@cookie_name, options.reverse_merge(@@cookie_options)
end

def parse(name, encrypted_message, purpose: nil)
SsoCookie.read encrypted_message
def parse(name, data, purpose: nil)
SsoCookie.read data
end

def commit(options)
def commit(name, options)
options[:value] = SsoCookie.generate options
options.reverse_merge! @@cookie_options
end
Expand Down
16 changes: 8 additions & 8 deletions spec/access_policies/external_id_access_policy_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,16 @@

context 'create' do
it 'cannot be accessed by users or untrusted apps' do
expect(OSU::AccessPolicy.action_allowed?(:search, anon, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:search, temp, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:search, user, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:search, new_social, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:search, admin, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:search, app, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, anon, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, temp, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, user, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, new_social, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, admin, external_id)).to eq false
expect(OSU::AccessPolicy.action_allowed?(:create, app, external_id)).to eq false
end

it 'can be accessed by trusted apps' do
expect(OSU::AccessPolicy.action_allowed?(:search, trusted_app, User)).to eq true
expect(OSU::AccessPolicy.action_allowed?(:create, trusted_app, external_id)).to eq true
end
end
end
end

0 comments on commit e6a5259

Please sign in to comment.