From e6a5259e14b303e4b777f21ad8e64bc726a0d119 Mon Sep 17 00:00:00 2001 From: Dante Soares Date: Wed, 9 Oct 2024 10:47:39 -0500 Subject: [PATCH] Updated more gems, restored missing access policies inside an after_initialize block --- Gemfile | 6 +-- Gemfile.lock | 44 +++++++------------ config/initializers/access_policies.rb | 18 ++++++++ config/puma.rb | 7 ++- lib/sso_cookie_jar.rb | 6 +-- .../external_id_access_policy_spec.rb | 16 +++---- 6 files changed, 53 insertions(+), 44 deletions(-) diff --git a/Gemfile b/Gemfile index fb5a5b098..53b3cf307 100644 --- a/Gemfile +++ b/Gemfile @@ -73,13 +73,13 @@ gem 'omniauth-google-oauth2' gem 'redis-rails' # Utilities for OpenStax websites -gem 'openstax_utilities', github: 'openstax/openstax_utilities', ref: '4a22dd7fb557174f805bb8cc29cd8e60695983f5' +gem 'openstax_utilities' # API versioning and documentation gem 'openstax_api' # Notify developers of Exceptions in production -gem 'openstax_rescue_from', github: 'openstax/rescue_from', ref: '7a6dcfa0a70e843d2801795e151888bb9f03386a' +gem 'openstax_rescue_from' # Sentry integration gem 'sentry-ruby' @@ -113,7 +113,7 @@ gem 'delayed_job_worker_pool' gem 'delayed_job_heartbeat_plugin' # JSON Api builder -gem 'representable', '~> 3.0.0' +gem 'representable' # Keyword search gem 'keyword_search', '~> 1.5.0' diff --git a/Gemfile.lock b/Gemfile.lock index ce32e20a4..5a9bb4527 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -18,20 +18,6 @@ GIT railties (>= 3.1) sass-rails -GIT - remote: https://github.com/openstax/openstax_utilities.git - revision: 4a22dd7fb557174f805bb8cc29cd8e60695983f5 - ref: 4a22dd7fb557174f805bb8cc29cd8e60695983f5 - specs: - openstax_utilities (5.1.1) - aws-sdk-autoscaling - faraday - faraday-http-cache - keyword_search - lev - rails (>= 5.0, < 8.0) - request_store - GIT remote: https://github.com/openstax/path_prefixer.git revision: e3edfc70589bc90fcffba63b417260a88c1377d7 @@ -48,14 +34,6 @@ GIT specs: pattern-library (1.1.18) -GIT - remote: https://github.com/openstax/rescue_from.git - revision: 7a6dcfa0a70e843d2801795e151888bb9f03386a - ref: 7a6dcfa0a70e843d2801795e151888bb9f03386a - specs: - openstax_rescue_from (4.2.0) - rails (>= 3.1, < 7.0) - GEM remote: https://rubygems.org/ specs: @@ -264,7 +242,6 @@ GEM activesupport (>= 4.0, < 7.3) rspec (>= 3.0) declarative (0.0.20) - declarative-option (0.1.0) delayed_job (4.1.12) activesupport (>= 3.0, < 8.0) delayed_job_active_record (4.1.10) @@ -534,6 +511,8 @@ GEM uber openstax_healthcheck (1.0.1) rails (>= 3.0) + openstax_rescue_from (4.2.1) + rails (>= 3.1, < 7.0) openstax_salesforce (8.1.0) openstax_active_force rails (>= 5.0, < 7.0) @@ -541,6 +520,14 @@ GEM openstax_transaction_retry (1.2.0) activerecord (>= 5.1) transaction_isolation (>= 1.0.5) + openstax_utilities (5.1.2) + aws-sdk-autoscaling + faraday + faraday-http-cache + keyword_search + lev + rails (>= 5.0, < 8.0) + request_store ostruct (0.6.0) p3p (2.0.0) rack (>= 1.6.2) @@ -651,9 +638,9 @@ GEM io-console (~> 0.5) render_anywhere (0.0.12) rails (>= 3.0.7) - representable (3.0.4) + representable (3.2.0) declarative (< 0.1.0) - declarative-option (< 0.2.0) + trailblazer-option (>= 0.1.1, < 0.2.0) uber (< 0.2.0) request_store (1.7.0) rack (>= 1.4) @@ -771,6 +758,7 @@ GEM tilt (2.4.0) timecop (0.9.10) timeout (0.4.1) + trailblazer-option (0.1.2) transaction_isolation (1.0.5) activerecord (>= 3.0.11) tzinfo (2.0.6) @@ -878,9 +866,9 @@ DEPENDENCIES openstax_api openstax_healthcheck openstax_path_prefixer! - openstax_rescue_from! + openstax_rescue_from openstax_salesforce - openstax_utilities! + openstax_utilities p3p parallel_tests pattern-library! @@ -896,7 +884,7 @@ DEPENDENCIES rails-settings-cached redis-rails render_anywhere - representable (~> 3.0.0) + representable rspec-instafail rspec-rails rubocop diff --git a/config/initializers/access_policies.rb b/config/initializers/access_policies.rb index 1248e5206..3a27faa40 100644 --- a/config/initializers/access_policies.rb +++ b/config/initializers/access_policies.rb @@ -1 +1,19 @@ require_relative 'doorkeeper' + +Rails.application.config.after_initialize do + OSU::AccessPolicy.register(Doorkeeper::Application, Doorkeeper::ApplicationAccessPolicy) + OSU::AccessPolicy.register(User, UserAccessPolicy) + OSU::AccessPolicy.register(AnonymousUser, UserAccessPolicy) + OSU::AccessPolicy.register(Identity, IdentityAccessPolicy) + OSU::AccessPolicy.register(ContactInfo, ContactInfoAccessPolicy) + OSU::AccessPolicy.register(EmailAddress, ContactInfoAccessPolicy) + OSU::AccessPolicy.register(Authentication, AuthenticationAccessPolicy) + OSU::AccessPolicy.register(ApplicationUser, ApplicationUserAccessPolicy) + OSU::AccessPolicy.register(Message, MessageAccessPolicy) + OSU::AccessPolicy.register(Group, GroupAccessPolicy) + OSU::AccessPolicy.register(GroupMember, GroupMemberAccessPolicy) + OSU::AccessPolicy.register(GroupOwner, GroupOwnerAccessPolicy) + OSU::AccessPolicy.register(GroupNesting, GroupNestingAccessPolicy) + OSU::AccessPolicy.register(ApplicationGroup, ApplicationGroupAccessPolicy) + OSU::AccessPolicy.register(ExternalId, ExternalIdAccessPolicy) +end diff --git a/config/puma.rb b/config/puma.rb index 366ac2c4b..538e2a1fc 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -11,8 +11,6 @@ NUM_WORKERS = ENV.fetch('WEB_CONCURRENCY') { Etc.nprocessors }.to_i -worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i - stdout_redirect( ENV.fetch('STDOUT_LOGFILE', "#{APP_DIR}/log/puma.stdout.log"), ENV.fetch('STDERR_LOGFILE', "#{APP_DIR}/log/puma.stderr.log"), @@ -52,6 +50,11 @@ min_threads_count = ENV.fetch('RAILS_MIN_THREADS') { max_threads_count } threads min_threads_count, max_threads_count +# Specifies the `worker_timeout` threshold that Puma will use to wait before +# terminating a worker in development environments. +# +worker_timeout ENV.fetch('WORKER_TIMEOUT', 60).to_i + if ENV['SOCKET'] # Specifies the `socket` to which Puma will bind to receive requests. bind ENV['SOCKET'] diff --git a/lib/sso_cookie_jar.rb b/lib/sso_cookie_jar.rb index ca6ee284c..4b5cbe9b1 100644 --- a/lib/sso_cookie_jar.rb +++ b/lib/sso_cookie_jar.rb @@ -18,11 +18,11 @@ def delete(options = {}) @parent_jar.delete @@cookie_name, options.reverse_merge(@@cookie_options) end - def parse(name, encrypted_message, purpose: nil) - SsoCookie.read encrypted_message + def parse(name, data, purpose: nil) + SsoCookie.read data end - def commit(options) + def commit(name, options) options[:value] = SsoCookie.generate options options.reverse_merge! @@cookie_options end diff --git a/spec/access_policies/external_id_access_policy_spec.rb b/spec/access_policies/external_id_access_policy_spec.rb index 2c7699ea7..1cff77b59 100644 --- a/spec/access_policies/external_id_access_policy_spec.rb +++ b/spec/access_policies/external_id_access_policy_spec.rb @@ -13,16 +13,16 @@ context 'create' do it 'cannot be accessed by users or untrusted apps' do - expect(OSU::AccessPolicy.action_allowed?(:search, anon, external_id)).to eq false - expect(OSU::AccessPolicy.action_allowed?(:search, temp, external_id)).to eq false - expect(OSU::AccessPolicy.action_allowed?(:search, user, external_id)).to eq false - expect(OSU::AccessPolicy.action_allowed?(:search, new_social, external_id)).to eq false - expect(OSU::AccessPolicy.action_allowed?(:search, admin, external_id)).to eq false - expect(OSU::AccessPolicy.action_allowed?(:search, app, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, anon, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, temp, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, user, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, new_social, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, admin, external_id)).to eq false + expect(OSU::AccessPolicy.action_allowed?(:create, app, external_id)).to eq false end it 'can be accessed by trusted apps' do - expect(OSU::AccessPolicy.action_allowed?(:search, trusted_app, User)).to eq true + expect(OSU::AccessPolicy.action_allowed?(:create, trusted_app, external_id)).to eq true end end -end \ No newline at end of file +end