diff --git a/.rubocop.yml b/.rubocop.yml index 359aac7d..15872cd0 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -116,6 +116,7 @@ Rails/SkipsModelValidations: - db/migrate/20160215125801_approval_workflow_status.rb - db/migrate/20140519133201_trash_bin.rb - db/migrate/07_dmsf_1_4_4.rb + - db/migrate/20240829093801_rename_dmsf_digest_token.rb Rails/ThreeStateBooleanColumn: Exclude: diff --git a/after_init.rb b/after_init.rb index f4f7a219..4147ce25 100644 --- a/after_init.rb +++ b/after_init.rb @@ -107,6 +107,8 @@ def dmsf_init pmap.permission :delete_project_watchers, { watchers: :destroy } end end + # DMSF WebDAV digest token + Token.add_action :dmsf_webdav_digest, max_instances: 1, validity_time: nil end if Redmine::Plugin.installed?('easy_extensions') diff --git a/app/controllers/dmsf_controller.rb b/app/controllers/dmsf_controller.rb index 5cca93ad..087f48b3 100644 --- a/app/controllers/dmsf_controller.rb +++ b/app/controllers/dmsf_controller.rb @@ -475,7 +475,7 @@ def reset_digest raise StandardError, l(:notice_account_wrong_password) unless User.current.check_password?(params[:password]) # We have to create a token first to prevent an autogenerated token's value - token = Token.create!(user_id: User.current.id, action: 'dmsf-webdav-digest') + token = Token.create!(user_id: User.current.id, action: 'dmsf_webdav_digest') token.value = ActiveSupport::Digest.hexdigest( "#{User.current.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{params[:password]}" ) diff --git a/db/migrate/20240829093801_rename_dmsf_digest_token.rb b/db/migrate/20240829093801_rename_dmsf_digest_token.rb new file mode 100644 index 00000000..b5545d35 --- /dev/null +++ b/db/migrate/20240829093801_rename_dmsf_digest_token.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +# Redmine plugin for Document Management System "Features" +# +# Karel Pičman +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# Rename DMSF digest token +class RenameDmsfDigestToken < ActiveRecord::Migration[6.1] + def up + Token.where(action: 'dmsf-webdav-digest').update_all action: 'dmsf_webdav_digest' + end + + def down + Token.where(action: 'dmsf_webdav_digest').update_all action: 'dmsf-webdav-digest' + end +end diff --git a/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb b/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb index 10409bdb..61bd8e36 100644 --- a/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb +++ b/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb @@ -36,8 +36,8 @@ def controller_account_success_authentication_after(context = {}) # Updates user's DMSF WebDAV digest if controller.params[:password].present? - token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest') - token ||= Token.create!(user_id: user.id, action: 'dmsf-webdav-digest') + token = Token.find_by(user_id: user.id, action: 'dmsf_webdav_digest') + token ||= Token.create!(user_id: user.id, action: 'dmsf_webdav_digest') token.value = ActiveSupport::Digest.hexdigest( "#{user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{controller.params[:password]}" ) diff --git a/lib/redmine_dmsf/webdav/dmsf_controller.rb b/lib/redmine_dmsf/webdav/dmsf_controller.rb index 70bbd2a7..4c4f969d 100644 --- a/lib/redmine_dmsf/webdav/dmsf_controller.rb +++ b/lib/redmine_dmsf/webdav/dmsf_controller.rb @@ -76,7 +76,7 @@ def authenticate Rails.logger.error l(:notice_account_locked) raise Unauthorized end - token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest') + token = Token.find_by(user_id: user.id, action: 'dmsf_webdav_digest') if token.nil? && defined?(EasyExtensions) if user.easy_digest_token_expired? Rails.logger.error "Digest authentication: #{user} is locked" diff --git a/test/functional/dmsf_controller_test.rb b/test/functional/dmsf_controller_test.rb index 39bca9fe..838d3026 100644 --- a/test/functional/dmsf_controller_test.rb +++ b/test/functional/dmsf_controller_test.rb @@ -665,7 +665,7 @@ def test_reset_digest post '/dmsf/digest', params: { password: 'jsmith' } assert_response :redirect assert_redirected_to my_account_path - token = Token.find_by(user_id: @jsmith.id, action: 'dmsf-webdav-digest') + token = Token.find_by(user_id: @jsmith.id, action: 'dmsf_webdav_digest') assert token assert_equal ActiveSupport::Digest.hexdigest("jsmith:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"), token.value diff --git a/test/integration/webdav/dmsf_webdav_get_test.rb b/test/integration/webdav/dmsf_webdav_get_test.rb index 1ed99d4d..4d050df6 100644 --- a/test/integration/webdav/dmsf_webdav_get_test.rb +++ b/test/integration/webdav/dmsf_webdav_get_test.rb @@ -49,7 +49,7 @@ def test_digest_authentication digest = ActiveSupport::Digest.hexdigest( "#{@jsmith_user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith" ) - token ||= Token.create!(user_id: @jsmith_user.id, action: 'dmsf-webdav-digest') + token ||= Token.create!(user_id: @jsmith_user.id, action: 'dmsf_webdav_digest') token.value = digest assert token.save authorization = encode_credentials(username: 'jsmith', digest: digest, target: '/dmsf/webdav')