[pull] dev from opf:dev

.github/workflows/brakeman-scan-core.yml

@@ -29,11 +29,6 @@ jobs:
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
-        with:
-          # FIXME: remove the ruby version once '3.2.2' is released.
-          # This is set to head to fix ruby segfaulting when brakeman is
-          # used. See https://bugs.ruby-lang.org/issues/19433
-          ruby-version: 'head'
 
       - name: Setup Brakeman
         run: |

.github/workflows/continuous-delivery.yml

@@ -19,9 +19,8 @@ jobs:
           TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }}
           REPOSITORY: opf/openproject-flavours
           WORKFLOW_ID: ci.yml
-          CORE_REF: ${{ github.ref_name }}
         run: |
           curl -i --fail-with-body -H"authorization: Bearer $TOKEN" \
             -XPOST -H"Accept: application/vnd.github.v3+json" \
             https://api.github.com/repos/$REPOSITORY/actions/workflows/$WORKFLOW_ID/dispatches \
-            -d '{"ref": "dev", "inputs": { "ref" : "'$CORE_REF'" }}'
+            -d '{"ref": "dev", "inputs": { "ref" : "${{ github.ref_name }}" }}'

Gemfile

@@ -213,7 +213,7 @@ gem 'appsignal', '~> 3.0', require: false
 
 gem 'view_component'
 # Lookbook
-gem 'lookbook', github: 'ViewComponent/lookbook', ref: '473f86d7e343cd78b74cc293a4de06b9b5e7a3e2'
+gem 'lookbook', '~> 2.2.1'
 
 # Require factory_bot for usage with openproject plugins testing
 gem 'factory_bot', '~> 6.4.0', require: false
@@ -263,7 +263,7 @@ group :test do
   gem 'capybara-screenshot', '~> 1.0.17'
   gem 'cuprite', '~> 0.15.0'
   gem 'selenium-devtools'
-  gem 'selenium-webdriver', '~> 4.17.0'
+  gem 'selenium-webdriver', '~> 4.18.0'
 
   gem 'fuubar', '~> 2.5.0'
   gem 'timecop', '~> 0.9.0'
@@ -382,4 +382,4 @@ end
 
 gem 'openproject-octicons', '~>19.8.0'
 gem 'openproject-octicons_helper', '~>19.8.0'
-gem 'openproject-primer_view_components', '~>0.20.0'
+gem 'openproject-primer_view_components', '~>0.22.2'

Gemfile.lock

@@ -1,21 +1,3 @@
-GIT
-  remote: https://github.com/ViewComponent/lookbook.git
-  revision: 473f86d7e343cd78b74cc293a4de06b9b5e7a3e2
-  ref: 473f86d7e343cd78b74cc293a4de06b9b5e7a3e2
-  specs:
-    lookbook (2.2.0)
-      activemodel
-      css_parser
-      htmlbeautifier (~> 1.3)
-      htmlentities (~> 4.3.4)
-      marcel (~> 1.0)
-      railties (>= 5.0)
-      redcarpet (~> 3.5)
-      rouge (>= 3.26, < 5.0)
-      view_component (>= 2.0)
-      yard (~> 0.9.25)
-      zeitwerk (~> 2.5)
-
 GIT
   remote: https://github.com/citizensadvice/capybara_accessible_selectors
   revision: 621e394ff9bafb420fb15792c3a3e3334a618687
@@ -219,7 +201,7 @@ PATH
   remote: modules/two_factor_authentication
   specs:
     openproject-two_factor_authentication (1.0.0)
-      aws-sdk-sns (~> 1.71.0)
+      aws-sdk-sns (~> 1.72.0)
       messagebird-rest (~> 1.4.2)
       rotp (~> 6.1)
 
@@ -351,11 +333,12 @@ GEM
     awesome_nested_set (3.6.0)
       activerecord (>= 4.0.0, < 7.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.888.0)
-    aws-sdk-core (3.191.1)
+    aws-partitions (1.894.0)
+    aws-sdk-core (3.191.2)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
+      base64
       jmespath (~> 1, >= 1.6.1)
     aws-sdk-kms (1.77.0)
       aws-sdk-core (~> 3, >= 3.191.0)
@@ -364,7 +347,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.191.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.8)
-    aws-sdk-sns (1.71.0)
+    aws-sdk-sns (1.72.0)
       aws-sdk-core (~> 3, >= 3.191.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.8.0)
@@ -390,7 +373,7 @@ GEM
       parser (>= 2.4)
       smart_properties
     bigdecimal (3.1.6)
-    bindata (2.4.15)
+    bindata (2.5.0)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
     brakeman (6.1.2)
@@ -435,7 +418,7 @@ GEM
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
     cookiejar (0.3.4)
-    crack (0.4.6)
+    crack (1.0.0)
       bigdecimal
       rexml
     crass (1.0.6)
@@ -469,7 +452,7 @@ GEM
     disposable (0.6.3)
       declarative (>= 0.0.9, < 1.0.0)
       representable (>= 3.1.1, < 4)
-    doorkeeper (5.6.8)
+    doorkeeper (5.6.9)
       railties (>= 5)
     dotenv (3.0.2)
     dotenv-rails (3.0.2)
@@ -588,7 +571,7 @@ GEM
       google-apis-core (>= 0.12.0, < 2.a)
     google-cloud-env (2.1.1)
       faraday (>= 1.0, < 3.a)
-    googleauth (1.10.0)
+    googleauth (1.11.0)
       faraday (>= 1.0, < 3.a)
       google-cloud-env (~> 2.1)
       jwt (>= 1.4, < 3.0)
@@ -614,7 +597,7 @@ GEM
     html-pipeline (2.14.3)
       activesupport (>= 2)
       nokogiri (>= 1.4)
-    htmlbeautifier (1.4.2)
+    htmlbeautifier (1.4.3)
     htmldiff (0.0.1)
     htmlentities (4.3.4)
     http-2-next (1.0.3)
@@ -666,14 +649,15 @@ GEM
     json_spec (1.1.5)
       multi_json (~> 1.0)
       rspec (>= 2.0, < 4.0)
-    jwt (2.7.1)
+    jwt (2.8.0)
+      base64
     ladle (1.0.1)
       open4 (~> 1.0)
     language_server-protocol (3.17.0.3)
     launchy (2.5.2)
       addressable (~> 2.8)
     lefthook (1.6.1)
-    letter_opener (1.8.1)
+    letter_opener (1.9.0)
       launchy (>= 2.2, < 3)
     listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -690,6 +674,18 @@ GEM
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
+    lookbook (2.2.1)
+      activemodel
+      css_parser
+      htmlbeautifier (~> 1.3)
+      htmlentities (~> 4.3.4)
+      marcel (~> 1.0)
+      railties (>= 5.0)
+      redcarpet (~> 3.5)
+      rouge (>= 3.26, < 5.0)
+      view_component (>= 2.0)
+      yard (~> 0.9.25)
+      zeitwerk (~> 2.5)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
@@ -756,7 +752,7 @@ GEM
       actionview
       openproject-octicons (= 19.8.0)
       railties
-    openproject-primer_view_components (0.20.0)
+    openproject-primer_view_components (0.22.2)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
       openproject-octicons (>= 19.8.0)
@@ -769,7 +765,7 @@ GEM
       activerecord (>= 6.1)
       request_store (~> 1.4)
     parallel (1.24.0)
-    parallel_tests (4.5.0)
+    parallel_tests (4.5.1)
       parallel
     parser (3.3.0.5)
       ast (~> 2.4.1)
@@ -783,7 +779,7 @@ GEM
       hashery (~> 2.0)
       ruby-rc4
       ttfunk
-    pg (1.5.4)
+    pg (1.5.5)
     plaintext (0.3.4)
       activesupport (> 2.2.1)
       nokogiri (~> 1.10, >= 1.10.4)
@@ -831,7 +827,7 @@ GEM
       rack (>= 1.0, < 4)
     rack-cors (2.0.1)
       rack (>= 2.0.0)
-    rack-mini-profiler (3.3.0)
+    rack-mini-profiler (3.3.1)
       rack (>= 1.2.0)
     rack-oauth2 (2.2.1)
       activesupport
@@ -895,15 +891,15 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rb_sys (0.9.87)
+    rb_sys (0.9.88)
     rbtree3 (0.7.1)
     rdoc (6.6.2)
       psych (>= 4.0.0)
     recaptcha (5.16.0)
     redcarpet (3.6.0)
     redis (5.1.0)
       redis-client (>= 0.17.0)
-    redis-client (0.19.1)
+    redis-client (0.20.0)
       connection_pool
     regexp_parser (2.9.0)
     reline (0.4.2)
@@ -999,9 +995,9 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     secure_headers (6.5.0)
-    selenium-devtools (0.121.0)
+    selenium-devtools (0.122.0)
       selenium-webdriver (~> 4.2)
-    selenium-webdriver (4.17.0)
+    selenium-webdriver (4.18.1)
       base64 (~> 0.2)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
@@ -1010,7 +1006,7 @@ GEM
     shoulda-context (2.0.0)
     shoulda-matchers (6.1.0)
       activesupport (>= 5.2.0)
-    signet (0.18.0)
+    signet (0.19.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
@@ -1059,7 +1055,7 @@ GEM
     timeout (0.4.1)
     trailblazer-option (0.1.2)
     ttfunk (1.7.0)
-    turbo-rails (2.0.2)
+    turbo-rails (2.0.3)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)
@@ -1098,7 +1094,7 @@ GEM
       activesupport
       faraday (~> 2.0)
       faraday-follow_redirects
-    webmock (3.20.0)
+    webmock (3.21.2)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -1195,7 +1191,7 @@ DEPENDENCIES
   letter_opener
   listen (~> 3.8.0)
   lograge (~> 0.14.0)
-  lookbook!
+  lookbook (~> 2.2.1)
   mail (= 2.8.1)
   matrix (~> 0.4.2)
   md_to_pdf!
@@ -1227,7 +1223,7 @@ DEPENDENCIES
   openproject-octicons (~> 19.8.0)
   openproject-octicons_helper (~> 19.8.0)
   openproject-openid_connect!
-  openproject-primer_view_components (~> 0.20.0)
+  openproject-primer_view_components (~> 0.22.2)
   openproject-recaptcha!
   openproject-reporting!
   openproject-storages!
@@ -1284,7 +1280,7 @@ DEPENDENCIES
   sanitize (~> 6.1.0)
   secure_headers (~> 6.5.0)
   selenium-devtools
-  selenium-webdriver (~> 4.17.0)
+  selenium-webdriver (~> 4.18.0)
   semantic (~> 1.6.1)
   shoulda-context (~> 2.0)
   shoulda-matchers (~> 6.0)

app/controllers/application_controller.rb

@@ -220,7 +220,15 @@ def reset_i18n_fallbacks
   end
 
   def set_localization
-    SetLocalizationService.new(User.current, request.env['HTTP_ACCEPT_LANGUAGE']).call
+    # 1. Use completely autheticated user
+    # 2. Use user with some authenticated stages not compelted.
+    #    In this case user is not considered logged in, but identified.
+    #    It covers localization for extra authentication stages(like :consent, for example)
+    # 3. Use anonymous instance.
+    user = RequestStore[:current_user] ||
+           (session[:authenticated_user_id].present? && User.find_by(id: session[:authenticated_user_id])) ||
+           User.anonymous
+    SetLocalizationService.new(user, request.env['HTTP_ACCEPT_LANGUAGE']).call
   end
 
   def deny_access(not_found: false)

app/controllers/concerns/accounts/authentication_stages.rb

@@ -1,3 +1,31 @@
+#-- copyright
+# OpenProject is an open source project management software.
+# Copyright (C) 2012-2024 the OpenProject GmbH
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License version 3.
+#
+# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
+# Copyright (C) 2006-2013 Jean-Philippe Lang
+# Copyright (C) 2010-2013 the ChiliProject Team
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# See COPYRIGHT and LICENSE files for more details.
+#++
+
 module Accounts::AuthenticationStages
   def successful_authentication(user, reset_stages: true, just_registered: false)
     stages = authentication_stages after_activation: just_registered, reset: reset_stages

app/controllers/concerns/accounts/user_consent.rb

@@ -33,8 +33,8 @@ module Accounts::UserConsent
   include ::UserConsentHelper
 
   def consent
-    if consent_required?
-      render 'account/consent', locals: { consenting_user: }
+    if user_consent_required? && consenting_user&.consent_expired?
+      render 'account/consent'
     else
       consent_finished
     end
@@ -50,14 +50,6 @@ def confirm_consent
     end
   end
 
-  def consent_required?
-    # Ensure consent is enabled and a text is provided
-    return false unless user_consent_required?
-
-    # Require the user to consent if he hasn't already
-    consent_expired?
-  end
-
   def decline_consent
     message = I18n.t('consent.decline_warning_message') + "\n"
     message <<
@@ -71,19 +63,6 @@ def decline_consent
     redirect_to authentication_stage_failure_path :consent
   end
 
-  def consent_expired?
-    consented_at = consenting_user.try(:consented_at)
-
-    # Always if the user has not consented
-    return true if consented_at.blank?
-
-    # Did not expire if no consent_time set, but user has consented at some point
-    return false if Setting.consent_time.blank?
-
-    # Otherwise, expires when consent_time is newer than last consented_at
-    consented_at < Setting.consent_time
-  end
-
   def consenting_user
     User.find_by id: session[:authenticated_user_id]
   end