From 4181fe4d7b1061c383a8c8a4d0be0b03cd409526 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 14:40:09 +0000 Subject: [PATCH 01/60] Bump aws-sdk-s3 from 1.149.1 to 1.151.0 Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.149.1 to 1.151.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Gemfile b/Gemfile index 852330dbe8b..e4183789122 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ ruby file: ".ruby-version" gem "rails", "~> 7.1.0", ">= 7.1.3.2" gem "rails-i18n", "~> 7.0" -gem "aws-sdk-s3", "~> 1.149" +gem "aws-sdk-s3", "~> 1.151" gem "aws-sdk-sqs", "~> 1.73" gem "bootsnap", "~> 1.18" gem "clearance", "~> 2.7" diff --git a/Gemfile.lock b/Gemfile.lock index b729f9020a6..17b99e35dd3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,16 +110,16 @@ GEM zeitwerk (>= 2.6.2) awrence (1.2.1) aws-eventstream (1.3.0) - aws-partitions (1.925.0) - aws-sdk-core (3.194.2) + aws-partitions (1.929.0) + aws-sdk-core (3.196.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.80.0) + aws-sdk-kms (1.81.0) aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.149.1) + aws-sdk-s3 (1.151.0) aws-sdk-core (~> 3, >= 3.194.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) @@ -762,7 +762,7 @@ DEPENDENCIES amazing_print (~> 1.6) autoprefixer-rails (~> 10.4) avo (~> 2.51) - aws-sdk-s3 (~> 1.149) + aws-sdk-s3 (~> 1.151) aws-sdk-sqs (~> 1.73) bcrypt (~> 3.1) bootsnap (~> 1.18) @@ -892,10 +892,10 @@ CHECKSUMS avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03 awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f - aws-partitions (1.925.0) sha256=e41bce6567dd71532618fc6003f8aaedeacca29f18443690d714d73d5f4baaeb - aws-sdk-core (3.194.2) sha256=f925fb739cd093e5834910aed85aba5ac8d1b210f26c2cf51f0daf932cc77567 - aws-sdk-kms (1.80.0) sha256=55621357f04d43cf03fd4ca1d7113a52799f5ea482f2417557140d702736eae5 - aws-sdk-s3 (1.149.1) sha256=664e608190d42b486dc79b5dc65e7c2240923902a9833063327a9d831226a46a + aws-partitions (1.929.0) sha256=7a696245d2e6af5cd88d01ae15963b65a46d4b1b98ef7a2ddfd300b8106da598 + aws-sdk-core (3.196.1) sha256=e36bfec78d841041acb4424a728e35fc2c324e4ee6f07e1c301bbdf4c69d8438 + aws-sdk-kms (1.81.0) sha256=b15dd1e840756a13f27d4f3d8308571f97a4902e0a21c753ea9be14138a4f496 + aws-sdk-s3 (1.151.0) sha256=9e40e64f3ea112b33fdbb0416b6b44247372b983f6a7a9c30fa9b5627a4f7008 aws-sdk-sqs (1.73.0) sha256=87dac3a9e06908ffed136ff7e038637cc5f34de7a99a7d64192e4cb7c66ccde0 aws-sigv4 (1.8.0) sha256=84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507 From 8ce49fd53d6bc717ba968d907465bb70ae390eb2 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Wed, 15 May 2024 20:13:21 -0700 Subject: [PATCH 02/60] Shift session expiry login failure to filter (#4711) --- app/controllers/sessions_controller.rb | 8 +------- test/functional/sessions_controller_test.rb | 5 ++++- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a9f18239187..6d8e75d7b18 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -30,10 +30,6 @@ def create end def webauthn_create - unless mfa_session_active? - login_failure(t("multifactor_auths.session_expired")) - return - end return login_failure(@webauthn_error) unless webauthn_credential_verified? record_mfa_login_duration(mfa_type: "webauthn") @@ -60,8 +56,6 @@ def otp_create record_mfa_login_duration(mfa_type: "otp") do_login(two_factor_label: "OTP", two_factor_method: "otp", authentication_method: "password") - elsif !mfa_session_active? - login_failure(t("multifactor_auths.session_expired")) else login_failure(t("multifactor_auths.incorrect_otp")) end @@ -136,7 +130,7 @@ def find_user end def find_mfa_user - @user = User.find_by(id: session[:mfa_user]) if session[:mfa_user] + @user = User.find_by(id: session[:mfa_user]) if mfa_session_active? && session[:mfa_user] return if @user delete_mfa_session login_failure t("multifactor_auths.session_expired") diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb index 40897d0e79d..485f5085ec8 100644 --- a/test/functional/sessions_controller_test.rb +++ b/test/functional/sessions_controller_test.rb @@ -661,6 +661,8 @@ class SessionsControllerTest < ActionController::TestCase context "when providing credentials but the session expired" do setup do travel 30.minutes + @existing_webauthn = @controller.session[:webauthn_authentication] + post( :webauthn_create, params: { @@ -680,7 +682,6 @@ class SessionsControllerTest < ActionController::TestCase assert_nil @controller.session[:mfa_expires_at] assert_nil @controller.session[:mfa_login_started_at] assert_nil @controller.session[:mfa_user] - assert_nil @controller.session[:webauthn_authentication] end should "not sign in the user" do @@ -693,6 +694,8 @@ class SessionsControllerTest < ActionController::TestCase should "render sign in page" do assert_template "sessions/new" + refute_nil @controller.session[:webauthn_authentication] + refute_equal @existing_webauthn, @controller.session[:webauthn_authentication] end end end From 999f36ed3cf2113684f707ed7ffe7511e8371d04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 14:59:55 +0000 Subject: [PATCH 03/60] Bump selenium-webdriver from 4.20.1 to 4.21.0 Bumps [selenium-webdriver](https://github.com/SeleniumHQ/selenium) from 4.20.1 to 4.21.0. - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](https://github.com/SeleniumHQ/selenium/commits/selenium-4.21.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 13 ++++++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 852330dbe8b..513c64a21ba 100644 --- a/Gemfile +++ b/Gemfile @@ -130,7 +130,7 @@ group :test do gem "mocha", "~> 2.2", require: false gem "shoulda-context", "~> 3.0.0.rc1" gem "shoulda-matchers", "~> 6.2" - gem "selenium-webdriver", "~> 4.20" + gem "selenium-webdriver", "~> 4.21" gem "webmock", "~> 3.23" gem "simplecov", "~> 0.22", require: false gem "simplecov-cobertura", "~> 2.1", require: false diff --git a/Gemfile.lock b/Gemfile.lock index b729f9020a6..53dcd5c032d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -582,7 +582,8 @@ GEM regexp_parser (2.9.0) reline (0.5.6) io-console (~> 0.5) - rexml (3.2.6) + rexml (3.2.8) + strscan (>= 3.0.9) roadie (5.2.1) css_parser (~> 1.4) nokogiri (~> 1.15) @@ -644,7 +645,7 @@ GEM searchkick (5.3.1) activemodel (>= 6.1) hashie - selenium-webdriver (4.20.1) + selenium-webdriver (4.21.0) base64 (~> 0.2) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) @@ -684,6 +685,7 @@ GEM stringio (3.1.0) strong_migrations (1.8.0) activerecord (>= 5.2) + strscan (3.1.0) swd (2.0.3) activesupport (>= 3) attr_required (>= 0.0.5) @@ -845,7 +847,7 @@ DEPENDENCIES rubocop-rails (~> 2.18) ruby-magic (~> 0.6) searchkick (~> 5.3) - selenium-webdriver (~> 4.20) + selenium-webdriver (~> 4.21) shoryuken (~> 6.2) shoulda-context (~> 3.0.0.rc1) shoulda-matchers (~> 6.2) @@ -1082,7 +1084,7 @@ CHECKSUMS redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9 regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9 reline (0.5.6) sha256=0cfa889a415bdaa7b2965f976af922c0a226a2959123911606c5e5099add573e - rexml (3.2.6) sha256=e0669a2d4e9f109951cb1fde723d8acd285425d81594a2ea929304af50282816 + rexml (3.2.8) sha256=0908a86381d9f973824680df4e0a75422766272f03b1c0e49db7e79c23db1135 roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6 roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854 @@ -1107,7 +1109,7 @@ CHECKSUMS sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3 sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57 - selenium-webdriver (4.20.1) sha256=560ca00d45bed16d661089da674290ce81564949888daa1f8659fe77fd39a2ac + selenium-webdriver (4.21.0) sha256=1ef8c92d1b882e84578c9b85fe960d9614ea0c19101e72fb8e0e2ebf5ab6fd6f semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163 semantic_logger (4.15.0) sha256=ec4f56122b5d2e2117d148b86c69fb62c1194a2b01a271be04ba8678a85f81ff shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6 @@ -1124,6 +1126,7 @@ CHECKSUMS stimulus-rails (1.3.3) sha256=4d1f9ab1d64e605f4c9cdd4cc530a9538b510606d32d02249d106256845c562c stringio (3.1.0) sha256=c1f6263ae03a15025e51194ab19b06b15e06adcaaedb7f5f6c06ab60f5d67718 strong_migrations (1.8.0) sha256=18de155ebcddf44e60e74f9a6c0b4bfd2d1e576dfe1c67f4aafc4ec5b0442f5d + strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555 swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655 tailwindcss-rails (2.6.0) sha256=1450c61d0853552017932231e37ee96539f70ac9c9ae9fcd1514915336d5365a terser (1.2.2) sha256=86ddfa0de7fa8f6c8fd34ad611596f787a77e21bed3db08b90e7c30942d20288 From 8b4fc78bca3e7d6fd865df7b3a83c63734c81541 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 15:00:33 +0000 Subject: [PATCH 04/60] Bump minitest from 5.22.3 to 5.23.0 Bumps [minitest](https://github.com/minitest/minitest) from 5.22.3 to 5.23.0. - [Changelog](https://github.com/minitest/minitest/blob/master/History.rdoc) - [Commits](https://github.com/minitest/minitest/compare/v5.22.3...v5.23.0) --- updated-dependencies: - dependency-name: minitest dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 852330dbe8b..edc50f0235c 100644 --- a/Gemfile +++ b/Gemfile @@ -122,7 +122,7 @@ group :development do end group :test do - gem "minitest", "~> 5.22", require: false + gem "minitest", "~> 5.23", require: false gem "capybara", "~> 3.40" gem "launchy", "~> 3.0" gem "rack-test", "~> 2.1", require: "rack/test" diff --git a/Gemfile.lock b/Gemfile.lock index b729f9020a6..86443843d69 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -391,7 +391,7 @@ GEM mini_histogram (0.3.1) mini_mime (1.1.5) mini_portile2 (2.8.6) - minitest (5.22.3) + minitest (5.23.0) minitest-gcstats (1.3.1) minitest (~> 5.0) minitest-reporters (1.6.1) @@ -802,7 +802,7 @@ DEPENDENCIES mail (~> 2.8) maintenance_tasks (~> 2.7) memory_profiler (~> 1.0) - minitest (~> 5.22) + minitest (~> 5.23) minitest-gcstats (~> 1.3) minitest-reporters (~> 1.6) mocha (~> 2.2) @@ -1010,7 +1010,7 @@ CHECKSUMS mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94 mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef mini_portile2 (2.8.6) sha256=4e2ab09b924906fd42c0b6eb72816db6a435d0404e9cbdcc5d722c133b493991 - minitest (5.22.3) sha256=ea84676290cb5e2b4f31f25751af6050aa90d3e43e4337141c3e3e839611981e + minitest (5.23.0) sha256=4c488e69b6a0a8bece496bfde92e39fb806f3d786eb935d55864b4dc927639a0 minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 mocha (2.2.0) sha256=8ba0d52c035973f950a9a4fa29f6f1022138518dfb2c846d9db2597aa9912431 From cc78e7384f6b827c193d6af342d764778f2b1d8e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 21:23:59 +0000 Subject: [PATCH 05/60] Bump rexml from 3.2.6 to 3.2.8 Bumps [rexml](https://github.com/ruby/rexml) from 3.2.6 to 3.2.8. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.6...v3.2.8) --- updated-dependencies: - dependency-name: rexml dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b729f9020a6..9f366f8bd84 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -582,7 +582,8 @@ GEM regexp_parser (2.9.0) reline (0.5.6) io-console (~> 0.5) - rexml (3.2.6) + rexml (3.2.8) + strscan (>= 3.0.9) roadie (5.2.1) css_parser (~> 1.4) nokogiri (~> 1.15) @@ -684,6 +685,7 @@ GEM stringio (3.1.0) strong_migrations (1.8.0) activerecord (>= 5.2) + strscan (3.1.0) swd (2.0.3) activesupport (>= 3) attr_required (>= 0.0.5) @@ -1082,7 +1084,7 @@ CHECKSUMS redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9 regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9 reline (0.5.6) sha256=0cfa889a415bdaa7b2965f976af922c0a226a2959123911606c5e5099add573e - rexml (3.2.6) sha256=e0669a2d4e9f109951cb1fde723d8acd285425d81594a2ea929304af50282816 + rexml (3.2.8) sha256=0908a86381d9f973824680df4e0a75422766272f03b1c0e49db7e79c23db1135 roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6 roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f rotp (6.3.0) sha256=75d40087e65ed0d8022c33055a6306c1c400d1c12261932533b5d6cbcd868854 @@ -1124,6 +1126,7 @@ CHECKSUMS stimulus-rails (1.3.3) sha256=4d1f9ab1d64e605f4c9cdd4cc530a9538b510606d32d02249d106256845c562c stringio (3.1.0) sha256=c1f6263ae03a15025e51194ab19b06b15e06adcaaedb7f5f6c06ab60f5d67718 strong_migrations (1.8.0) sha256=18de155ebcddf44e60e74f9a6c0b4bfd2d1e576dfe1c67f4aafc4ec5b0442f5d + strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555 swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655 tailwindcss-rails (2.6.0) sha256=1450c61d0853552017932231e37ee96539f70ac9c9ae9fcd1514915336d5365a terser (1.2.2) sha256=86ddfa0de7fa8f6c8fd34ad611596f787a77e21bed3db08b90e7c30942d20288 From f37fe410300cfe878af22a9e293c15373a2a1f37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 16 May 2024 22:15:05 +0000 Subject: [PATCH 06/60] Bump letter_opener_web from 2.0.0 to 3.0.0 Bumps [letter_opener_web](https://github.com/fgrehm/letter_opener_web) from 2.0.0 to 3.0.0. - [Release notes](https://github.com/fgrehm/letter_opener_web/releases) - [Changelog](https://github.com/fgrehm/letter_opener_web/blob/master/CHANGELOG.md) - [Commits](https://github.com/fgrehm/letter_opener_web/compare/v2.0.0...v3.0.0) --- updated-dependencies: - dependency-name: letter_opener_web dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Gemfile b/Gemfile index 852330dbe8b..d9244ad395f 100644 --- a/Gemfile +++ b/Gemfile @@ -116,7 +116,7 @@ group :development do gem "rails-erd", "~> 1.7" gem "listen", "~> 3.9" gem "letter_opener", "~> 1.10" - gem "letter_opener_web", "~> 2.0" + gem "letter_opener_web", "~> 3.0" gem "derailed_benchmarks", "~> 2.1" gem "memory_profiler", "~> 1.0" end diff --git a/Gemfile.lock b/Gemfile.lock index 9f366f8bd84..55925ef6d3f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -341,10 +341,10 @@ GEM http (>= 4.4.1, < 6.0.0) letter_opener (1.10.0) launchy (>= 2.2, < 4) - letter_opener_web (2.0.0) - actionmailer (>= 5.2) - letter_opener (~> 1.7) - railties (>= 5.2) + letter_opener_web (3.0.0) + actionmailer (>= 6.1) + letter_opener (~> 1.9) + railties (>= 6.1) rexml libdatadog (7.0.0.1.0) libddwaf (1.14.0.0.0) @@ -580,7 +580,7 @@ GEM psych (>= 4.0.0) redcarpet (3.6.0) regexp_parser (2.9.0) - reline (0.5.6) + reline (0.5.7) io-console (~> 0.5) rexml (3.2.8) strscan (>= 3.0.9) @@ -754,7 +754,7 @@ GEM xpath (3.2.0) nokogiri (~> 1.8) yard (0.9.36) - zeitwerk (2.6.13) + zeitwerk (2.6.14) PLATFORMS ruby @@ -798,7 +798,7 @@ DEPENDENCIES launchdarkly-server-sdk (~> 8.4) launchy (~> 3.0) letter_opener (~> 1.10) - letter_opener_web (~> 2.0) + letter_opener_web (~> 3.0) listen (~> 3.9) lookbook (~> 2.3) mail (~> 2.8) @@ -995,7 +995,7 @@ CHECKSUMS launchy (3.0.1) sha256=b7fa60bda0197cf57614e271a250a8ca1f6a34ab889a3c73f67ec5d57c8a7f2c ld-eventsource (2.2.2) sha256=5ea087a6f06bbd8e325d2c1aaead50f37f13d025b952985739e9380a78a96beb letter_opener (1.10.0) sha256=2ff33f2e3b5c3c26d1959be54b395c086ca6d44826e8bf41a14ff96fdf1bdbb2 - letter_opener_web (2.0.0) sha256=33860ad41e1785d75456500e8ca8bba8ed71ee6eaf08a98d06bbab67c5577b6f + letter_opener_web (3.0.0) sha256=3f391efe0e8b9b24becfab5537dfb17a5cf5eb532038f947daab58cb4b749860 libdatadog (7.0.0.1.0) sha256=b4321485dd0f664ad43540cacb5ace0fedba064ad978f97510172c1ad6940316 libddwaf (1.14.0.0.0) sha256=b91ea9675f7d79d1cd10dd6513e3706760ac442cb8902164fbcef79b7082a8fd listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67 @@ -1083,7 +1083,7 @@ CHECKSUMS rdoc (6.6.3.1) sha256=39f7b749229ab5ad9d21c81586151c1dd7a549fa8be4070ee09b524f9c656345 redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9 regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9 - reline (0.5.6) sha256=0cfa889a415bdaa7b2965f976af922c0a226a2959123911606c5e5099add573e + reline (0.5.7) sha256=1f632a0703fd7d5f3a29d0167395b13e1b59ffa78c2bda077f8b2f26f9b8341b rexml (3.2.8) sha256=0908a86381d9f973824680df4e0a75422766272f03b1c0e49db7e79c23db1135 roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6 roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f @@ -1156,7 +1156,7 @@ CHECKSUMS xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4 - zeitwerk (2.6.13) sha256=2db861b021d020f48b5bf51613f355fcd041bf0a27ad8c748fa88fa974c5c7d4 + zeitwerk (2.6.14) sha256=70d8acedc579d87c508f20c31f6e440753014019e0764fb2bf5f42e87054d92b RUBY VERSION ruby 3.3.1p55 From 05343f01a7205c9317641395433c2eae538775af Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Thu, 16 May 2024 18:00:57 -0700 Subject: [PATCH 07/60] Remove deprecated /passwords (plural) routes (#4722) --- config/routes.rb | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/config/routes.rb b/config/routes.rb index fcca4053e1d..b27fceb74b6 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -242,11 +242,6 @@ patch 'unconfirmed' end - # The resource was plural path /passwords/new, but now we are using singular path /password/new - # TODO: remove the following get/post routes a few days after this PR is deployed - get "passwords/new", to: "passwords#new" - post "passwords", to: "passwords#create" - resource :password, only: %i[new create edit update] do post 'otp_edit', to: 'passwords#otp_edit', as: :otp_edit post 'webauthn_edit', to: 'passwords#webauthn_edit', as: :webauthn_edit @@ -261,14 +256,7 @@ post 'webauthn_authenticate', to: 'sessions#webauthn_authenticate', as: :webauthn_authenticate end - resources :users, only: %i[new create] do - # TODO: remove the password resource a few days after this PR is deployed - # allowing time for existing password reset emails to be used - resource :password, only: %i[create edit update] do - post 'otp_edit', to: 'passwords#otp_edit', as: :otp_edit - post 'webauthn_edit', to: 'passwords#webauthn_edit', as: :webauthn_edit - end - end + resources :users, only: %i[new create] get '/sign_in' => 'sessions#new', as: 'sign_in' delete '/sign_out' => 'sessions#destroy', as: 'sign_out' From 3a094845584b1999814bb97214f624dc1cd89b24 Mon Sep 17 00:00:00 2001 From: Colby Swandale <996377+colby-swandale@users.noreply.github.com> Date: Sat, 18 May 2024 11:50:53 +0900 Subject: [PATCH 08/60] align SemanticLogger configuration to recommended configuration --- config/environments/development.rb | 2 +- config/environments/production.rb | 3 ++- config/puma.rb | 5 +++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/environments/development.rb b/config/environments/development.rb index 86cd49f07de..63cbd9de3ce 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -95,7 +95,7 @@ config.rails_semantic_logger.rendered = !enable_semantic_log_format unless enable_semantic_log_format require 'rails_development_log_formatter' - SemanticLogger.add_appender(io: $stdout, formatter: RailsDevelopmentLogFormatter.new) + config.semantic_logger.add_appender(io: $stdout, formatter: RailsDevelopmentLogFormatter.new) config.rails_semantic_logger.format = RailsDevelopmentLogFormatter.new end diff --git a/config/environments/production.rb b/config/environments/production.rb index 80b38130b49..8d5862924f6 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -61,11 +61,12 @@ # Include generic and useful information about system operation, but avoid logging too much # information to avoid inadvertent exposure of personally identifiable information (PII). + $stdout.sync = true config.log_level = :info config.rails_semantic_logger.format = :json config.rails_semantic_logger.semantic = true config.rails_semantic_logger.add_file_appender = false - SemanticLogger.add_appender(io: $stdout, formatter: :json) + config.semantic_logger.add_appender(io: $stdout, formatter: config.rails_semantic_logger.format) # Prepend all log lines with the following tags. # config.log_tags = [ :request_id ] diff --git a/config/puma.rb b/config/puma.rb index cd9ac87511b..cbc576cdb8f 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -46,6 +46,11 @@ sleep 1 end +on_worker_boot do + # Re-open appenders after forking the process. https://logger.rocketjob.io/forking.html + SemanticLogger.reopen +end + on_restart do Rails.configuration.launch_darkly_client&.close end From 2730d13c00d2526940e45c0197fb0b167edb1da5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 05:12:19 +0000 Subject: [PATCH 09/60] Bump actions/checkout from 4.1.5 to 4.1.6 (#4724) --- .github/workflows/codeql.yml | 2 +- .github/workflows/docker.yml | 2 +- .github/workflows/lint.yml | 8 ++++---- .github/workflows/scorecards.yml | 2 +- .github/workflows/test.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index eac0ae9f772..dbd06094509 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 5016d3bcb6d..c6615b58736 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -17,7 +17,7 @@ jobs: RUBYGEMS_VERSION: 3.5.10 RUBY_VERSION: 3.3.1 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # master diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7813afcc38e..a6111344d14 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: name: Rubocop runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 with: bundler-cache: true @@ -22,7 +22,7 @@ jobs: name: Brakeman runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 with: bundler-cache: true @@ -32,7 +32,7 @@ jobs: name: Importmap Verify runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 with: bundler-cache: true @@ -50,7 +50,7 @@ jobs: steps: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 with: bundler-cache: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 936f783e1a1..a400c0e1526 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -32,7 +32,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v3.1.0 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v3.1.0 with: persist-credentials: false diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c19962b57b8..64bda5fc5d3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -42,7 +42,7 @@ jobs: # Fail hard when Toxiproxy is not running to ensure all tests (even Toxiproxy optional ones) are passing REQUIRE_TOXIPROXY: true steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup rubygems.org uses: ./.github/actions/setup-rubygems.org From 5a1fb7551f7a8a6278970d715069c78833161176 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 May 2024 05:12:35 +0000 Subject: [PATCH 10/60] Bump selenium-webdriver from 4.21.0 to 4.21.1 (#4723) --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index bf9cf51f58f..d736102e4c6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -645,7 +645,7 @@ GEM searchkick (5.3.1) activemodel (>= 6.1) hashie - selenium-webdriver (4.21.0) + selenium-webdriver (4.21.1) base64 (~> 0.2) rexml (~> 3.2, >= 3.2.5) rubyzip (>= 1.2.2, < 3.0) @@ -1109,7 +1109,7 @@ CHECKSUMS sassc-embedded (1.70.1) sha256=a95172c9c6725dfc412c702a0e705fb8a5bcb3aac2a32586b18e5432987103d3 sawyer (0.9.2) sha256=fa3a72d62a4525517b18857ddb78926aab3424de0129be6772a8e2ba240e7aca searchkick (5.3.1) sha256=dc1181543f6a68354e380651f235fa7f3df6a09e4cd67fc284dc293fa9860f57 - selenium-webdriver (4.21.0) sha256=1ef8c92d1b882e84578c9b85fe960d9614ea0c19101e72fb8e0e2ebf5ab6fd6f + selenium-webdriver (4.21.1) sha256=c30b64014532fc5156c60797985f839f36adbe60ff4653e7112b008dc1c83263 semantic (1.6.1) sha256=3cdbb48f59198ebb782a3fdfb87b559e0822a311610db153bae22777a7d0c163 semantic_logger (4.15.0) sha256=ec4f56122b5d2e2117d148b86c69fb62c1194a2b01a271be04ba8678a85f81ff shoryuken (6.2.1) sha256=95ddc0a717624a54e799d25a0a05100cb5a0c3728a96211935c214faaf16b3b6 From 69f76d88061e45ead6d62913220f369f2ee36786 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 May 2024 14:54:59 +0000 Subject: [PATCH 11/60] Bump codecov/codecov-action from 4.3.1 to 4.4.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5ecb98a3c6b747ed38dc09f787459979aebb39be...6d798873df2b1b8e5846dba6fb86631229fbcb17) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 64bda5fc5d3..6434436392d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -64,6 +64,6 @@ jobs: - name: Upload coverage to Codecov if: matrix.rubygems.name == 'locked' && (success() || failure()) - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From bdc4165bfe747e759fa9ef249573b0dfe5c7203f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 17 May 2024 01:34:05 +0000 Subject: [PATCH 12/60] Bump aws-sdk-sqs from 1.73.0 to 1.74.0 Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.73.0 to 1.74.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-sqs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index f2f1093a35f..b297263107f 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2" gem "rails-i18n", "~> 7.0" gem "aws-sdk-s3", "~> 1.151" -gem "aws-sdk-sqs", "~> 1.73" +gem "aws-sdk-sqs", "~> 1.74" gem "bootsnap", "~> 1.18" gem "clearance", "~> 2.7" gem "dalli", "~> 3.2" diff --git a/Gemfile.lock b/Gemfile.lock index d736102e4c6..628af41e370 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,7 +110,7 @@ GEM zeitwerk (>= 2.6.2) awrence (1.2.1) aws-eventstream (1.3.0) - aws-partitions (1.929.0) + aws-partitions (1.930.0) aws-sdk-core (3.196.1) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) @@ -123,7 +123,7 @@ GEM aws-sdk-core (~> 3, >= 3.194.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) - aws-sdk-sqs (1.73.0) + aws-sdk-sqs (1.74.0) aws-sdk-core (~> 3, >= 3.193.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.8.0) @@ -765,7 +765,7 @@ DEPENDENCIES autoprefixer-rails (~> 10.4) avo (~> 2.51) aws-sdk-s3 (~> 1.151) - aws-sdk-sqs (~> 1.73) + aws-sdk-sqs (~> 1.74) bcrypt (~> 3.1) bootsnap (~> 1.18) brakeman (~> 6.1) @@ -894,11 +894,11 @@ CHECKSUMS avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03 awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f - aws-partitions (1.929.0) sha256=7a696245d2e6af5cd88d01ae15963b65a46d4b1b98ef7a2ddfd300b8106da598 + aws-partitions (1.930.0) sha256=6cfce1550e3586813dc2765bd5b95c59e7471739f417d9c66f742750dca3994b aws-sdk-core (3.196.1) sha256=e36bfec78d841041acb4424a728e35fc2c324e4ee6f07e1c301bbdf4c69d8438 aws-sdk-kms (1.81.0) sha256=b15dd1e840756a13f27d4f3d8308571f97a4902e0a21c753ea9be14138a4f496 aws-sdk-s3 (1.151.0) sha256=9e40e64f3ea112b33fdbb0416b6b44247372b983f6a7a9c30fa9b5627a4f7008 - aws-sdk-sqs (1.73.0) sha256=87dac3a9e06908ffed136ff7e038637cc5f34de7a99a7d64192e4cb7c66ccde0 + aws-sdk-sqs (1.74.0) sha256=cc4951b044803a7e6ad51d4e24f4c182dbca404afc6528183f207de4be1f1bda aws-sigv4 (1.8.0) sha256=84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507 bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099 From 3c3aa8093e489932d4cf84b246de38cd91037b7d Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Sun, 19 May 2024 15:29:52 -0700 Subject: [PATCH 13/60] Limit spamming via unconfirmed email confirmation resend (#4721) --- config/initializers/rack_attack.rb | 14 +++++++++++--- test/integration/rack_attack_test.rb | 11 +++++++++++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb index d3ac7dbbda3..0ef13c32ebd 100644 --- a/config/initializers/rack_attack.rb +++ b/config/initializers/rack_attack.rb @@ -208,11 +208,19 @@ def self.api_key_owner_id(req) end end - protected_confirmation_action = [{ controller: "email_confirmations", action: "create" }] + protected_confirmation_action = [ + { controller: "email_confirmations", action: "create" }, + { controller: "email_confirmations", action: "unconfirmed" } + ] throttle("email_confirmations/email", limit: REQUEST_LIMIT_PER_EMAIL, period: LIMIT_PERIOD) do |req| - if protected_route?(protected_confirmation_action, req.path, req.request_method) && req.params['email_confirmation'] - User.normalize_email(req.params['email_confirmation']['email']).presence + if protected_route?(protected_confirmation_action, req.path, req.request_method) + if req.params['email_confirmation'] + User.normalize_email(req.params['email_confirmation']['email']).presence + else + action_dispatch_req = ActionDispatch::Request.new(req.env) + User.find_by_remember_token(action_dispatch_req.cookie_jar.signed["remember_token"])&.email.presence + end end end diff --git a/test/integration/rack_attack_test.rb b/test/integration/rack_attack_test.rb index 783d94cce80..446a95123e8 100644 --- a/test/integration/rack_attack_test.rb +++ b/test/integration/rack_attack_test.rb @@ -60,6 +60,17 @@ class RackAttackTest < ActionDispatch::IntegrationTest assert_response :success end + should "allow email confirmation resend via unconfirmed" do + stay_under_limit_for("clearance/ip/1") + stay_under_email_limit_for("email_confirmations/email") + + patch "/email_confirmations/unconfirmed", + headers: { REMOTE_ADDR: @ip_address } + follow_redirect! + + assert_response :success + end + context "owners requests" do setup do post session_path(session: { who: @user.handle, password: PasswordHelpers::SECURE_TEST_PASSWORD }) From 86ff3d0b67724af5b28cff94ed98f101613abe60 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 10:17:47 -0700 Subject: [PATCH 14/60] Bump mocha from 2.2.0 to 2.3.0 (#4729) Bumps [mocha](https://github.com/freerange/mocha) from 2.2.0 to 2.3.0. - [Changelog](https://github.com/freerange/mocha/blob/main/RELEASE.md) - [Commits](https://github.com/freerange/mocha/compare/v2.2.0...v2.3.0) --- updated-dependencies: - dependency-name: mocha dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index b297263107f..21de5520751 100644 --- a/Gemfile +++ b/Gemfile @@ -127,7 +127,7 @@ group :test do gem "launchy", "~> 3.0" gem "rack-test", "~> 2.1", require: "rack/test" gem "rails-controller-testing", "~> 1.0" - gem "mocha", "~> 2.2", require: false + gem "mocha", "~> 2.3", require: false gem "shoulda-context", "~> 3.0.0.rc1" gem "shoulda-matchers", "~> 6.2" gem "selenium-webdriver", "~> 4.21" diff --git a/Gemfile.lock b/Gemfile.lock index 628af41e370..593d780f28e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -399,7 +399,7 @@ GEM builder minitest (>= 5.0) ruby-progressbar - mocha (2.2.0) + mocha (2.3.0) ruby2_keywords (>= 0.0.5) msgpack (1.7.2) multi_json (1.15.0) @@ -807,7 +807,7 @@ DEPENDENCIES minitest (~> 5.23) minitest-gcstats (~> 1.3) minitest-reporters (~> 1.6) - mocha (~> 2.2) + mocha (~> 2.3) observer (~> 0.1.2) octokit (~> 8.1) omniauth (~> 2.1) @@ -1015,7 +1015,7 @@ CHECKSUMS minitest (5.23.0) sha256=4c488e69b6a0a8bece496bfde92e39fb806f3d786eb935d55864b4dc927639a0 minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 - mocha (2.2.0) sha256=8ba0d52c035973f950a9a4fa29f6f1022138518dfb2c846d9db2597aa9912431 + mocha (2.3.0) sha256=f3af2eee619afe9b67a960a24fcdea3a05f548b528e6974458c89121a0204408 msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8 multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d multi_xml (0.7.1) sha256=4fce100c68af588ff91b8ba90a0bb3f0466f06c909f21a32f4962059140ba61b From c9ae7d40d4259ec41e2fca95a7ffa398584041ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 10:17:58 -0700 Subject: [PATCH 15/60] Bump good_job from 3.28.2 to 3.28.3 (#4726) Bumps [good_job](https://github.com/bensheldon/good_job) from 3.28.2 to 3.28.3. - [Release notes](https://github.com/bensheldon/good_job/releases) - [Changelog](https://github.com/bensheldon/good_job/blob/main/CHANGELOG.md) - [Commits](https://github.com/bensheldon/good_job/compare/v3.28.2...v3.28.3) --- updated-dependencies: - dependency-name: good_job dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 593d780f28e..3db491ba7b1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -254,7 +254,7 @@ GEM ffi (~> 1.0) globalid (1.2.1) activesupport (>= 6.1) - good_job (3.28.2) + good_job (3.28.3) activejob (>= 6.0.0) activerecord (>= 6.0.0) concurrent-ruby (>= 1.0.2) @@ -499,7 +499,7 @@ GEM activesupport (>= 3.0.0) pwned (2.3.0) raabro (1.4.0) - racc (1.7.3) + racc (1.8.0) rack (3.0.11) rack-attack (6.7.0) rack (>= 1.0, < 4) @@ -960,7 +960,7 @@ CHECKSUMS fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9 get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9 - good_job (3.28.2) sha256=ec7d6580acf4b090b6d45c72618f3e32889c0078c7d8a5f50f2813dd68f673c4 + good_job (3.28.3) sha256=3067cbc15d4a31a4c82e0b7bfa3919b9eb9659ebe58bc158b484388d35c59ecc google-protobuf (4.26.1) sha256=52059a231bd6521728f5e278b64f1dea9d9ffecccbde7d53ef719721bb074493 gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54 @@ -1058,7 +1058,7 @@ CHECKSUMS pundit (2.3.2) sha256=7ca09a5801ebaedad1966f7eb0b1c52ecb8c94b3b6ab70122cb22856ac187fa3 pwned (2.3.0) sha256=63f5a9576f109203684e9dd053f815649fd5bc0a0348b7190568272641b22353 raabro (1.4.0) sha256=d4fa9ff5172391edb92b242eed8be802d1934b1464061ae5e70d80962c5da882 - racc (1.7.3) sha256=b785ab8a30ec43bce073c51dbbe791fd27000f68d1c996c95da98bf685316905 + racc (1.8.0) sha256=09349a65c37c4fe710a435f25c9f1652e39f29ad6b1fa08d4a8d30c0553d3a08 rack (3.0.11) sha256=a08473678160760d9085ebe14508a42add18cde4217107b4b1aa01c8f14ff98c rack-attack (6.7.0) sha256=3ca47e8f66cd33b2c96af53ea4754525cd928ed3fa8da10ee6dad0277791d77c rack-oauth2 (2.2.1) sha256=c73aa87c508043e2258f02b4fb110cacba9b37d2ccf884e22487d014a120d1a5 From 0f0ac3e16f1afc431e2b4154c438b1851aea1683 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 10:32:47 -0700 Subject: [PATCH 16/60] Bump codecov/codecov-action from 4.4.0 to 4.4.1 (#4727) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.0 to 4.4.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/6d798873df2b1b8e5846dba6fb86631229fbcb17...125fc84a9a348dbcf27191600683ec096ec9021c) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6434436392d..8b3c722f243 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -64,6 +64,6 @@ jobs: - name: Upload coverage to Codecov if: matrix.rubygems.name == 'locked' && (success() || failure()) - uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} From e691077e140cf078624539ffd41544ef613ba356 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 10:32:58 -0700 Subject: [PATCH 17/60] Bump github/codeql-action from 2.13.4 to 3.25.5 (#4728) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.13.4 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cdcdbb579706841c47f7063dda365e292e5cad7a...b7cec7526559c32f1616476ff32d17ba4c59b2d6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dbd06094509..0be34514efe 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,6 +71,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index a400c0e1526..3fe6e64ec8f 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # v2.13.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 5677148ab115708841d419e488fed963e67a619d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 13:25:29 -0700 Subject: [PATCH 18/60] --- (#4731) updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a6111344d14..b7781e28ac6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 + - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 with: bundler-cache: true - name: Rubocop @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 + - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 with: bundler-cache: true - name: Brakeman @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 + - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 with: bundler-cache: true - name: Importmap Verify @@ -51,7 +51,7 @@ jobs: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@cacc9f1c0b3f4eb8a16a6bb0ed10897b43b9de49 # v1.176.0 + - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 with: bundler-cache: true - name: krane render From cad70b73684efc68090b086f9c6599dc505e77cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 May 2024 13:25:38 -0700 Subject: [PATCH 19/60] --- (#4730) updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 0be34514efe..5c00d36f064 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,6 +71,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3fe6e64ec8f..3e34dff058d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif From 6cc69318870d296e8e740af273606225eb9a2f5f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 12:05:36 -0700 Subject: [PATCH 20/60] --- (#4734) updated-dependencies: - dependency-name: pghero dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 21de5520751..9da8b01d78b 100644 --- a/Gemfile +++ b/Gemfile @@ -57,7 +57,7 @@ gem "strong_migrations", "~> 1.8" gem "phlex-rails", "~> 1.2" gem "discard", "~> 1.3" gem "user_agent_parser", "~> 2.17" -gem "pghero", "~> 3.4" +gem "pghero", "~> 3.5" # Admin dashboard gem "avo", "~> 2.51" diff --git a/Gemfile.lock b/Gemfile.lock index 3db491ba7b1..f99a8b05025 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -474,7 +474,7 @@ GEM pg (1.5.6) pg_query (5.1.0) google-protobuf (>= 3.22.3) - pghero (3.4.1) + pghero (3.5.0) activerecord (>= 6) phlex (1.10.2) phlex-rails (1.2.1) @@ -817,7 +817,7 @@ DEPENDENCIES opensearch-ruby (~> 3.3) pg (~> 1.5) pg_query (~> 5.1) - pghero (~> 3.4) + pghero (~> 3.5) phlex-rails (~> 1.2) pp (= 0.5.0) prosopite (~> 1.4) @@ -1044,7 +1044,7 @@ CHECKSUMS parser (3.3.0.5) sha256=7748313e505ca87045dc0465c776c802043f777581796eb79b1654c5d19d2687 pg (1.5.6) sha256=4bc3ad2438825eea68457373555e3fd4ea1a82027b8a6be98ef57c0d57292b1c pg_query (5.1.0) sha256=b7f7f47c864f08ccbed46a8244906fb6ee77ee344fd27250717963928c93145d - pghero (3.4.1) sha256=7f949828119ab17de22ebaef1854ab8c738106bdc31bee3ac0acd0462c0efa88 + pghero (3.5.0) sha256=7b459d383673e358017d0dd210c11b6a82bbfb340c73236ba0e50bb6c0351e6a phlex (1.10.2) sha256=49dca7df081258f937be5e4ee0a81b11743f2b4fea25ac7537912b9c9344b1e6 phlex-rails (1.2.1) sha256=1d80709c02114cda869951d22bfca189b5f208d1eb89f2e6fafbe3c0240a822f pp (0.5.0) sha256=f8f40bc2ba9e1ab351b9458151da3a89f46034f7f599a8e0a06abb9b9f4411dd From fb776eb0defd24a88a4f5d761a28936dce94465f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 12:12:54 -0700 Subject: [PATCH 21/60] --- (#4732) updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/lint.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b7781e28ac6..e63ec4a5798 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 + - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 with: bundler-cache: true - name: Rubocop @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 + - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 with: bundler-cache: true - name: Brakeman @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 + - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 with: bundler-cache: true - name: Importmap Verify @@ -51,7 +51,7 @@ jobs: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@7dc18ff0ca6e3630d3f29d2a85ebf6cc27ae9d6c # v1.177.0 + - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 with: bundler-cache: true - name: krane render From 82f7c82a214ab5d8d01f30e51e0683eb6f54f135 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 12:21:13 -0700 Subject: [PATCH 22/60] --- (#4733) updated-dependencies: - dependency-name: minitest dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f99a8b05025..3e1b52655b2 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -391,7 +391,7 @@ GEM mini_histogram (0.3.1) mini_mime (1.1.5) mini_portile2 (2.8.6) - minitest (5.23.0) + minitest (5.23.1) minitest-gcstats (1.3.1) minitest (~> 5.0) minitest-reporters (1.6.1) @@ -1012,7 +1012,7 @@ CHECKSUMS mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94 mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef mini_portile2 (2.8.6) sha256=4e2ab09b924906fd42c0b6eb72816db6a435d0404e9cbdcc5d722c133b493991 - minitest (5.23.0) sha256=4c488e69b6a0a8bece496bfde92e39fb806f3d786eb935d55864b4dc927639a0 + minitest (5.23.1) sha256=f1e8f8d6ffd96fb17339ce50768bcbbdbbadff5073cb9583d084403877a77abe minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 mocha (2.3.0) sha256=f3af2eee619afe9b67a960a24fcdea3a05f548b528e6974458c89121a0204408 From dcd216ec9623bf9ed9147308b084727769fdf4a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 22 May 2024 14:32:37 -0700 Subject: [PATCH 23/60] --- (#4735) updated-dependencies: - dependency-name: chartkick dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3e1b52655b2..4d14d4a809f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -154,7 +154,7 @@ GEM regexp_parser (>= 1.5, < 3.0) xpath (~> 3.2) cbor (0.5.9.8) - chartkick (5.0.6) + chartkick (5.0.7) childprocess (5.0.0) choice (0.2.0) chunky_png (1.4.0) @@ -914,7 +914,7 @@ CHECKSUMS byebug (11.1.3) sha256=2485944d2bb21283c593d562f9ae1019bf80002143cc3a255aaffd4e9cf4a35b capybara (3.40.0) sha256=42dba720578ea1ca65fd7a41d163dd368502c191804558f6e0f71b391054aeef cbor (0.5.9.8) sha256=9ee097fc58d9bc5e406d112cd2d4e112c7354ec16f8b6ff34e4732c1e44b4eb7 - chartkick (5.0.6) sha256=96c5984471d4c2017b28914bd1bcda7f9e8a3a9d1903059aaadc7a4044c87193 + chartkick (5.0.7) sha256=fe52cfd34a51ff0c42dabe26c59a827ffc5c74de56816eddcb74b7c639938893 childprocess (5.0.0) sha256=0746b7ab1d6c68156e64a3767631d7124121516192c0492929a7f0af7310d835 choice (0.2.0) sha256=a19617f7dfd4921b38a85d0616446620de685a113ec6d1ecc85bdb67bf38c974 chunky_png (1.4.0) sha256=89d5b31b55c0cf4da3cf89a2b4ebc3178d8abe8cbaf116a1dba95668502fdcfe From 564dbc6ac3c68ad99a8ac14837e07916f33b331b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 23 May 2024 20:25:56 -0700 Subject: [PATCH 24/60] Bump rdoc from 6.6.3.1 to 6.7.0 (#4737) Bumps [rdoc](https://github.com/ruby/rdoc) from 6.6.3.1 to 6.7.0. - [Release notes](https://github.com/ruby/rdoc/releases) - [Changelog](https://github.com/ruby/rdoc/blob/master/History.rdoc) - [Commits](https://github.com/ruby/rdoc/compare/v6.6.3.1...v6.7.0) --- updated-dependencies: - dependency-name: rdoc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 9da8b01d78b..247f1532f75 100644 --- a/Gemfile +++ b/Gemfile @@ -34,7 +34,7 @@ gem "rack", "~> 3.0" gem "rackup", "~> 2.1" gem "rack-utf8_sanitizer", "~> 1.8" gem "rbtrace", "~> 0.5.1" -gem "rdoc", "~> 6.6" +gem "rdoc", "~> 6.7" gem "roadie-rails", "~> 3.2" gem "ruby-magic", "~> 0.6" gem "shoryuken", "~> 6.2", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 4d14d4a809f..c0ef28435a4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -576,7 +576,7 @@ GEM ffi (>= 1.0.6) msgpack (>= 0.4.3) optimist (>= 3.0.0) - rdoc (6.6.3.1) + rdoc (6.7.0) psych (>= 4.0.0) redcarpet (3.6.0) regexp_parser (2.9.0) @@ -835,7 +835,7 @@ DEPENDENCIES rails-i18n (~> 7.0) rails_semantic_logger (~> 4.14) rbtrace (~> 0.5.1) - rdoc (~> 6.6) + rdoc (~> 6.7) roadie-rails (~> 3.2) rotp (~> 6.2) rqrcode (~> 2.1) @@ -1080,7 +1080,7 @@ CHECKSUMS rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe rb-inotify (0.10.1) sha256=050062d4f31d307cca52c3f6a7f4b946df8de25fc4bd373e1a5142e41034a7ca rbtrace (0.5.1) sha256=e8cba64d462bfb8ba102d7be2ecaacc789247d52ac587d8003549d909cb9c5dc - rdoc (6.6.3.1) sha256=39f7b749229ab5ad9d21c81586151c1dd7a549fa8be4070ee09b524f9c656345 + rdoc (6.7.0) sha256=b17d5f0f57b0853d7b880d4360a32c7caf8dbb81f8503a36426df809e617f379 redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9 regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9 reline (0.5.7) sha256=1f632a0703fd7d5f3a29d0167395b13e1b59ffa78c2bda077f8b2f26f9b8341b From a95bea1e20904a1397921e7a399058ee7613d0a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 11:34:27 -0700 Subject: [PATCH 25/60] Bump webmock from 3.23.0 to 3.23.1 (#4740) Bumps [webmock](https://github.com/bblimke/webmock) from 3.23.0 to 3.23.1. - [Changelog](https://github.com/bblimke/webmock/blob/master/CHANGELOG.md) - [Commits](https://github.com/bblimke/webmock/compare/v3.23.0...v3.23.1) --- updated-dependencies: - dependency-name: webmock dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c0ef28435a4..631476ab675 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -740,7 +740,7 @@ GEM activesupport faraday (~> 2.0) faraday-follow_redirects - webmock (3.23.0) + webmock (3.23.1) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) @@ -1148,7 +1148,7 @@ CHECKSUMS view_component (3.12.1) sha256=f2ce2ad2945389f4bbd4ff77465605e9019041e5c804d16d093791be2542b18b webauthn (3.1.0) sha256=e545fcf17d8a6b821161a37c1c4bc8c3d2ead0ff6ff3b098f57f417e731790b7 webfinger (2.1.3) sha256=567a52bde77fb38ca6b67e55db755f988766ec4651c1d24916a65aa70540695c - webmock (3.23.0) sha256=100787435c1f556129a238c11cc7cbee38cb9c2864709c6a0dcdcf822545f31f + webmock (3.23.1) sha256=0fa738c0767d1c4ec8cc57f6b21998f0c238c8a5b32450df1c847f2767140d95 webrick (1.8.1) sha256=19411ec6912911fd3df13559110127ea2badd0c035f7762873f58afc803e158f websocket (1.2.10) sha256=2cc1a4a79b6e63637b326b4273e46adcddf7871caa5dc5711f2ca4061a629fa8 websocket-driver (0.7.6) sha256=f69400be7bc197879726ad8e6f5869a61823147372fd8928836a53c2c741d0db From 8e2e9b90ecda1ad4208b72c4b21e9cb0f823e64b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 11:34:51 -0700 Subject: [PATCH 26/60] Bump lookbook from 2.3.0 to 2.3.1 (#4738) Bumps [lookbook](https://github.com/ViewComponent/lookbook) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/ViewComponent/lookbook/releases) - [Commits](https://github.com/ViewComponent/lookbook/compare/v2.3.0...v2.3.1) --- updated-dependencies: - dependency-name: lookbook dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 631476ab675..16fd270a446 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -358,7 +358,7 @@ GEM loofah (2.22.0) crass (~> 1.0.2) nokogiri (>= 1.12.0) - lookbook (2.3.0) + lookbook (2.3.1) activemodel css_parser htmlbeautifier (~> 1.3) @@ -1001,7 +1001,7 @@ CHECKSUMS listen (3.9.0) sha256=db9e4424e0e5834480385197c139cb6b0ae0ef28cc13310cfd1ca78377d59c67 llhttp-ffi (0.5.0) sha256=496f40ad44bcbf99de02da1f26b1ad64e6593cd487b931508a86228e2a3af0fa loofah (2.22.0) sha256=10d76e070c86b12fec74b6a9515fd1940f4459198b991342d0a7897d86c372fe - lookbook (2.3.0) sha256=0d225070902451124cd37279112d773c05f3b396fc2d86f9d971da559fd4b6bd + lookbook (2.3.1) sha256=d6ba294f3bd2fe8c39c30530a12aa99d42d202a5d6bff3d3edcafd6d2978dc39 mail (2.8.1) sha256=ec3b9fadcf2b3755c78785cb17bc9a0ca9ee9857108a64b6f5cfc9c0b5bfc9ad maintenance_tasks (2.7.0) sha256=0857d732e6c3078a501a1552d0ffb6321c900dc821c15bf09b6457931d6ccbcb marcel (1.0.4) sha256=0d5649feb64b8f19f3d3468b96c680bae9746335d02194270287868a661516a4 From 39fae38439c0582c5963786f440e2e7369a2e180 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 May 2024 18:40:14 +0000 Subject: [PATCH 27/60] Bump google-protobuf from 4.26.1 to 4.27.0 (#4739) Bumps [google-protobuf](https://github.com/protocolbuffers/protobuf) from 4.26.1 to 4.27.0. - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/commits) --- updated-dependencies: - dependency-name: google-protobuf dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 247f1532f75..3da810e35bd 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem "clearance", "~> 2.7" gem "dalli", "~> 3.2" gem "ddtrace", "~> 1.23", require: "ddtrace/auto_instrument" gem "dogstatsd-ruby", "~> 5.5" -gem "google-protobuf", "~> 4.26" +gem "google-protobuf", "~> 4.27" gem "faraday", "~> 2.9" gem "faraday-retry", "~> 2.2" gem "good_job", "~> 3.28" diff --git a/Gemfile.lock b/Gemfile.lock index 16fd270a446..de757262472 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -261,7 +261,8 @@ GEM fugit (>= 1.1) railties (>= 6.0.0) thor (>= 0.14.1) - google-protobuf (4.26.1) + google-protobuf (4.27.0) + bigdecimal rake (>= 13) gravtastic (3.2.6) groupdate (6.4.0) @@ -787,7 +788,7 @@ DEPENDENCIES faraday-retry (~> 2.2) faraday_middleware-aws-sigv4 (~> 1.0) good_job (~> 3.28) - google-protobuf (~> 4.26) + google-protobuf (~> 4.27) gravtastic (~> 3.2) groupdate (~> 6.2) high_voltage (~> 3.1) @@ -961,7 +962,7 @@ CHECKSUMS get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9 good_job (3.28.3) sha256=3067cbc15d4a31a4c82e0b7bfa3919b9eb9659ebe58bc158b484388d35c59ecc - google-protobuf (4.26.1) sha256=52059a231bd6521728f5e278b64f1dea9d9ffecccbde7d53ef719721bb074493 + google-protobuf (4.27.0) sha256=5e679347abc4721a3346913b8f69640a4ee13e0105d605b1da226b25346cd88d gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54 hashdiff (1.1.0) sha256=b5465f0e7375f1ee883f53a766ece4dbc764b7674a7c5ffd76e79b2f5f6fc9c9 From 4924fec2f1963f02d6625d2498c0d171c99efbf5 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Sun, 26 May 2024 14:35:03 -0700 Subject: [PATCH 28/60] Move pundit policy has_association above methods (#4743) --- app/policies/api_key_policy.rb | 8 +++--- app/policies/deletion_policy.rb | 4 +-- app/policies/events/rubygem_event_policy.rb | 6 ++--- app/policies/events/user_event_policy.rb | 6 ++--- app/policies/geoip_info_policy.rb | 4 +-- app/policies/ip_address_policy.rb | 6 ++--- app/policies/oidc/api_key_role_policy.rb | 6 ++--- app/policies/oidc/id_token_policy.rb | 6 ++--- .../oidc/pending_trusted_publisher_policy.rb | 6 ++--- app/policies/oidc/provider_policy.rb | 4 +-- .../oidc/rubygem_trusted_publisher_policy.rb | 6 ++--- .../trusted_publisher/github_action_policy.rb | 6 ++--- app/policies/ownership_policy.rb | 4 +-- app/policies/rubygem_policy.rb | 25 +++++++++---------- app/policies/user_policy.rb | 24 +++++++++--------- app/policies/version_policy.rb | 8 +++--- app/policies/web_hook_policy.rb | 4 +-- app/policies/webauthn_credential_policy.rb | 4 +-- app/policies/webauthn_verification_policy.rb | 4 +-- 19 files changed, 70 insertions(+), 71 deletions(-) diff --git a/app/policies/api_key_policy.rb b/app/policies/api_key_policy.rb index b99a290268c..bea701cfbd8 100644 --- a/app/policies/api_key_policy.rb +++ b/app/policies/api_key_policy.rb @@ -5,11 +5,11 @@ def resolve end end - def avo_show? - Pundit.policy!(user, record.owner).avo_show? - end - has_association :api_key_rubygem_scope has_association :ownership has_association :oidc_id_token + + def avo_show? + Pundit.policy!(user, record.owner).avo_show? + end end diff --git a/app/policies/deletion_policy.rb b/app/policies/deletion_policy.rb index 76e4740bfd4..491ccd15578 100644 --- a/app/policies/deletion_policy.rb +++ b/app/policies/deletion_policy.rb @@ -5,6 +5,8 @@ def resolve end end + has_association :version + def avo_index? rubygems_org_admin? end @@ -12,6 +14,4 @@ def avo_index? def avo_show? rubygems_org_admin? end - - has_association :version end diff --git a/app/policies/events/rubygem_event_policy.rb b/app/policies/events/rubygem_event_policy.rb index b2845a90c39..0c1644d8efa 100644 --- a/app/policies/events/rubygem_event_policy.rb +++ b/app/policies/events/rubygem_event_policy.rb @@ -5,9 +5,9 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :rubygem has_association :ip_address + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/events/user_event_policy.rb b/app/policies/events/user_event_policy.rb index 255eefb8d63..bbe74fb1457 100644 --- a/app/policies/events/user_event_policy.rb +++ b/app/policies/events/user_event_policy.rb @@ -5,9 +5,9 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :user has_association :ip_address + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/geoip_info_policy.rb b/app/policies/geoip_info_policy.rb index 940a31263e6..42f0aa258dd 100644 --- a/app/policies/geoip_info_policy.rb +++ b/app/policies/geoip_info_policy.rb @@ -5,8 +5,8 @@ def resolve end end + has_association :ip_addresses + def avo_index? = rubygems_org_admin? def avo_show? = rubygems_org_admin? - - has_association :ip_addresses end diff --git a/app/policies/ip_address_policy.rb b/app/policies/ip_address_policy.rb index 26a9c0af85a..fda18b72cfa 100644 --- a/app/policies/ip_address_policy.rb +++ b/app/policies/ip_address_policy.rb @@ -5,9 +5,9 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :user_events has_association :rubygem_events + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/oidc/api_key_role_policy.rb b/app/policies/oidc/api_key_role_policy.rb index 9491a6f934b..a3f0ffba8da 100644 --- a/app/policies/oidc/api_key_role_policy.rb +++ b/app/policies/oidc/api_key_role_policy.rb @@ -5,12 +5,12 @@ def resolve end end + has_association :provider + has_association :id_tokens + def avo_index? = rubygems_org_admin? def avo_show? = rubygems_org_admin? def avo_create? = rubygems_org_admin? def avo_update? = rubygems_org_admin? def act_on? = rubygems_org_admin? - - has_association :provider - has_association :id_tokens end diff --git a/app/policies/oidc/id_token_policy.rb b/app/policies/oidc/id_token_policy.rb index fd94f93797a..f2c5b2553f9 100644 --- a/app/policies/oidc/id_token_policy.rb +++ b/app/policies/oidc/id_token_policy.rb @@ -5,10 +5,10 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :provider has_association :api_key_role has_association :api_key + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/oidc/pending_trusted_publisher_policy.rb b/app/policies/oidc/pending_trusted_publisher_policy.rb index 0c1b670ff8d..e7b0ee3b09a 100644 --- a/app/policies/oidc/pending_trusted_publisher_policy.rb +++ b/app/policies/oidc/pending_trusted_publisher_policy.rb @@ -5,9 +5,9 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :rubygem has_association :trusted_publisher + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/oidc/provider_policy.rb b/app/policies/oidc/provider_policy.rb index 200fd3a69e6..84ede4d5f06 100644 --- a/app/policies/oidc/provider_policy.rb +++ b/app/policies/oidc/provider_policy.rb @@ -5,11 +5,11 @@ def resolve end end + has_association :api_key_roles + def avo_index? = rubygems_org_admin? def avo_show? = rubygems_org_admin? def avo_create? = rubygems_org_admin? def avo_update? = rubygems_org_admin? def act_on? = rubygems_org_admin? - - has_association :api_key_roles end diff --git a/app/policies/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/oidc/rubygem_trusted_publisher_policy.rb index 4aced2a2386..bb16fe9a8f3 100644 --- a/app/policies/oidc/rubygem_trusted_publisher_policy.rb +++ b/app/policies/oidc/rubygem_trusted_publisher_policy.rb @@ -5,9 +5,9 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :rubygem has_association :trusted_publisher + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/oidc/trusted_publisher/github_action_policy.rb b/app/policies/oidc/trusted_publisher/github_action_policy.rb index 155fbfb8bcf..66837ff5ad3 100644 --- a/app/policies/oidc/trusted_publisher/github_action_policy.rb +++ b/app/policies/oidc/trusted_publisher/github_action_policy.rb @@ -5,12 +5,12 @@ def resolve end end - def avo_index? = rubygems_org_admin? - def avo_show? = rubygems_org_admin? - has_association :trusted_publishers has_association :rubygem_trusted_publishers has_association :pending_trusted_publishers has_association :rubygems has_association :api_keys + + def avo_index? = rubygems_org_admin? + def avo_show? = rubygems_org_admin? end diff --git a/app/policies/ownership_policy.rb b/app/policies/ownership_policy.rb index 3227e5a8633..a13333c77ca 100644 --- a/app/policies/ownership_policy.rb +++ b/app/policies/ownership_policy.rb @@ -5,9 +5,9 @@ def resolve end end + has_association :api_key_rubygem_scopes + def avo_show? rubygems_org_admin? end - - has_association :api_key_rubygem_scopes end diff --git a/app/policies/rubygem_policy.rb b/app/policies/rubygem_policy.rb index 73f4fe46ecf..8c22536f1d7 100644 --- a/app/policies/rubygem_policy.rb +++ b/app/policies/rubygem_policy.rb @@ -9,18 +9,6 @@ def resolve end end - def avo_index? - rubygems_org_admin? - end - - def avo_show? - rubygems_org_admin? - end - - def act_on? - rubygems_org_admin? - end - has_association :versions has_association :latest_version has_association :ownerships @@ -34,6 +22,17 @@ def act_on? has_association :gem_download has_association :audits has_association :link_verifications - has_association :oidc_rubygem_trusted_publishers + + def avo_index? + rubygems_org_admin? + end + + def avo_show? + rubygems_org_admin? + end + + def act_on? + rubygems_org_admin? + end end diff --git a/app/policies/user_policy.rb b/app/policies/user_policy.rb index 5b2dba40866..daf84c1449d 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/user_policy.rb @@ -6,18 +6,6 @@ def resolve end end - def avo_index? - rubygems_org_admin? - end - - def avo_show? - rubygems_org_admin? - end - - def act_on? - rubygems_org_admin? - end - has_association :ownerships has_association :rubygems has_association :subscriptions @@ -34,4 +22,16 @@ def act_on? has_association :webauthn_credentials has_association :webauthn_verification has_association :events + + def avo_index? + rubygems_org_admin? + end + + def avo_show? + rubygems_org_admin? + end + + def act_on? + rubygems_org_admin? + end end diff --git a/app/policies/version_policy.rb b/app/policies/version_policy.rb index fce0be8ec72..91da344956d 100644 --- a/app/policies/version_policy.rb +++ b/app/policies/version_policy.rb @@ -9,6 +9,10 @@ def resolve end end + has_association :dependencies + has_association :gem_download + has_association :deletion + def avo_index? rubygems_org_admin? end @@ -20,8 +24,4 @@ def avo_show? def act_on? rubygems_org_admin? end - - has_association :dependencies - has_association :gem_download - has_association :deletion end diff --git a/app/policies/web_hook_policy.rb b/app/policies/web_hook_policy.rb index c4f862f782c..7555fb6082d 100644 --- a/app/policies/web_hook_policy.rb +++ b/app/policies/web_hook_policy.rb @@ -5,6 +5,8 @@ def resolve end end + has_association :audits + def avo_index? rubygems_org_admin? end @@ -16,6 +18,4 @@ def avo_show? def act_on? rubygems_org_admin? end - - has_association :audits end diff --git a/app/policies/webauthn_credential_policy.rb b/app/policies/webauthn_credential_policy.rb index 88c5442f864..3fa6d688e27 100644 --- a/app/policies/webauthn_credential_policy.rb +++ b/app/policies/webauthn_credential_policy.rb @@ -5,9 +5,9 @@ def resolve end end + has_association :user + def avo_show? Pundit.policy!(user, record.user).avo_show? end - - has_association :user end diff --git a/app/policies/webauthn_verification_policy.rb b/app/policies/webauthn_verification_policy.rb index bb4b1d36554..1c2e3300ad1 100644 --- a/app/policies/webauthn_verification_policy.rb +++ b/app/policies/webauthn_verification_policy.rb @@ -5,9 +5,9 @@ def resolve end end + has_association :user + def avo_show? Pundit.policy!(user, record.user).avo_show? end - - has_association :user end From 161a063e82e7e51d3093a428862be3ba20288e4c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 May 2024 21:22:35 +0000 Subject: [PATCH 29/60] Bump good_job from 3.28.3 to 3.29.0 (#4736) * --- updated-dependencies: - dependency-name: good_job dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * Add new good_job migrations --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Samuel Giddins --- Gemfile | 2 +- Gemfile.lock | 6 +-- ...185716_create_good_job_process_lock_ids.rb | 18 ++++++++ ...17_create_good_job_process_lock_indexes.rb | 42 +++++++++++++++++++ db/schema.rb | 9 +++- 5 files changed, 72 insertions(+), 5 deletions(-) create mode 100644 db/migrate/20240522185716_create_good_job_process_lock_ids.rb create mode 100644 db/migrate/20240522185717_create_good_job_process_lock_indexes.rb diff --git a/Gemfile b/Gemfile index 3da810e35bd..64979e314ed 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ gem "dogstatsd-ruby", "~> 5.5" gem "google-protobuf", "~> 4.27" gem "faraday", "~> 2.9" gem "faraday-retry", "~> 2.2" -gem "good_job", "~> 3.28" +gem "good_job", "~> 3.29" gem "gravtastic", "~> 3.2" gem "high_voltage", "~> 3.1" gem "honeybadger", "~> 5.5.1" # see https://github.com/rubygems/rubygems.org/pull/4598 diff --git a/Gemfile.lock b/Gemfile.lock index de757262472..8e95a5b32e9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -254,7 +254,7 @@ GEM ffi (~> 1.0) globalid (1.2.1) activesupport (>= 6.1) - good_job (3.28.3) + good_job (3.29.0) activejob (>= 6.0.0) activerecord (>= 6.0.0) concurrent-ruby (>= 1.0.2) @@ -787,7 +787,7 @@ DEPENDENCIES faraday (~> 2.9) faraday-retry (~> 2.2) faraday_middleware-aws-sigv4 (~> 1.0) - good_job (~> 3.28) + good_job (~> 3.29) google-protobuf (~> 4.27) gravtastic (~> 3.2) groupdate (~> 6.2) @@ -961,7 +961,7 @@ CHECKSUMS fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9 get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9 - good_job (3.28.3) sha256=3067cbc15d4a31a4c82e0b7bfa3919b9eb9659ebe58bc158b484388d35c59ecc + good_job (3.29.0) sha256=c94f8df2d107053910a34b12edfb09134066ee46f73e52b66710317d435b6d22 google-protobuf (4.27.0) sha256=5e679347abc4721a3346913b8f69640a4ee13e0105d605b1da226b25346cd88d gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54 diff --git a/db/migrate/20240522185716_create_good_job_process_lock_ids.rb b/db/migrate/20240522185716_create_good_job_process_lock_ids.rb new file mode 100644 index 00000000000..f1b70a8f2e4 --- /dev/null +++ b/db/migrate/20240522185716_create_good_job_process_lock_ids.rb @@ -0,0 +1,18 @@ +# frozen_string_literal: true + +class CreateGoodJobProcessLockIds < ActiveRecord::Migration[7.1] + def change + reversible do |dir| + dir.up do + # Ensure this incremental update migration is idempotent + # with monolithic install migration. + return if connection.column_exists?(:good_jobs, :locked_by_id) + end + end + + add_column :good_jobs, :locked_by_id, :uuid + add_column :good_jobs, :locked_at, :datetime + add_column :good_job_executions, :process_id, :uuid + add_column :good_job_processes, :lock_type, :integer, limit: 2 + end +end diff --git a/db/migrate/20240522185717_create_good_job_process_lock_indexes.rb b/db/migrate/20240522185717_create_good_job_process_lock_indexes.rb new file mode 100644 index 00000000000..7b9b52a34ff --- /dev/null +++ b/db/migrate/20240522185717_create_good_job_process_lock_indexes.rb @@ -0,0 +1,42 @@ +# frozen_string_literal: true + +class CreateGoodJobProcessLockIndexes < ActiveRecord::Migration[7.1] + disable_ddl_transaction! + + def change + reversible do |dir| + dir.up do + unless connection.index_name_exists?(:good_jobs, :index_good_jobs_on_priority_scheduled_at_unfinished_unlocked) + add_index :good_jobs, %i[priority scheduled_at], + order: { priority: "ASC NULLS LAST", scheduled_at: :asc }, + where: "finished_at IS NULL AND locked_by_id IS NULL", + name: :index_good_jobs_on_priority_scheduled_at_unfinished_unlocked, + algorithm: :concurrently + end + + unless connection.index_name_exists?(:good_jobs, :index_good_jobs_on_locked_by_id) + add_index :good_jobs, :locked_by_id, + where: "locked_by_id IS NOT NULL", + name: :index_good_jobs_on_locked_by_id, + algorithm: :concurrently + end + + unless connection.index_name_exists?(:good_job_executions, :index_good_job_executions_on_process_id_and_created_at) + add_index :good_job_executions, %i[process_id created_at], + name: :index_good_job_executions_on_process_id_and_created_at, + algorithm: :concurrently + end + end + + dir.down do + remove_index(:good_jobs, name: :index_good_jobs_on_priority_scheduled_at_unfinished_unlocked) if connection.index_name_exists?(:good_jobs, +:index_good_jobs_on_priority_scheduled_at_unfinished_unlocked) + remove_index(:good_jobs, name: :index_good_jobs_on_locked_by_id) if connection.index_name_exists?(:good_jobs, +:index_good_jobs_on_locked_by_id) + remove_index(:good_job_executions, name: :index_good_job_executions_on_process_id_and_created_at) if connection.index_name_exists?( + :good_job_executions, :index_good_job_executions_on_process_id_and_created_at + ) + end + end + end +end diff --git a/db/schema.rb b/db/schema.rb index ca2bfc2aa54..a09b0962643 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2024_05_06_180817) do +ActiveRecord::Schema[7.1].define(version: 2024_05_22_185717) do # These are extensions that must be enabled in order to support this database enable_extension "hstore" enable_extension "pgcrypto" @@ -193,13 +193,16 @@ t.text "error" t.integer "error_event", limit: 2 t.text "error_backtrace", array: true + t.uuid "process_id" t.index ["active_job_id", "created_at"], name: "index_good_job_executions_on_active_job_id_and_created_at" + t.index ["process_id", "created_at"], name: "index_good_job_executions_on_process_id_and_created_at" end create_table "good_job_processes", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t| t.datetime "created_at", null: false t.datetime "updated_at", null: false t.jsonb "state" + t.integer "lock_type", limit: 2 end create_table "good_job_settings", id: :uuid, default: -> { "gen_random_uuid()" }, force: :cascade do |t| @@ -232,6 +235,8 @@ t.text "job_class" t.integer "error_event", limit: 2 t.text "labels", array: true + t.uuid "locked_by_id" + t.datetime "locked_at" t.index ["active_job_id", "created_at"], name: "index_good_jobs_on_active_job_id_and_created_at" t.index ["batch_callback_id"], name: "index_good_jobs_on_batch_callback_id", where: "(batch_callback_id IS NOT NULL)" t.index ["batch_id"], name: "index_good_jobs_on_batch_id", where: "(batch_id IS NOT NULL)" @@ -240,8 +245,10 @@ t.index ["cron_key", "cron_at"], name: "index_good_jobs_on_cron_key_and_cron_at_cond", unique: true, where: "(cron_key IS NOT NULL)" t.index ["finished_at"], name: "index_good_jobs_jobs_on_finished_at", where: "((retried_good_job_id IS NULL) AND (finished_at IS NOT NULL))" t.index ["labels"], name: "index_good_jobs_on_labels", where: "(labels IS NOT NULL)", using: :gin + t.index ["locked_by_id"], name: "index_good_jobs_on_locked_by_id", where: "(locked_by_id IS NOT NULL)" t.index ["priority", "created_at"], name: "index_good_job_jobs_for_candidate_lookup", where: "(finished_at IS NULL)" t.index ["priority", "created_at"], name: "index_good_jobs_jobs_on_priority_created_at_when_unfinished", order: { priority: "DESC NULLS LAST" }, where: "(finished_at IS NULL)" + t.index ["priority", "scheduled_at"], name: "index_good_jobs_on_priority_scheduled_at_unfinished_unlocked", where: "((finished_at IS NULL) AND (locked_by_id IS NULL))" t.index ["queue_name", "scheduled_at"], name: "index_good_jobs_on_queue_name_and_scheduled_at", where: "(finished_at IS NULL)" t.index ["scheduled_at"], name: "index_good_jobs_on_scheduled_at", where: "(finished_at IS NULL)" end From 1420624b01bbd14b32059831c2b95a8713dbb754 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Wed, 29 May 2024 22:31:28 +0200 Subject: [PATCH 30/60] Remove deps/v1 cache purge. - dependency API was removed at ff5ccc98452d7e8ec1ba7707bbcc8d4ad83966d4 --- lib/gem_cache_purger.rb | 1 - test/unit/gem_cache_purger_test.rb | 1 - 2 files changed, 2 deletions(-) diff --git a/lib/gem_cache_purger.rb b/lib/gem_cache_purger.rb index 9f2698f0677..af0f5e46440 100644 --- a/lib/gem_cache_purger.rb +++ b/lib/gem_cache_purger.rb @@ -6,7 +6,6 @@ def self.call(gem_name) FastlyPurgeJob.perform_later(path:, soft: true) end - Rails.cache.delete("deps/v1/#{gem_name}") FastlyPurgeJob.perform_later(path: "versions", soft: true) FastlyPurgeJob.perform_later(path: "gem/#{gem_name}", soft: true) FastlyPurgeJob.perform_later(key: "gem/#{gem_name}", soft: true) diff --git a/test/unit/gem_cache_purger_test.rb b/test/unit/gem_cache_purger_test.rb index a0e9df57dcb..d73aa57f616 100644 --- a/test/unit/gem_cache_purger_test.rb +++ b/test/unit/gem_cache_purger_test.rb @@ -11,7 +11,6 @@ class GemCachePurgerTest < ActiveSupport::TestCase should "expire API memcached" do Rails.cache.expects(:delete).with("info/#{@gem_name}") Rails.cache.expects(:delete).with("names") - Rails.cache.expects(:delete).with("deps/v1/#{@gem_name}") GemCachePurger.call(@gem_name) end From 8b92fdf3937134bbea0161317a8ec60026b0bf82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 14:50:17 +0000 Subject: [PATCH 31/60] Bump ruby/setup-ruby from 1.177.1 to 1.178.0 Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.177.1 to 1.178.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Commits](https://github.com/ruby/setup-ruby/compare/943103cae7d3f1bb1e4951d5fcc7928b40e4b742...0cde4689ba33c09f1b890c1725572ad96751a3fc) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e63ec4a5798..4b9f6a36260 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 + - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 with: bundler-cache: true - name: Rubocop @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 + - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 with: bundler-cache: true - name: Brakeman @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 + - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 with: bundler-cache: true - name: Importmap Verify @@ -51,7 +51,7 @@ jobs: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@943103cae7d3f1bb1e4951d5fcc7928b40e4b742 # v1.177.1 + - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 with: bundler-cache: true - name: krane render From 21166c65b45b1b787c32ee281010a8fbf4c0c66e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 30 May 2024 14:36:49 +0000 Subject: [PATCH 32/60] Bump good_job from 3.29.0 to 3.29.2 Bumps [good_job](https://github.com/bensheldon/good_job) from 3.29.0 to 3.29.2. - [Release notes](https://github.com/bensheldon/good_job/releases) - [Changelog](https://github.com/bensheldon/good_job/blob/main/CHANGELOG.md) - [Commits](https://github.com/bensheldon/good_job/compare/v3.29.0...v3.29.2) --- updated-dependencies: - dependency-name: good_job dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 8e95a5b32e9..22566b9b51d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -168,7 +168,7 @@ GEM railties (>= 5.0) coderay (1.1.3) compact_index (0.15.0) - concurrent-ruby (1.2.3) + concurrent-ruby (1.3.1) connection_pool (2.4.1) cose (1.3.0) cbor (~> 0.5.9) @@ -254,7 +254,7 @@ GEM ffi (~> 1.0) globalid (1.2.1) activesupport (>= 6.1) - good_job (3.29.0) + good_job (3.29.2) activejob (>= 6.0.0) activerecord (>= 6.0.0) concurrent-ruby (>= 1.0.2) @@ -581,7 +581,7 @@ GEM psych (>= 4.0.0) redcarpet (3.6.0) regexp_parser (2.9.0) - reline (0.5.7) + reline (0.5.8) io-console (~> 0.5) rexml (3.2.8) strscan (>= 3.0.9) @@ -755,7 +755,7 @@ GEM xpath (3.2.0) nokogiri (~> 1.8) yard (0.9.36) - zeitwerk (2.6.14) + zeitwerk (2.6.15) PLATFORMS ruby @@ -922,7 +922,7 @@ CHECKSUMS clearance (2.7.1) sha256=6604beacb8abe4ba939da41491148d8ff965f4484bba946bb50a61be61683f0d coderay (1.1.3) sha256=dc530018a4684512f8f38143cd2a096c9f02a1fc2459edcfe534787a7fc77d4b compact_index (0.15.0) sha256=5c6c404afca8928a7d9f4dde9524f6e1610db17e675330803055db282da84a8b - concurrent-ruby (1.2.3) sha256=82fdd3f8a0816e28d513e637bb2b90a45d7b982bdf4f3a0511722d2e495801e2 + concurrent-ruby (1.3.1) sha256=c369f1d0875b42295fe0fabc321065f3cfeab8c32c526c01b6b05af1efc8b0ce connection_pool (2.4.1) sha256=0f40cf997091f1f04ff66da67eabd61a9fe0d4928b9a3645228532512fab62f4 cose (1.3.0) sha256=63247c66a5bc76e53926756574fe3724cc0a88707e358c90532ae2a320e98601 crack (1.0.0) sha256=c83aefdb428cdc7b66c7f287e488c796f055c0839e6e545fec2c7047743c4a49 @@ -961,7 +961,7 @@ CHECKSUMS fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9 get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9 - good_job (3.29.0) sha256=c94f8df2d107053910a34b12edfb09134066ee46f73e52b66710317d435b6d22 + good_job (3.29.2) sha256=a9e3854a103cf0b64334b248fdfb813cbf07d62a96e65b07134d4c2f4d48b994 google-protobuf (4.27.0) sha256=5e679347abc4721a3346913b8f69640a4ee13e0105d605b1da226b25346cd88d gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54 @@ -1084,7 +1084,7 @@ CHECKSUMS rdoc (6.7.0) sha256=b17d5f0f57b0853d7b880d4360a32c7caf8dbb81f8503a36426df809e617f379 redcarpet (3.6.0) sha256=8ad1889c0355ff4c47174af14edd06d62f45a326da1da6e8a121d59bdcd2e9e9 regexp_parser (2.9.0) sha256=81a00ba141cec0d4b4bf58cb80cd9193e5180836d3fa6ef623f7886d3ba8bdd9 - reline (0.5.7) sha256=1f632a0703fd7d5f3a29d0167395b13e1b59ffa78c2bda077f8b2f26f9b8341b + reline (0.5.8) sha256=467faa77616677035786819d7d2e6cfa048be64542c10d8eda81dacd939aea02 rexml (3.2.8) sha256=0908a86381d9f973824680df4e0a75422766272f03b1c0e49db7e79c23db1135 roadie (5.2.1) sha256=e4a4f61ce792bd91b228b6844b4bad6b160cdc1b8df86c81a8b983082a5001d6 roadie-rails (3.2.0) sha256=90a534857fcfe9fdbe4f9ebfdbc47e5d33462c4f36f478fc80ba6a7b6257433f @@ -1157,7 +1157,7 @@ CHECKSUMS xml-simple (1.1.9) sha256=d21131e519c86f1a5bc2b6d2d57d46e6998e47f18ed249b25cad86433dbd695d xpath (3.2.0) sha256=6dfda79d91bb3b949b947ecc5919f042ef2f399b904013eb3ef6d20dd3a4082e yard (0.9.36) sha256=5505736c1b00c926f71053a606ab75f02070c5960d0778b901fe9d8b0a470be4 - zeitwerk (2.6.14) sha256=70d8acedc579d87c508f20c31f6e440753014019e0764fb2bf5f42e87054d92b + zeitwerk (2.6.15) sha256=b2e68622ba95680a357430c89e1777d6e6796d63c7c02e8790cc38f4c33822cf RUBY VERSION ruby 3.3.1p55 From d4e89265b72fd9b52ab59b13928ef219c7c8130a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 31 May 2024 14:55:49 +0000 Subject: [PATCH 33/60] Bump github/codeql-action from 3.25.6 to 3.25.7 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...f079b8493333aace61c81488f8bd40919487bd9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 5c00d36f064..6649a87632c 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,6 +71,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 3e34dff058d..7da88d79ed5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From 02fbbfbd21f8617ef6d43a76328b80eabe545f25 Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Fri, 31 May 2024 10:51:32 -0700 Subject: [PATCH 34/60] Drop legacy API key scope columns (#4688) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit They are already ignored & unused Co-authored-by: Josef Å imÃĄnek --- ...ove_legacy_api_key_scope_columns_from_api_keys.rb | 12 ++++++++++++ db/schema.rb | 7 ------- 2 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 db/migrate/20240507181615_remove_legacy_api_key_scope_columns_from_api_keys.rb diff --git a/db/migrate/20240507181615_remove_legacy_api_key_scope_columns_from_api_keys.rb b/db/migrate/20240507181615_remove_legacy_api_key_scope_columns_from_api_keys.rb new file mode 100644 index 00000000000..753fbfdb367 --- /dev/null +++ b/db/migrate/20240507181615_remove_legacy_api_key_scope_columns_from_api_keys.rb @@ -0,0 +1,12 @@ +class RemoveLegacyApiKeyScopeColumnsFromApiKeys < ActiveRecord::Migration[7.1] + def change + # The columns are ignored + safety_assured do + remove_columns :api_keys, + *%i[show_dashboard index_rubygems push_rubygem yank_rubygem add_owner remove_owner access_webhooks], + type: :boolean, + null: false, + default: false + end + end +end diff --git a/db/schema.rb b/db/schema.rb index a09b0962643..780e28478b7 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -39,13 +39,6 @@ create_table "api_keys", force: :cascade do |t| t.string "name", null: false t.string "hashed_key", null: false - t.boolean "index_rubygems", default: false, null: false - t.boolean "push_rubygem", default: false, null: false - t.boolean "yank_rubygem", default: false, null: false - t.boolean "add_owner", default: false, null: false - t.boolean "remove_owner", default: false, null: false - t.boolean "access_webhooks", default: false, null: false - t.boolean "show_dashboard", default: false, null: false t.datetime "last_accessed_at", precision: nil t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false From 4eea0a3c00f0a20ee22e8a32c72d4c316557ac17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 19:51:51 +0200 Subject: [PATCH 35/60] Store email using exact casing as provided by user. (#4200) * Store email using exact casing as provided by user. * Fixes #1763 * Index on lower(email) * Enforce uniqueness on lower(email) * Use Case insensitive email to login * Update app/models/user.rb --------- Co-authored-by: Anurag Aryan --- app/models/user.rb | 13 +++++++++---- .../20181128191130_add_index_to_lowercase_email.rb | 9 +++++++++ db/schema.rb | 1 + test/integration/sign_up_test.rb | 13 +++++++++++++ test/models/user_test.rb | 2 +- 5 files changed, 33 insertions(+), 5 deletions(-) create mode 100644 db/migrate/20181128191130_add_index_to_lowercase_email.rb diff --git a/app/models/user.rb b/app/models/user.rb index 0fb39f8afc4..32ddbd61510 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -64,7 +64,8 @@ class User < ApplicationRecord has_many :oidc_pending_trusted_publishers, class_name: "OIDC::PendingTrustedPublisher", inverse_of: :user, dependent: :destroy has_many :oidc_rubygem_trusted_publishers, through: :rubygems, class_name: "OIDC::RubygemTrustedPublisher" - validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true + validates :email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, presence: true, +uniqueness: { case_sensitive: false } validates :unconfirmed_email, length: { maximum: Gemcutter::MAX_FIELD_LENGTH }, format: { with: URI::MailTo::EMAIL_REGEXP }, allow_blank: true validates :handle, uniqueness: { case_sensitive: false }, allow_nil: true, if: :handle_changed? @@ -96,12 +97,16 @@ def self.authenticate(who, password) # to UTF-8. who = who.encode(Encoding::UTF_8) - user = find_by(email: who.downcase) || find_by(handle: who) + user = find_by_email(who) || find_by(handle: who) user if user&.authenticated?(password) rescue BCrypt::Errors::InvalidHash, Encoding::UndefinedConversionError nil end + def self.find_by_email(email) + find_by("lower(email) = lower(?)", email) + end + def self.find_by_slug!(slug) raise ActiveRecord::RecordNotFound if slug.blank? find_by(id: slug) || find_by!(handle: slug) @@ -114,7 +119,7 @@ def self.find_by_slug(slug) def self.find_by_name(name) return if name.blank? - find_by(email: name) || find_by(handle: name) + find_by_email(name) || find_by(handle: name) end def self.find_by_blocked(slug) @@ -135,7 +140,7 @@ def self.ownership_request_notifiable_owners end def self.normalize_email(email) - super + email.to_s.gsub(/\s+/, "") rescue ArgumentError => e Rails.error.report(e, handled: true) "" diff --git a/db/migrate/20181128191130_add_index_to_lowercase_email.rb b/db/migrate/20181128191130_add_index_to_lowercase_email.rb new file mode 100644 index 00000000000..c43036cb05f --- /dev/null +++ b/db/migrate/20181128191130_add_index_to_lowercase_email.rb @@ -0,0 +1,9 @@ +class AddIndexToLowercaseEmail < ActiveRecord::Migration[5.2] + def up + add_index "users", "lower(email) varchar_pattern_ops", name: "index_users_on_lower_email" + end + + def down + remove_index "users", name: "index_users_on_lower_email" + end +end diff --git a/db/schema.rb b/db/schema.rb index 780e28478b7..1b8e4a5ed60 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -483,6 +483,7 @@ t.string "mfa_hashed_recovery_codes", default: [], array: true t.boolean "public_email", default: false, null: false t.datetime "deleted_at" + t.index "lower((email)::text) varchar_pattern_ops", name: "index_users_on_lower_email" t.index ["email"], name: "index_users_on_email" t.index ["handle"], name: "index_users_on_handle" t.index ["id", "confirmation_token"], name: "index_users_on_id_and_confirmation_token" diff --git a/test/integration/sign_up_test.rb b/test/integration/sign_up_test.rb index 7db96a0faf2..a8b119bbe3e 100644 --- a/test/integration/sign_up_test.rb +++ b/test/integration/sign_up_test.rb @@ -14,6 +14,19 @@ class SignUpTest < SystemTest User.find_by(handle: "nick").events.where(tag: Events::UserEvent::CREATED).sole end + test "sign up stores original email casing" do + visit sign_up_path + + fill_in "Email", with: "Email@person.com" + fill_in "Username", with: "nick" + fill_in "Password", with: PasswordHelpers::SECURE_TEST_PASSWORD + click_button "Sign up" + + assert page.has_selector? "#flash_notice", text: "A confirmation mail has been sent to your email address." + + assert_equal "Email@person.com", User.last.email + end + test "sign up with no handle" do visit sign_up_path diff --git a/test/models/user_test.rb b/test/models/user_test.rb index 482c17b5dd6..ad5e82958c2 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -926,7 +926,7 @@ class UserTest < ActiveSupport::TestCase context ".normalize_email" do should "return the normalized email" do - assert_equal "user@example.com", User.normalize_email(:"UsEr@ example . COM") + assert_equal "UsEr@example.COM", User.normalize_email(:"UsEr@ example . COM") end should "return an empty string on invalid inputs" do From af873340ed6a17ead7bf445bdec1288f65764076 Mon Sep 17 00:00:00 2001 From: 5idereal Date: Sat, 1 Jun 2024 02:18:55 +0800 Subject: [PATCH 36/60] update zh-TW translation (#4092) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update zh-TW translation * Update config/locales/zh-TW.yml Co-authored-by: Rumble Huang * Update config/locales/zh-TW.yml Co-authored-by: Rumble Huang * Update config/locales/zh-TW.yml Co-authored-by: Rumble Huang * Update config/locales/zh-TW.yml Co-authored-by: Rumble Huang * update zh-TW translation * rebase * Fix avo main key. --------- Co-authored-by: Rumble Huang Co-authored-by: Josef Å imÃĄnek --- config/locales/avo.zh-TW.yml | 120 ++++++ config/locales/zh-TW.yml | 684 ++++++++++++++++++----------------- 2 files changed, 473 insertions(+), 331 deletions(-) create mode 100644 config/locales/avo.zh-TW.yml diff --git a/config/locales/avo.zh-TW.yml b/config/locales/avo.zh-TW.yml new file mode 100644 index 00000000000..0183c2d0ff4 --- /dev/null +++ b/config/locales/avo.zh-TW.yml @@ -0,0 +1,120 @@ +--- +zh-TW: + avo: + action_ran_successfully: 操äŊœåˇ˛æˆåŠŸåŸˇčĄŒīŧ + actions: 操äŊœ + and_x_other_resources: 和 %{count} 個å…ļäģ–čŗ‡æē + are_you_sure: 您įĸē厚嗎īŧŸ + are_you_sure_detach_item: 您įĸē厚čĻä¸­æ–ˇæ­¤ %{item} įš„é€Ŗįĩå—ŽīŧŸ + are_you_sure_you_want_to_run_this_option: 您įĸē厚čĻåŸˇčĄŒæ­¤æ“äŊœå—ŽīŧŸ + attach: é€Ŗįĩ + attach_and_attach_another: é€Ŗįĩ & é€Ŗįĩå…ļäģ– + attach_item: é€Ŗįĩ %{item} + attachment_class_attached: "åˇ˛é€Ŗįĩ %{attachment_class}。" + attachment_class_detached: "åˇ˛ä¸­æ–ˇ %{attachment_class} įš„é€Ŗįĩã€‚" + attachment_destroyed: åˇ˛åˆĒ除附äģļ + cancel: 取æļˆ + choose_a_country: 選擇國åŽļ + choose_an_option: 選擇選項 + choose_item: 選擇 %{item} + clear_value: 清除數å€ŧ + click_to_reveal_filters: éģžæ“ŠäģĨéĄ¯į¤ēį¯Šé¸å™¨ + confirm: įĸēčĒ + create_new_item: åģēįĢ‹æ–° %{item} + dashboard: å„€čĄ¨æŋ + dashboards: å„€čĄ¨æŋ + delete: åˆĒ除 + delete_file: åˆĒ除æĒ”æĄˆ + delete_item: åˆĒ除 %{item} + detach_item: ä¸­æ–ˇ %{item} įš„é€Ŗįĩ + details: čŠŗį´°čŗ‡æ–™ + download: 下čŧ‰ + download_file: 下čŧ‰æĒ”æĄˆ + download_item: 下čŧ‰ %{item} + edit: įˇ¨čŧ¯ + edit_item: įˇ¨čŧ¯ %{item} + empty_dashboard_message: å°‡åĄį‰‡åŠ å…Ĩå„€čĄ¨æŋ + failed: å¤ąæ•— + failed_to_find_attachment: 扞不到附äģļ + failed_to_load: čŧ‰å…Ĩå¤ąæ•— + field_translations: + file: + one: æĒ”æĄˆ + other: æĒ”æĄˆ + zero: æĒ”æĄˆ + people: + one: peep + other: peeps + zero: peeps + filter_by: į¯Šé¸æ–šåŧ + filters: į¯Šé¸å™¨ + go_back: čŋ”回 + grid_view: įļ˛æ ŧæĒĸčĻ– + hide_content: éšąč—å…§åŽš + home: éĻ–頁 + key_value_field: + add_row: 新åĸžčĄŒ + delete_row: åˆĒ除行 + key: į´ĸåŧ•éĩ + value: å€ŧ + list_is_empty: åˆ—čĄ¨æ˜¯įŠēįš„ + loading: æ­Ŗ在čŧ‰å…Ĩ + more: 更多 + new: 新 + next_page: 下一頁 + no_cards_present: į„ĄåĄį‰‡ + no_item_found: æ‰žä¸åˆ°č¨˜éŒ„ + no_options_available: į„Ąå¯į”¨é¸é … + no_related_item_found: 扞不到į›¸é—œč¨˜éŒ„ + not_authorized: 您į„ĄæŦŠåŸˇčĄŒæ­¤æ“äŊœã€‚ + number_of_items: + one: 一個 %{item} + other: "%{count} %{item}" + zero: į„Ą %{item} + oops_nothing_found: įŗŸįŗ•īŧåŽŒå…¨æ‰žä¸åˆ°... + order: + higher: å°‡č¨˜éŒ„ä¸Šį§ģ + lower: å°‡č¨˜éŒ„ä¸‹į§ģ + reorder_record: é‡æ–°æŽ’åˆ—č¨˜éŒ„ + to_bottom: å°‡č¨˜éŒ„į§ģč‡ŗ最下斚 + to_top: å°‡č¨˜éŒ„į§ģč‡ŗ最上斚 + per_page: 每頁 + prev_page: 上一頁 + remove_selection: į§ģ除所選 + reset_filters: 重設į¯Šé¸å™¨ + resource_created: åˇ˛åģēįĢ‹č¨˜éŒ„ + resource_destroyed: åˇ˛åˆĒ除記錄 + resource_translations: + user: + one: äŊŋį”¨č€… + other: äŊŋį”¨č€… + zero: äŊŋį”¨č€… + resource_updated: åˇ˛æ›´æ–°č¨˜éŒ„ + resources: čŗ‡æē + run: åŸˇčĄŒ + save: å„˛å­˜ + search: + cancel_button: 取æļˆ + placeholder: 搜尋 + select_all: 全選 + select_all_matching: 選擇所有į›¸įŦĻ + select_item: 選擇項į›Ž + show_content: éĄ¯į¤ē內厚 + sign_out: į™ģå‡ē + switch_to_view: 切換č‡ŗ %{view_type} æĒĸčĻ– + table_view: 襨æ ŧæĒĸčĻ– + tools: åˇĨå…ˇ + type_to_search: čŧ¸å…ĨäģĨ搜尋。 + unauthorized: æœĒįļ“授æŦŠ + undo: 垊原 + view: æĒĸčĻ– + view_item: æĒĸčĻ– %{item} + was_successfully_created: åˇ˛æˆåŠŸåģēįĢ‹ + was_successfully_updated: åˇ˛æˆåŠŸæ›´æ–° + x_items_more: + one: 還有一個項į›Ž + other: "還有 %{count} 個項į›Ž" + zero: æ˛’æœ‰é …į›Žäē† + x_records_selected_from_a_total_of_x_html: åˇ˛åžžæ­¤é éĸįš„ %{count} é …č¨˜éŒ„ä¸­é¸å–äē† %{selected} 項 + x_records_selected_from_all_pages_html: 垞所有頁éĸ選取äē† %{count} 項記錄 + you_missed_something_check_form: 您äŧŧ䚎æŧæŽ‰äē†äģ€éēŧ。čĢ‹æĒĸæŸĨčĄ¨å–Žã€‚ diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml index c3ca9ab16e4..075807c45e2 100644 --- a/config/locales/zh-TW.yml +++ b/config/locales/zh-TW.yml @@ -1,38 +1,42 @@ --- zh-TW: - credentials_required: + credentials_required: 需čĻčĒč­‰ copied: åˇ˛č¤‡čŖŊ copy_to_clipboard: 複čŖŊ edit: įˇ¨čŧ¯ verification_expired: feed_latest: RubyGems.org | 最新 Gems feed_subscribed: RubyGems.org | 訂閱 Gems - footer_about_html: RubyGems.org 是 Ruby į¤žįž¤įš„ Gem åĨ—äģļįŽĄį†æœå‹™īŧŒčŽ“äŊ čƒŊįĢ‹åŗ地į™ŧäŊˆåŠåŽ‰čŖäŊ įš„ Gem åĨ—äģļīŧŒä¸Ļ且刊į”¨ - API æŸĨčŠĸ及操äŊœå¯į”¨ Gem įš„čŠŗį´°čŗ‡č¨Šã€‚
įžåœ¨å°ąæˆį‚ēč˛ĸįģ者īŧŒč˛ĸįģä¸€åˇąäš‹åŠ›äž†æ”šå–„æœŦįĢ™ã€‚ - footer_sponsors_html: - footer_join_rt_html: + footer_about_html: RubyGems.org 是 Ruby į¤žįž¤įš„ Gem åĨ—äģļįŽĄį†æœå‹™īŧŒčŽ“您čƒŊįĢ‹åŗ地į™ŧäŊˆåŠåŽ‰čŖæ‚¨įš„ Gem åĨ—äģļīŧŒä¸Ļ且刊į”¨ API æŸĨčŠĸ及操äŊœå¯į”¨ Gem įš„čŠŗį´°čŗ‡č¨Šã€‚
įžåœ¨å°ąæˆį‚ēč˛ĸįģ者īŧŒč˛ĸįģä¸€åˇąäš‹åŠ›äž†æ”šå–„æœŦįĢ™ã€‚ + footer_sponsors_html: RubyGems.org 透過與åģŖ大įš„ Ruby į¤žįž¤åˆäŊœč€ŒčĒ•į”Ÿã€‚ Fastly + 提䞛é ģå¯Ŧ和 CDN 支援īŧŒ Ruby Central 支äģ˜č¨­å‚™č˛ģį”¨īŧŒä¸Ļį‚ē進行中įš„é–‹į™ŧ和į‡Ÿé‹åˇĨäŊœæäž›čŗ‡é‡‘。 + 進一æ­Ĩäē†č§Ŗ我們įš„č´ŠåŠŠå•†å’ŒåŽƒå€‘æ˜¯åĻ‚äŊ•åˆäŊœįš„。 + footer_join_rt_html: 我們需čĻæ‚¨įš„åšĢ劊䞆čŗ‡åŠŠé–‹į™ŧ者į‚ēäŋč­‰ RubyGems.org čƒŊå¤ é †åˆŠé‹čĄŒæ‰€č€—č˛ģįš„時間。 įĢ‹åˆģ加å…Ĩ + Ruby Central。 form_disable_with: čĢ‹į¨å€™... - invalid_page: + invalid_page: 頁įĸŧčļ…å‡ēį¯„åœã€‚åˇ˛é‡æ–°å°Žå‘č‡ŗ預設頁éĸ。 locale_name: æ­ŖéĢ”中文 none: į„Ą not_found: æ˛’æœ‰æ‰žåˆ° - api_key_forbidden: - please_sign_up: į„Ąæŗ•å­˜å–īŧŒčĢ‹å…ˆåœ¨ https://rubygems.org 上č¨ģ冊å¸ŗ號 - please_sign_in: - otp_incorrect: äŊ įš„ OTP įĸŧ 不æ­Ŗįĸē。čĢ‹æĒĸæŸĨ垌再čŠĻ一æŦĄã€‚ - otp_missing: äŊ åˇ˛å•Ÿį”¨å¤šé‡čĻį´ éŠ—č­‰īŧŒäŊ†æ˜¯æ˛’有čŧ¸å…Ĩ OTP įĸŧ。čĢ‹čŧ¸å…Ĩ垌再čŠĻ一æŦĄã€‚ + api_key_forbidden: API é‡‘é‘°æ˛’æœ‰å­˜å–æŦŠé™ + please_sign_up: 存取遭拒。čĢ‹å…ˆåœ¨ https://rubygems.org 上č¨ģ冊å¸ŗ號 + please_sign_in: čĢ‹į™ģå…ĨäģĨįšŧįēŒã€‚ + otp_incorrect: 您įš„ OTP įĸŧ不æ­Ŗįĸē。čĢ‹æĒĸæŸĨ垌再čŠĻ一æŦĄã€‚ + otp_missing: æ‚¨åˇ˛å•Ÿį”¨å¤šé‡čĻį´ éŠ—č­‰īŧŒäŊ†æ˜¯æ˛’有čŧ¸å…Ĩ OTP įĸŧ。čĢ‹čŧ¸å…Ĩ垌再čŠĻ一æŦĄã€‚ sign_in: į™ģå…Ĩ sign_up: č¨ģ冊 dependency_list: - multifactor_authentication: MFA 驗證 + multifactor_authentication: 多重čĻį´ éŠ—č­‰ subtitle: Ruby į¤žįž¤ Gem åĨ—äģļįŽĄį†åšŗ台 - this_rubygem_could_not_be_found: 扞不到這個 gem + this_rubygem_could_not_be_found: 扞不到此 rubygem。 time_ago: "%{duration} 前" title: RubyGems.org update: 更新 - try_again: čĢ‹å†čŠĻ一æŦĄ + try_again: į™ŧį”ŸéŒ¯čĒ¤ã€‚čĢ‹å†čŠĻ一æŦĄã€‚ advanced_search: é€˛éšŽæœå°‹ - authenticate: + authenticate: 驗證 helpers: submit: create: @@ -49,28 +53,28 @@ zh-TW: funding: session: password: 密įĸŧ - who: Email / å¸ŗ號 + who: é›ģ子éƒĩäģļ地址或å¸ŗ號 user: avatar: 頭像 - email: Email + email: é›ģ子éƒĩäģļ地址 full_name: 全名 handle: å¸ŗ號 password: 密įĸŧ api_key: - oidc_api_key_role: + oidc_api_key_role: OIDC API 金鑰角色 oidc/id_token: - jti: - api_key_role: + jti: JWT ID + api_key_role: API 金鑰角色 oidc/api_key_role: - api_key_permissions: + api_key_permissions: API 金鑰æŦŠé™ oidc/trusted_publisher/github_action: repository_owner_id: oidc/pending_trusted_publisher: rubygem_name: errors: messages: - unpwn: - blocked: + unpwn: 曞å‡ēįžåœ¨čŗ‡æ–™å¤–æ´Šäē‹äģļ中īŧŒä¸æ‡‰å†äŊŋį”¨ + blocked: įļ˛åŸŸ '%{domain}' 因æŋĢį™ŧ垃圞éƒĩäģļč€Œé­å°éŽ–ã€‚čĢ‹äŊŋį”¨æœ‰æ•ˆįš„個äēēé›ģ子éƒĩäģļ地址。 models: api_key: attributes: @@ -79,14 +83,14 @@ zh-TW: ownership: attributes: user_id: - already_confirmed: - already_invited: + already_confirmed: åˇ˛æ˜¯æ­¤ Gem įš„æ“æœ‰č€… + already_invited: åˇ˛į˛é‚€åŠ å…Ĩæ­¤ Gem version: attributes: gem_full_name: - taken: + taken: "%{value} åˇ˛å­˜åœ¨" full_name: - taken: + taken: "%{value} åˇ˛å­˜åœ¨" oidc/rubygem_trusted_publisher: attributes: rubygem: @@ -104,14 +108,14 @@ zh-TW: activemodel: attributes: oidc/provider/configuration: - jwks_uri: - id_token_signing_alg_values_supported: + jwks_uri: JWKS URI + id_token_signing_alg_values_supported: IP æŦŠæ–į°ŊįŊ˛æŧ”įŽ—æŗ• errors: models: oidc/api_key_permissions: attributes: valid_for: - inclusion: + inclusion: "%{value} į§’數應äģ‹æ–ŧ 5 分鐘 (300 į§’) 和 1 夊 (86,400 į§’) 之間" gems: too_long: api_keys: @@ -123,71 +127,71 @@ zh-TW: enable_mfa: expiration: create: - success: + success: åˇ˛åģēįĢ‹æ–° API 金鑰 invalid_gem: destroy: - success: + success: åˇ˛åˆĒ除 API 金鑰īŧš%{name} index: - api_keys: - name: + api_keys: API 金鑰 + name: 名į¨ą scopes: - gem: + gem: Gem age: - last_access: - action: - delete: - confirm: - confirm_all: - new_key: + last_access: 最垌存取æ–ŧ + action: 操äŊœ + delete: åˆĒ除 + confirm: API 金鑰將į„Ąæ•ˆã€‚您įĸē厚嗎īŧŸ + confirm_all: 所有 API 金鑰將į„Ąæ•ˆã€‚您įĸē厚嗎īŧŸ + new_key: 新 API 金鑰 index_rubygems: - push_rubygem: - yank_rubygem: - add_owner: - remove_owner: - access_webhooks: - show_dashboard: + push_rubygem: 推送 rubygem + yank_rubygem: į§ģ除 rubygem + add_owner: 新åĸžæ“æœ‰č€… + remove_owner: į§ģé™¤æ“æœ‰č€… + access_webhooks: 存取 Webhooks + show_dashboard: éĄ¯į¤ēå„€čĄ¨æŋ configure_trusted_publishers: - reset: - save_key: - mfa: + reset: 重設 + save_key: čĢ‹æŗ¨æ„īŧŒæˆ‘們į„Ąæŗ•å†æŦĄéĄ¯į¤ē您įš„ API 金鑰。新 API 金鑰īŧš + mfa: MFA expiration: new: - new_api_key: + new_api_key: 新 API 金鑰 reset: - success: + success: åˇ˛åˆĒ除所有 API 金鑰 update: - success: + success: åˇ˛æˆåŠŸæ›´æ–° API 金鑰 invalid_gem: edit: - edit_api_key: - invalid_key: - all_gems: + edit_api_key: įˇ¨čŧ¯ API 金鑰 + invalid_key: į„Ąæŗ•įˇ¨čŧ¯į„Ąæ•ˆįš„ API 金鑰。čĢ‹åˆĒ除此金鑰ä¸Ļ重新åģēįĢ‹ã€‚ + all_gems: 所有 Gems gem_ownership_removed: dashboards: show: creating_link_text: Gem åģēįĢ‹ gem_link_text: Gem 頁éĸ latest: 最čŋ‘æ›´æ–° - latest_title: 最新įš„ RSS Feed + latest_title: 最čŋ‘æ›´æ–° RSS 摘čĻ migrating_link_text: Gem čŊ‰į§ģ mine: 我įš„ Gems my_subscriptions: 我įš„訂閹 - no_owned_html: äŊ å°šæœĒį™ŧäŊˆäģģäŊ• Gem。可äģĨ閱讀 %{creating_link} 教學īŧŒæˆ–åƒč€ƒ %{migrating_link} 教學䞆將äŊ įš„ + no_owned_html: 您尚æœĒį™ŧäŊˆäģģäŊ• Gem。可äģĨ閱讀 %{creating_link} 教學īŧŒæˆ–åƒč€ƒ %{migrating_link} 教學䞆將您įš„ Gem åžž RubyForge 遡į§ģ過䞆。 - no_subscriptions_html: äŊ é‚„æ˛’æœ‰č¨‚é–ąéŽ GemīŧŒå‰åž€ %{gem_link} 來訂閱īŧ + no_subscriptions_html: æ‚¨é‚„æ˛’æœ‰č¨‚é–ąéŽ GemīŧŒå‰åž€ %{gem_link} 來訂閱īŧ title: 控åˆļ台 dependencies: show: - click_to_expand: + click_to_expand: éģžæ“ŠįŽ­é ­åœ–į¤ēäž†åą•é–‹ã€‚ email_confirmations: create: - promise_resend: + promise_resend: åĻ‚æžœčŠ˛å¸ŗč™Ÿå­˜åœ¨īŧŒæˆ‘們會將į”¨æ–ŧ啟į”¨å¸ŗ號įš„įĸēčĒé€Ŗįĩå‚ŗ送到您įš„é›ģ子éƒĩäģļ地址。 new: - submit: 重新į™ŧ送 - title: 重新į™ŧ送įĸēčĒäŋĄ - will_email_notice: 我們將會通過 Email į™ŧ送å¸ŗ號čĒč­‰äŋĄé€ŖįĩįĩĻäŊ ã€‚ + submit: 重新å‚ŗ送 + title: 重新å‚ŗ送įĸēčĒäŋĄ + will_email_notice: 我們將會通過é›ģ子éƒĩäģļå‚ŗ送å¸ŗ號čĒč­‰äŋĄé€ŖįĩįĩĻ您。 update: - confirmed_email: Email éŠ—č­‰æˆåŠŸã€‚ + confirmed_email: é›ģ子éƒĩäģļåœ°å€éŠ—č­‰æˆåŠŸã€‚ token_failure: čĢ‹įĸēčĒ URL 或再æŦĄæäē¤ home: index: @@ -210,7 +214,7 @@ zh-TW: help: čĒĒ明 hosted_by: 托įŽĄ monitored_by: į›Ŗ控 - optimized_by: å„Ē化 + optimized_by: 最äŊŗ化 resolved_with: č§Ŗ析 security: 厉全 source_code: 原始įĸŧ @@ -220,129 +224,137 @@ zh-TW: tested_by: æ¸ŦčŠĻ tracking_by: čŋŊ蚤 uptime: 上įˇšæ™‚é–“ - verified_by: + verified_by: 驗證 secured_by: - looking_for_maintainers: + looking_for_maintainers: åžĩæą‚įļ­č­ˇč€… header: - dashboard: 控åˆļ台 - settings: - edit_profile: + dashboard: å„€čĄ¨æŋ + settings: č¨­åŽš + edit_profile: įˇ¨čŧ¯å€‹äēēæĒ”æĄˆ search_gem_html: 搜尋 Gems… sign_in: į™ģå…Ĩ sign_out: į™ģå‡ē sign_up: č¨ģ冊 - mfa_banner_html: + mfa_banner_html: "\U0001F389 我們įžåœ¨æ”¯æ´åŽ‰å…¨čŖįŊŽäē†īŧč¨­åŽšæ–°įš„čŖįŊŽäž†æå‡æ‚¨įš„å¸ŗč™ŸåŽ‰å…¨ã€‚[äē†č§ŖčŠŗ情](部čŊæ ŧ文įĢ é€Ŗįĩ)īŧ" mailer: - confirm_your_email: - confirmation_subject: - link_expiration_explanation_html: + confirm_your_email: åˇ˛å¯„é€é€ŖįĩīŧŒčĢ‹éģžæ“Šé€Ŗįĩäž†įĸēčĒæ‚¨įš„é›ģ子éƒĩäģļ地址。 + confirmation_subject: "%{host} é›ģ子éƒĩäģļ地址įĸēčĒ" + link_expiration_explanation_html: čĢ‹æŗ¨æ„īŧŒæ­¤é€Ŗįĩå°‡åœ¨ 3 小時垌過期。您可äģĨ前垀įĸēčĒäŋĄé éĸčĻæą‚å‚ŗ送新é€Ŗįĩã€‚ email_confirmation: - title: - subtitle: - confirmation_link: - welcome_message: + title: é›ģ子éƒĩäģļ地址įĸēčĒ + subtitle: å°ąåŋĢ厌成äē†īŧ + confirmation_link: įĸēčĒé›ģ子éƒĩäģļ地址 + welcome_message: æ­ĄčŋŽäž†åˆ° RubyGems.orgīŧéģžæ“Šä¸‹æ–šįš„é€Ŗįĩäž†éŠ—č­‰æ‚¨įš„é›ģ子éƒĩäģļ地址。 email_reset: - title: - subtitle: - visit_link_instructions: + title: é›ģ子éƒĩäģļåœ°å€é‡č¨­ + subtitle: 嗨 %{handle}īŧ + visit_link_instructions: æ‚¨åˇ˛čŽŠæ›´æ‚¨åœ¨ %{host} įš„é›ģ子éƒĩäģļ地址。čĢ‹éģžæ“Šä¸‹åˆ—įļ˛å€äž†é‡æ–°å•Ÿį”¨æ‚¨įš„å¸ŗč™Ÿã€‚ deletion_complete: - title: - subtitle: - subject: - body_html: + title: åˆĒ除厌成 + subtitle: 掰掰īŧ + subject: 您在 rubygems.org 上įš„å¸ŗč™Ÿåˇ˛čĸĢåˆĒ除 + body_html: 您在 %{host} įš„å¸ŗ號åˆĒ除čĢ‹æą‚åˇ˛č™•į†åŽŒį•ĸ。您隨時可äģĨ透過 %{sign_up} 頁éĸåģēįĢ‹æ–°å¸ŗč™Ÿã€‚ deletion_failed: - title: - subtitle: - subject: - body_html: + title: åˆĒé™¤å¤ąæ•— + subtitle: æŠąæ­‰īŧ + subject: 您在 rubygems.org 上įš„å¸ŗ號åˆĒ除čĢ‹æą‚å¤ąæ•— + body_html: 您曞在 rubygems.org 送å‡ēå¸ŗ號åˆĒ除įš„čĢ‹æą‚。垈éē憞īŧŒæˆ‘們į„Ąæŗ•č™•į†æ‚¨įš„čĢ‹æą‚īŧŒčĢ‹į¨åžŒå†čŠĻ。č‹Ĩį„Ąæŗ•č§ŖæąēīŧŒčĢ‹ %{contact} + 我們。 notifiers_changed: - subject: - title: - subtitle: - 'on': - off_html: + subject: æ‚¨åˇ˛æ›´æ”š RubyGems.org įš„é›ģ子éƒĩäģļ通įŸĨč¨­åŽš + title: é›ģ子éƒĩäģļ通įŸĨ + subtitle: 嗨 %{handle} + 'on': 開 + off_html: "關" gem_pushed: - subject: - title: + subject: Gem %{gem} åˇ˛æŽ¨é€č‡ŗ RubyGems.org + title: Gem åˇ˛æŽ¨é€ gem_yanked: - subject: - title: + subject: Gem %{gem} åˇ˛åžž RubyGems.org į§ģ除 + title: Gem åˇ˛į§ģ除 reset_api_key: - subject: - title: - subtitle: + subject: RubyGems.org 上įš„ API 金鑰遭重設 + title: API 金鑰重設 + subtitle: 嗨 %{handle} webauthn_credential_created: - subject: - title: - subtitle: + subject: "%{host} 上įš„厉全čŖįŊŽåˇ˛æ–°åĸž" + title: åˇ˛æ–°åĸžåŽ‰å…¨čŖįŊŽ + subtitle: 嗨 %{handle}īŧ webauthn_credential_removed: - subject: - title: - subtitle: + subject: "%{host} 上įš„厉全čŖįŊŽåˇ˛į§ģ除" + title: 厉全čŖįŊŽåˇ˛į§ģ除 + subtitle: 嗨 %{handle}īŧ totp_enabled: - subject: - title: - subtitle: + subject: "%{host} 上įš„éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧåˇ˛å•Ÿį”¨" + title: åˇ˛å•Ÿį”¨éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧ + subtitle: 嗨 %{handle}īŧ totp_disabled: - subject: - title: - subtitle: + subject: "%{host} 上įš„éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧåˇ˛åœį”¨" + title: åˇ˛åœį”¨éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧ + subtitle: 嗨 %{handle}īŧ email_reset_update: - subject: - title: + subject: æ‚¨åˇ˛åœ¨ %{host} čĢ‹æą‚é›ģ子éƒĩäģļ地址更新 + title: åˇ˛čĢ‹æą‚é›ģ子éƒĩäģļ地址更新 ownership_confirmation: - subject: - title: - subtitle: - body_text: - body_html: + subject: čĢ‹įĸēčĒ RubyGems.org 上 %{gem} Gem įš„所有æŦŠ + title: 所有æŦŠįĸēčĒ + subtitle: 嗨 %{handle}īŧ + body_text: "%{authorizer} 把您加å…Ĩäē† %{gem} Gem įš„æ“æœ‰č€…åå–Žã€‚čĢ‹éģžæ“Šä¸‹æ–šé€Ŗįĩäž†įĸēčĒæ‚¨įš„所有æŦŠã€‚" + body_html: %{authorizer} 把您加å…Ĩäē† %{gem} + Gem įš„æ“æœ‰č€…åå–Žã€‚čĢ‹éģžæ“Šä¸‹æ–šé€Ŗįĩäž†įĸēčĒæ‚¨įš„所有æŦŠã€‚ link_expiration_explanation_html: owner_added: - subject_self: - subject_others: + subject_self: 您加å…Ĩäē† %{gem} Gem įš„æ“æœ‰č€…åå–Ž + subject_others: äŊŋį”¨č€… %{owner_handle} 加å…Ĩäē† %{gem} Gem įš„æ“æœ‰č€…åå–Ž title: - subtitle: + subtitle: 嗨 %{user_handle}īŧ body_self_html: body_others_html: owner_removed: subject: title: - subtitle: + subtitle: 嗨 %{user_handle}īŧ body_html: ownerhip_request_closed: - title: - subtitle: - body_html: + title: 所有æŦŠčĢ‹æą‚ + subtitle: 嗨 %{handle}īŧ + body_html: 感čŦæ‚¨į”ŗčĢ‹ %{gem} įš„所有æŦŠã€‚我們垈éē憞地通įŸĨ您īŧŒæ‚¨įš„所有æŦŠčĢ‹æą‚åˇ˛čĸĢ Gem æ“æœ‰č€…é—œé–‰ã€‚ ownerhip_request_approved: - body_html: + body_html: 恭喜īŧæ‚¨å° %{gem} įš„所有æŦŠčĢ‹æą‚åˇ˛é€šéŽã€‚æ‚¨åˇ˛åŠ å…Ĩ Gem įš„æ“æœ‰č€…åå–Žã€‚ new_ownership_requests: body_html: zero: one: - other: - button: - disable_notifications: - owners_page: + other: "%{gem} 有 %{count} 項新所有æŦŠčĢ‹æą‚。čĢ‹éģžæ“Šä¸‹æ–šæŒ‰éˆ•äž†æŸĨįœ‹æ‰€æœ‰čĢ‹æą‚。" + button: 所有æŦŠčĢ‹æą‚ + disable_notifications: č‹ĨčĻåœæ­ĸæŽĨæ”ļ這äē›č¨Šæ¯īŧŒčĢ‹æ›´æ–°æ‚¨įš„ + owners_page: 所有æŦŠ web_hook_deleted: - title: - subject: - subtitle: - body_text: - body_html: - global_text: - global_html: - gem_text: - gem_html: + title: Webhook 遭åˆĒ除 + subject: 您在 RubyGems.org 上įš„ Webhook 遭到åˆĒ除 + subtitle: 嗨 %{handle}īŧ + body_text: 您å‚ŗ送 POST čĢ‹æą‚č‡ŗ %{url} įš„ Webhook 在 %{failures} æŦĄå¤ąæ•—垌遭到åˆĒ除。 + body_html: 您å‚ŗ送 POST čĢ‹æą‚č‡ŗ %{url} + įš„ Webhook 在 %{failures} æŦĄå¤ąæ•—垌遭到åˆĒ除。 + global_text: 䚋前這個 Webhook 會在äģģäŊ• Gem čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + global_html: 䚋前這個 Webhook 會在äģģäŊ• Gem čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + gem_text: 䚋前這個 Webhook 會在 %{gem} čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + gem_html: 䚋前這個 Webhook 會在 %{gem} + čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 web_hook_disabled: - title: - subject: - subtitle: - body_text: + title: Webhook 遭停į”¨ + subject: 您在 RubyGems.org 上įš„ Webhook 遭到停į”¨ + subtitle: 嗨 %{handle}īŧ + body_text: | + 您å‚ŗ送 POST čĢ‹æą‚č‡ŗ %{url} įš„ Webhook 因 %{disabled_reason} čĸĢ停į”¨ã€‚ + 芲 Webhook 最垌成功æ–ŧ %{last_success}īŧŒäš‹åžŒäžŋå¤ąæ•—äē† %{failures_since_last_success} æŦĄã€‚ + 您可äģĨåŸˇčĄŒ `%{delete_command}` å‘Ŋäģ¤äž†åˆĒ除此 Webhook。 body_html: - global_text: - global_html: - gem_text: - gem_html: + global_text: 䚋前這個 Webhook 會在äģģäŊ• Gem čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + global_html: 䚋前這個 Webhook 會在äģģäŊ• Gem čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + gem_text: 䚋前這個 Webhook 會在 %{gem} čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 + gem_html: 䚋前這個 Webhook 會在 %{gem} + čĸĢ推送įš„時候čĸĢå‘ŧåĢ。 gem_trusted_publisher_added: title: news: @@ -354,18 +366,18 @@ zh-TW: title: į†ąé–€æ–°į™ŧäŊˆ pages: about: - contributors_amount: + contributors_amount: "%{count} äŊ Ruby 愛åĨŊ者" downloads_amount: checkout_code: - mit_licensed: + mit_licensed: MIT 授æŦŠ logo_header: - logo_details: + logo_details: åĒčĻéģžé¸ä¸‹čŧ‰æŒ‰éˆ•åŗ可į˛åž—三äģŊ .PNG 和一äģŊ .SVG æ ŧåŧįš„ RubyGems Logo。 founding_html: æœŦå°ˆæĄˆį”ą %{founder} æ–ŧ 2009 åš´ 4 月å‰ĩįĢ‹īŧŒį™ŧåą•éŽį¨‹ä¸­æœ‰čļ…過 %{contributors} č˛ĸįģ者äģĨ及 - %{downloads}。č‡Ē RubyGems 1.3.6 į™ŧäŊˆäģĨ來īŧŒæœŦįĢ™åį¨ąį”ą Gemcutter 更名į‚ē %{title}īŧŒæœŦįĢ™č‡Ē此䚋垌成į‚ē Ruby - į¤žįž¤įš„æ ¸åŋƒįļ˛įĢ™ã€‚ - support_html: 雖į„ļ Gemcutter ä¸Ļ不是į”ąä¸€å€‹į‰šåŽšįš„å…Ŧ司運äŊœīŧŒäŊ†åœ¨į™ŧåą•éŽį¨‹ä¸­æŽĨ受äē†č¨ąå¤šäž†æēįš„åšĢ劊。į›Žå‰įš„č¨­č¨ˆã€åœ–åƒäģĨ及įļ˛įĢ™įš„前įĢ¯é–‹į™ŧ是į”ą + %{downloads} æŦĄä¸‹čŧ‰ã€‚č‡Ē RubyGems 1.3.6 į™ŧäŊˆäģĨ來īŧŒæœŦįĢ™åį¨ąį”ą Gemcutter 更名į‚ē %{title}īŧŒæœŦįĢ™č‡Ē此䚋垌成į‚ē + Ruby į¤žįž¤įš„æ ¸åŋƒįļ˛įĢ™ã€‚ + support_html: 雖į„ļ RubyGems.org ä¸Ļ不是į”ąä¸€å€‹į‰šåŽšįš„å…Ŧ司運äŊœīŧŒäŊ†åœ¨į™ŧåą•éŽį¨‹ä¸­æŽĨ受äē†č¨ąå¤šäž†æēįš„åšĢ劊。į›Žå‰įš„č¨­č¨ˆã€åœ–åƒäģĨ及įļ˛įĢ™įš„前įĢ¯é–‹į™ŧ是į”ą %{dockyard} 提䞛。%{github} 也åšĢ劊我們čƒŊ更厚易地協äŊœå’Œåˆ†äēĢ原始įĸŧ。æœŦįĢ™éƒ¨įŊ˛åœ¨ %{heroku} 上īŧŒå…ļ一æĩįš„服務īŧŒæ›´æœ‰åŠŠæ–ŧč­‰æ˜Ž - Gemcutter 是一個可äģĨįŠŠåŽšã€å¯čĄŒįš„č§Ŗæąēæ–šæĄˆã€‚Our infrastructure is currently hosted on %{aws}. + RubyGems.org 是一個可äģĨįŠŠåŽšã€å¯čĄŒįš„č§Ŗæąēæ–šæĄˆã€‚Our infrastructure is currently hosted on %{aws}. technical_html: 關æ–ŧæœŦįĢ™įš„æŠ€čĄ“čŗ‡č¨Šīŧš100% Ruby。ä¸ģįĢ™æ˜¯ä¸€å€‹ %{rails} 應į”¨į¨‹åŧã€‚Gems æžļč¨­åœ¨ %{s3} 上, served by %{fastly}, äŊŋåž— Gem åžžį™ŧäŊˆåˆ°æäž›ä¸‹čŧ‰įš„時間大嚅į¸ŽįŸ­ã€‚čŠŗį´°čŗ‡č¨Šå¯åžž GitHub 上įš„ %{source_code} æŸĨįœ‹īŧˆéĩ厈 %{license} å”č­°īŧ‰ã€‚ @@ -378,15 +390,15 @@ zh-TW: data: title: download: - title: + title: 下čŧ‰ RubyGems faq: - title: + title: 常čĻ‹å•éĄŒ migrate: - title: + title: čŊ‰į§ģ Gems security: - title: + title: 厉全性 sponsors: - title: + title: č´ŠåŠŠč€… password_mailer: change_password: closing: @@ -401,184 +413,191 @@ zh-TW: new: submit: 更新密įĸŧ title: äŋŽæ”šå¯†įĸŧ - will_email_notice: įŗģįĩąå°‡æœƒå¯„一封包åĢé‡č¨­å¯†įĸŧé€Ŗįĩįš„é›ģ子éƒĩäģļįĩĻäŊ  + will_email_notice: įŗģįĩąå°‡æœƒå¯„一封包åĢé‡č¨­å¯†įĸŧé€Ŗįĩįš„é›ģ子éƒĩäģļįĩĻ您 create: success: failure_on_missing_email: update: failure: multifactor_auths: - incorrect_otp: äŊ įš„ OTP įĸŧ 不æ­Ŗįĸē。 - session_expired: - require_totp_disabled: - require_mfa_enabled: äŊ įš„多重čĻį´ éŠ—č­‰åˇ˛åœį”¨īŧŒčĢ‹å…ˆå•Ÿį”¨ã€‚ - require_totp_enabled: - require_webauthn_enabled: - setup_required_html: - setup_recommended: - strong_mfa_level_required_html: - strong_mfa_level_recommended: - setup_webauthn_html: + incorrect_otp: 您įš„ OTP įĸŧ不æ­Ŗįĸē。 + session_expired: 您įš„į™ģå…Ĩ頁éĸåˇĨäŊœéšŽæŽĩåˇ˛éŽæœŸã€‚ + require_totp_disabled: 您åŸēæ–ŧ OTP įš„多重čĻį´ éŠ—č­‰åˇ˛įļ“å•Ÿį”¨ã€‚您需čĻå…ˆį§ģ除才čƒŊé‡æ–°č¨­åŽšã€‚ + require_mfa_enabled: 您尚æœĒ啟į”¨å¤šé‡čĻį´ éŠ—č­‰īŧŒčĢ‹å…ˆå•Ÿį”¨ã€‚ + require_totp_enabled: 您æœĒ啟į”¨éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧã€‚čĢ‹å…ˆå•Ÿį”¨ã€‚ + require_webauthn_enabled: 您æœĒ啟į”¨äģģäŊ•åŽ‰å…¨čŖįŊŽã€‚您需čĻå…ˆå°‡čŖįŊŽįļåŽšåˆ°æ‚¨įš„å¸ŗč™Ÿã€‚ + setup_required_html: 您åŋ…é ˆč¨­åŽšå¤šé‡čĻį´ éŠ—č­‰äģĨäŋč­ˇæ‚¨įš„å¸ŗč™Ÿå’Œ Gems。čĢ‹é–ąčŽ€æˆ‘們įš„部čŊæ ŧ文įĢ äģĨäē†č§ŖčŠŗ情。 + setup_recommended: į‚ēäŋč­ˇæ‚¨įš„å¸ŗč™Ÿå’Œ GemsīŧŒæˆ‘們åģēč­°æ‚¨č¨­åŽšå¤šé‡čĻį´ éŠ—č­‰ã€‚æœĒ䞆我們將åŧˇåˆļčĻæą‚所有å¸ŗč™Ÿå•Ÿį”¨ MFA。 + strong_mfa_level_required_html: į‚ēäŋč­ˇæ‚¨įš„å¸ŗč™Ÿå’Œ GemsīŧŒæ‚¨åŋ…須將您įš„ MFA į­‰į´šč¨­į‚ē "äŊŋį”¨č€…äģ‹éĸ和 Gem į™ģå…Ĩ" + 或 "äŊŋį”¨č€…äģ‹éĸ和 API"。čĢ‹é–ąčŽ€æˆ‘們įš„部čŊæ ŧ文įĢ äģĨäē†č§ŖčŠŗ情。 + strong_mfa_level_recommended: į‚ēäŋč­ˇæ‚¨įš„å¸ŗč™Ÿå’Œ GemsīŧŒæˆ‘們åģēč­°æ‚¨å°‡æ‚¨įš„ MFA į­‰į´šč¨­į‚ē "äŊŋį”¨č€…äģ‹éĸ和 Gem į™ģå…Ĩ" + 或 "äŊŋį”¨č€…äģ‹éĸ和 API"。æœĒ䞆我們將åŧˇåˆļčĻæą‚所有å¸ŗč™Ÿå°‡č¨­į‚ē上čŋ° MFA į­‰į´šã€‚ + setup_webauthn_html: "\U0001F389 我們įžåœ¨æ”¯æ´åŽ‰å…¨čŖįŊŽäē†īŧč¨­åŽšæ–°įš„čŖįŊŽäž†æå‡æ‚¨įš„å¸ŗč™ŸåŽ‰å…¨ã€‚äē†č§ŖčŠŗ情īŧ" new: title: 啟į”¨å¤šé‡čĻį´ éŠ—č­‰ - scan_prompt: čĢ‹į”¨äŊ įš„銗證čŖįŊŽæŽƒæ QR-code。åĻ‚æžœäŊ æ˛’čžĻæŗ•æŽƒæīŧŒæ‰‹å‹•čŧ¸å…Ĩ下éĸįš„čŗ‡æ–™ã€‚ + scan_prompt: čĢ‹į”¨æ‚¨įš„銗證čŖįŊŽæŽƒæ QR-code。åĻ‚æžœæ‚¨æ˛’čžĻæŗ•æŽƒæīŧŒæ‰‹å‹•čŧ¸å…Ĩ下éĸįš„čŗ‡æ–™ã€‚ otp_prompt: čŧ¸å…Ĩ驗證čŖįŊŽä¸Šįš„數字䞆įšŧįēŒã€‚ confirm: æˆ‘åˇ˛æŠŠåžŠåŽŸįĸŧæ”ļ在厉全įš„地斚。 enable: 啟į”¨ - account: 'å¸ŗ號: %{account}' - key: '金鑰: %{key}' - time_based: 'åŸēæ–ŧ時間įš„: 是' + account: å¸ŗ號īŧš%{account} + key: 金鑰īŧš%{key} + time_based: åŸēæ–ŧ時間īŧšæ˜¯ create: - qrcode_expired: QR-code å’Œé‡‘é‘°åˇ˛éŽæœŸã€‚čĢ‹å†é‡æ–°č¨ģ冊čŖįŊŽã€‚ - success: äŊ åˇ˛æˆåŠŸå•Ÿį”¨å¤šé‡čĻį´ éŠ—č­‰ã€‚ + qrcode_expired: QR-code å’Œé‡‘é‘°åˇ˛éŽæœŸã€‚čĢ‹é‡æ–°č¨ģ冊čŖįŊŽã€‚ + success: æ‚¨åˇ˛æˆåŠŸå•Ÿį”¨åŸēæ–ŧ OTP įš„多重čĻį´ éŠ—č­‰ã€‚ recovery: - copied: + copied: "[ åˇ˛č¤‡čŖŊ ]" continue: įšŧįēŒ title: 垊原įĸŧ - copy: + copy: "[ 複čŖŊ ]" saved: note_html: already_generated: destroy: - success: äŊ åˇ˛æˆåŠŸåœį”¨å¤šé‡čĻį´ éŠ—č­‰ã€‚ + success: æ‚¨åˇ˛æˆåŠŸåœį”¨åŸēæ–ŧ OTP įš„多重čĻį´ éŠ—č­‰ã€‚ update: - invalid_level: - success: äŊ åˇ˛æˆåŠŸäŋŽæ”šå¤šé‡éŠ—č­‰į­‰į´šã€‚ + invalid_level: MFA į­‰į´šį„Ąæ•ˆã€‚ + success: æ‚¨åˇ˛æˆåŠŸäŋŽæ”šå¤šé‡éŠ—č­‰į­‰į´šã€‚ prompt: webauthn_credential_note: sign_in_with_webauthn_credential: - otp_code: - otp_or_recovery: - recovery_code: + otp_code: OTP įĸŧ + otp_or_recovery: OTP 或垊原įĸŧ + recovery_code: 垊原įĸŧ recovery_code_html: - security_device: - verify_code: + security_device: 厉全čŖįŊŽ + verify_code: 驗證įĸŧ notifiers: update: - success: + success: æ‚¨åˇ˛æˆåŠŸæ›´æ–°æ‚¨įš„é›ģ子éƒĩäģļ通įŸĨč¨­åŽšã€‚ show: - info: - 'on': - 'off': - recommended: - title: - update: - owner_heading: - owner_request_heading: - push_heading: + info: į‚ē協劊åĩæ¸ŦæœĒįļ“授æŦŠįš„ Gem 或所有æŦŠčŽŠæ›´īŧŒæˆ‘們將在您擁有įš„ Gem 推送新į‰ˆæœŦ、遭į§ģ除īŧŒæˆ–æ–°åĸžæ“æœ‰č€…時å‚ŗ送é›ģ子éƒĩäģļįĩĻ您。在æŽĨæ”ļå’Œé–ąčŽ€é€™äē›éƒĩäģļįš„同時īŧŒæ‚¨äšŸåœ¨äŋč­ˇ + Ruby įš„į”Ÿæ…‹åœˆã€‚ + 'on': 開 + 'off': 關 + recommended: åģēč­° + title: é›ģ子éƒĩäģļ通įŸĨ + update: 更新 + owner_heading: 所有æŦŠé€šįŸĨ + owner_request_heading: 所有æŦŠčĢ‹æą‚通įŸĨ + push_heading: 推送通įŸĨ webauthn_verifications: - expired_or_already_used: - no_port: + expired_or_already_used: 您所äŊŋį”¨įš„é€Ŗįĩä¸­įš„æŦŠæ–åˇ˛éŽæœŸæˆ–čĸĢäŊŋį”¨ã€‚ + no_port: æœĒ提䞛é€ŖæŽĨ埠。čĢ‹å†čŠĻ一æŦĄã€‚ pending: prompt: - title: - authenticating_as: - authenticate: - no_webauthn_devices: + title: 透過厉全čŖįŊŽéŠ—č­‰ + authenticating_as: 驗證čēĢ分į‚ē + authenticate: 驗證 + no_webauthn_devices: 您æœĒ啟į”¨äģģäŊ•åŽ‰å…¨čŖįŊŽ successful_verification: - title: - close_browser: + title: 成功īŧ + close_browser: čĢ‹é—œé–‰æ­¤į€čĻŊ器。 failed_verification: - title: - close_browser: + title: 錯čĒ¤ - éŠ—č­‰å¤ąæ•— + close_browser: čĢ‹é—œé–‰æ­¤į€čĻŊ器ä¸Ļ重čŠĻ。 owners: confirm: confirmed_email: - token_expired: + token_expired: įĸēčĒæŦŠæ–åˇ˛éŽæœŸã€‚čĢ‹åžž Gem 頁éĸ嘗čŠĻ重新å‚ŗ送æŦŠæ–。 index: - add_owner: - name: - mfa: - status: - confirmed_at: - added_by: - action: + add_owner: 新åĸžæ“æœ‰č€… + name: æ“æœ‰č€… + mfa: MFA į‹€æ…‹ + status: į‹€æ…‹ + confirmed_at: įĸēčĒæ–ŧ + added_by: 新åĸžč€… + action: 操äŊœ email_field: - submit_button: - info: - confirmed: - pending: - confirm_remove: + submit_button: 新åĸžæ“æœ‰č€… + info: 新åĸžæˆ–į§ģé™¤æ“æœ‰č€… + confirmed: åˇ˛įĸēčĒ + pending: åž…įĸēčĒ + confirm_remove: 您įĸē厚čĻå°‡æ­¤äŊŋį”¨č€…åžžæ“æœ‰č€…åå–Žä¸­į§ģ除嗎īŧŸ resend_confirmation: resent_notice: create: - success_notice: + success_notice: "%{handle} åˇ˛äģĨæœĒįĸēčĒæ“æœ‰č€…įš„čēĢ分加å…Ĩ。所有æŦŠå­˜å–將在äŊŋį”¨č€…éģžæ“Šå‚ŗ送到äģ–們įš„é›ģ子éƒĩäģļ地址įš„įĸēčĒäŋĄåžŒå•Ÿį”¨ã€‚" destroy: removed_notice: - failed_notice: - mfa_required: + failed_notice: į„Ąæŗ•į§ģ除 Gem įš„å”¯ä¸€æ“æœ‰č€… + mfa_required: Gem 啟į”¨äē† MFA čĻæą‚īŧŒčĢ‹č¨­åŽšæ‚¨įš„å¸ŗ號įš„ MFA。 settings: edit: - title: - webauthn_credentials: - no_webauthn_credentials: - webauthn_credential_note: - otp_code: + title: įˇ¨čŧ¯č¨­åŽš + webauthn_credentials: 厉全čŖįŊŽ + no_webauthn_credentials: æ‚¨æ˛’æœ‰äģģäŊ•åŽ‰å…¨čŖįŊŽ + webauthn_credential_note: 厉全čŖįŊŽå¯äģĨ是äģģäŊ•éĩåžĒ FIDO2 標æē–įš„čŖįŊŽīŧŒäž‹åĻ‚厉全或į”Ÿį‰Šį‰šåžĩ金鑰。 + otp_code: OTP 或垊原įĸŧ api_access: - confirm_reset: įĸē厚čĻé‡č¨­å—ŽīŧŸæ­¤å‹•äŊœį„Ąæŗ•é‚„原 - credentials_html: åĻ‚æžœäŊ éœ€čĻåžž command line ä¸­åŸˇčĄŒ %{gem_commands_link}īŧŒäŊ éœ€čĻå…ˆæē–å‚™ %{gem_credentials_file} - 這個æĒ”æĄˆīŧŒį”¨äģĨ下įš„指äģ¤å¯äģĨį”ĸį”Ÿīŧš - key_is_html: äŊ įš„ API key 是 %{key}。 - link_text: Gem 指äģ¤ - reset: 重設 API key + confirm_reset: įĸē厚čĻé‡č¨­å—ŽīŧŸæ­¤å‹•äŊœį„Ąæŗ•é‚„原。 + credentials_html: åĻ‚果您需čĻåžžå‘Ŋäģ¤åˆ—ä¸­åŸˇčĄŒ %{gem_commands_link}īŧŒæ‚¨éœ€čĻå…ˆæē–å‚™ %{gem_credentials_file} + 這個æĒ”æĄˆīŧŒå¯äģĨäŊŋį”¨äģĨ下įš„å‘Ŋäģ¤į”ĸį”Ÿīŧš + key_is_html: 您įš„ API key 是 %{key}。 + link_text: Gem å‘Ŋäģ¤ + reset: é‡č¨­æˆ‘įš„ API 金鑰 reset_all: title: API 存取 reset_password: title: é‡č¨­å¯†įĸŧ mfa: multifactor_auth: 多重čĻį´ éŠ—č­‰ - otp: - disabled_html: + otp: éŠ—č­‰å™¨æ‡‰į”¨į¨‹åŧ + disabled_html: 您尚æœĒ啟į”¨åŸēæ–ŧ OTP įš„多重čĻį´ éŠ—č­‰ã€‚čĢ‹åƒé–ą RubyGems + MFA 指南䞆äē†č§Ŗ關æ–ŧ MFA į­‰į´šįš„čŗ‡č¨Šã€‚ go_settings: č¨ģ冊新čŖįŊŽ - level_html: - enabled_note: + level_html: æ‚¨åˇ˛å•Ÿį”¨å¤šé‡čĻį´ éŠ—č­‰ã€‚čĢ‹éģžæ“Š '更新' äž†čŽŠæ›´æ‚¨įš„ MFA į­‰į´šã€‚čĢ‹åƒé–ą RubyGems + MFA 指南䞆äē†č§Ŗ關æ–ŧ MFA į­‰į´šįš„čŗ‡č¨Šã€‚ + enabled_note: æ‚¨åˇ˛å•Ÿį”¨å¤šé‡čĻį´ éŠ—č­‰ã€‚čĢ‹čŧ¸å…ĨéŠ—č­‰å™¨æäž›įš„ OTP įĸŧ或垊原įĸŧ䞆停į”¨ã€‚ update: 更新 - disable: - enabled: - disabled: + disable: 停į”¨ + enabled: åˇ˛å•Ÿį”¨ + disabled: åˇ˛åœį”¨ level: title: å¤šé‡éŠ—č­‰į­‰į´š disabled: 停į”¨ - ui_only: åĒ有äŊŋį”¨č€…äģ‹éĸ - ui_and_api: äŊŋį”¨č€…äģ‹éĸ與API - ui_and_gem_signin: + ui_only: 僅äŊŋį”¨č€…äģ‹éĸ + ui_and_api: äŊŋį”¨č€…äģ‹éĸ與 API (åģēč­°) + ui_and_gem_signin: äŊŋį”¨č€…äģ‹éĸ和 Gem į™ģå…Ĩ profiles: adoptions: no_ownership_calls: - no_ownership_requests: - title: - subtitle_html: + no_ownership_requests: 您尚æœĒåģēįĢ‹äģģäŊ•æ‰€æœ‰æŦŠčĢ‹æą‚。 + title: čĒé¤Š + subtitle_html: čĢ‹æą‚æ–°įļ­č­ˇč€…或所有æŦŠ (äē†č§ŖčŠŗ情) edit: change_avatar: disabled_avatar_html: - email_awaiting_confirmation: čĢ‹éŠ—č­‰äŊ įš„æ–° Email %{unconfirmed_email} + email_awaiting_confirmation: čĢ‹įĸēčĒæ‚¨įš„æ–°é›ģ子éƒĩäģļ地址 %{unconfirmed_email} enter_password: čŧ¸å…Ĩ密įĸŧ - optional_full_name: + optional_full_name: 選åĄĢ。將å…Ŧé–‹éĄ¯į¤ē optional_twitter_username: X å¸ŗ號īŧˆå¯é¸īŧ‰ twitter_username: å¸ŗ號 title: įˇ¨čŧ¯å€‹äēēæĒ”æĄˆ delete: delete: åˆĒ除 - delete_profile: åˆĒ除個äēēčŗ‡æ–™ + delete_profile: åˆĒ除個äēēæĒ”æĄˆ warning: č­Ļ告 delete: - title: - confirm: - instructions: - list_only_owner_html: - list_multi_owner: + title: åˆĒ除個äēēæĒ”æĄˆ + confirm: įĸēčĒ + instructions: 我們垈éē憞 + list_only_owner_html: 這äē› Gems å°‡čˆ‡æ‚¨įš„個äēēæĒ”æĄˆä¸€čĩˇčĸĢį§ģ除。åĻ‚果您æƒŗčĻåœ¨åˆĒ除個äēēæĒ”æĄˆå‰æ–°åĸžæ“æœ‰č€…īŧŒčĢ‹äŊŋį”¨ %{command_link} + å‘Ŋäģ¤ã€‚ + list_multi_owner: æ‚¨å°‡å¤ąåŽģ這äē› Gem įš„存取æŦŠīŧŒäŊ†å…ļäģ–æ“æœ‰č€…å°‡ä¸å—åŊąéŸŋ。 warning: č­Ļ告 rubygem: - owners_header: + owners_header: æ“æœ‰č€… destroy: request_queued: update: - confirmation_mail_sent: - updated: - public_email: 在å…Ŧ開įš„個äēē頁éĸä¸­åą•į¤ē email - request_denied: + confirmation_mail_sent: 您將在嚞分鐘內æ”ļ到一封éƒĩäģļ。內åĢįĸēčĒæ‚¨æ–°įš„é›ģ子éƒĩäģļ地址įš„指į¤ē。 + updated: 您įš„個äēēæĒ”æĄˆåˇ˛æ›´æ–°ã€‚ + public_email: 在å…Ŧ開個äēēæĒ”æĄˆéĄ¯į¤ēé›ģ子éƒĩäģļ地址 + request_denied: æ­¤čĢ‹æą‚遭拒。我們į„Ąæŗ•éŠ—č­‰æ‚¨įš„密įĸŧ。 show: - title: įŽ€äģ‹ %{username} + title: "%{username} įš„個äēēæĒ”æĄˆ" security_events: title: description_html: @@ -587,8 +606,8 @@ zh-TW: downloads_for_this_version: 這個į‰ˆæœŦ required_ruby_version: Ruby į‰ˆæœŦéœ€æą‚ required_rubygems_version: RubyGems į‰ˆæœŦéœ€æą‚ - requires_mfa: - released_with_mfa: + requires_mfa: 新į‰ˆæœŦ需čĻ MFA + released_with_mfa: äŊŋį”¨ MFA į™ŧ布įš„į‰ˆæœŦ links: badge: åžŊįĢ  bugs: Bug čŋŊ蚤 @@ -600,39 +619,39 @@ zh-TW: header: į›¸é—œé€Ŗįĩ home: éĻ–頁 mail: éƒĩäģļįž¤įĩ„ - report_abuse: čˆ‰å ąæŠ•č¨´ + report_abuse: æĒĸ舉æŋĢį”¨ reverse_dependencies: 反向䞝čŗ´ review_changes: rss: RSS subscribe: 訂閱 unsubscribe: 取æļˆč¨‚é–ą wiki: Wiki - resend_ownership_confirmation: - ownership: + resend_ownership_confirmation: 重新å‚ŗ送įĸēčĒäŋĄ + ownership: 所有æŦŠ oidc: api_key_role: name: new: trusted_publishers: reserved: - reserved_namespace: + reserved_namespace: æ­¤å‘Ŋ名įŠē間čĸĢ rubygems.org äŋį•™ã€‚ dependencies: header: "%{title} į›¸äžæ€§åĨ—äģļ" gem_members: authors_header: äŊœč€… self_no_mfa_warning_html: - not_using_mfa_warning_show: - not_using_mfa_warning_hide: + not_using_mfa_warning_show: "* 某äē›æ“æœ‰č€…æœĒäŊŋį”¨å¤šé‡čĻį´ éŠ—č­‰ (MFA)。éģžæ“Šæ­¤č™•äģĨéĄ¯į¤ē厌整名喎。" + not_using_mfa_warning_hide: "* ä¸‹åˆ—æ“æœ‰č€…æœĒäŊŋį”¨å¤šé‡čĻį´ éŠ—č­‰ (MFA)。éģžæ“Šæ­¤č™•äģĨéšąč—ã€‚" owners_header: æ“æœ‰č€… - pushed_by: - using_mfa_info: - yanked_by: - sha_256_checksum: SHA 256 checksum - signature_period: - expired: + pushed_by: æŽ¨é€č€… + using_mfa_info: "* æ“æœ‰č€…įš†äŊŋį”¨å¤šé‡čĻį´ éŠ—č­‰ (MFA)。" + yanked_by: į§ģ除者 + sha_256_checksum: SHA 256 į¸Ŋ和æĒĸæŸĨįĸŧ + signature_period: į°Ŋ名有效期 + expired: åˇ˛éŽæœŸ version_navigation: - previous_version: - next_version: + previous_version: "← 上一į‰ˆæœŦ" + next_version: 下一į‰ˆæœŦ → index: downloads: 下čŧ‰ title: Gems @@ -640,15 +659,15 @@ zh-TW: bundler_header: Gemfile install: 厉čŖ licenses_header: - one: License - other: License + one: 授æŦŠ + other: 授æŦŠ no_licenses: į„Ą requirements_header: åŋ…åĄĢ show_all_versions: éĄ¯į¤ē所有į‰ˆæœŦīŧˆå…ą %{count}īŧ‰ versions_header: į‰ˆæœŦåˆ—čĄ¨ yanked_notice: 這個 Gem į‰ˆæœŦåˇ˛čĸĢį§ģ除īŧŒå› æ­¤į„Ąæŗ•æäž›ä¸‹čŧ‰īŧŒäšŸį„Ąæŗ•čĸĢå…ļäģ–įš„ Gem į›¸äžã€‚ show_yanked: - not_hosted_notice: 這個 Gem į›Žå‰æ˛’有在 Gemcutter 上 + not_hosted_notice: 這個 Gem į›Žå‰æ˛’有在 RubyGems.org 上 reserved_namespace_html: one: other: @@ -657,62 +676,64 @@ zh-TW: description_html: reverse_dependencies: index: - title: - subtitle: - no_reverse_dependencies: + title: "%{name} įš„反向䞝čŗ´" + subtitle: 下列 Gems įš„最新į‰ˆæœŦ需čĻ %{name} + no_reverse_dependencies: æ­¤ Gem æ˛’æœ‰åå‘äžčŗ´ã€‚ search: - search_reverse_dependencies_html: + search_reverse_dependencies_html: 搜尋反向䞝čŗ´ Gems… searches: advanced: name: 名į¨ą summary: 摘čĻ description: 描čŋ° downloads: 下čŧ‰æ•¸ - updated: 最垌更新時間 - yanked: + updated: 更新æ–ŧ + yanked: į§ģ除æ–ŧ show: subtitle: "%{query}" - month_update: - week_update: + month_update: æ–ŧ最čŋ‘一個月更新 (%{count}) + week_update: æ–ŧ最čŋ‘ä¸€é€ąæ›´æ–° (%{count}) filter: - yanked: - suggestion: + yanked: 遭į§ģ除 (%{count}) + suggestion: 您是不是在扞 sessions: new: forgot_password: åŋ˜č¨˜å¯†įĸŧīŧŸ resend_confirmation: æ˛’æ”ļ到įĸēčĒäŋĄīŧŸ verify: - title: - confirm: - notice: + title: įĸēčĒå¯†įĸŧ + confirm: įĸēčĒ + notice: čĢ‹įĸēčĒæ‚¨įš„密įĸŧäģĨįšŧįēŒã€‚ create: account_blocked: stats: index: - title: + title: įĩąč¨ˆčŗ‡æ–™ all_time_most_downloaded: æ­ˇå˛ä¸‹čŧ‰æŦĄæ•¸æŽ’čĄŒ total_downloads: į¸Ŋ下čŧ‰æŦĄæ•¸ total_gems: Gems į¸Ŋ數 total_users: į¸ŊäŊŋį”¨č€…數量 users: create: - email_sent: åˇ˛į™ŧ送įĸēčĒäŋĄåˆ°äŊ įš„äŋĄįŽąåœ°å€ã€‚ + email_sent: åˇ˛å‚ŗ送įĸēčĒäŋĄåˆ°æ‚¨įš„é›ģ子éƒĩäģļ地址。 new: have_account: åˇ˛įļ“č¨ģ冊過äē†īŧŸ versions: index: - not_hosted_notice: 這個 Gem į›Žå‰æ˛’有在 Gemcutter 上 + not_hosted_notice: 這個 Gem į›Žå‰æ˛’有在 RubyGems.org 上 title: "%{name} įš„所有į‰ˆæœŦ" versions_since: other: č‡Ēåžž %{since} äģĨ來īŧŒæœ‰ %{count} 個į‰ˆæœŦ one: č‡Ēåžž %{since} äģĨ來īŧŒæœ‰ %{count} 個į‰ˆæœŦ - imported_gem_version_notice: + imported_gem_version_notice: æ­¤į‰ˆæœŦįš„ Gem æ–ŧ %{import_date} 匯å…Ĩ RubyGems.orgã€‚éĄ¯į¤ēæ—Ĩ期į”ąäŊœč€…在 + gemspec 指厚。 version: yanked: åˇ˛čĸĢį§ģ除 adoptions: index: - title: - subtitle_owner_html: + title: čĒé¤Š + subtitle_owner_html: čĢ‹æą‚æ–°įš„įļ­č­ˇč€…加å…Ĩ %{gem} (read + more) subtitle_user_html: ownership_calls: no_ownership_calls: @@ -722,54 +743,55 @@ zh-TW: create: success_notice: index: - title: - subtitle_html: - share_requirements: + title: åžĩæą‚įļ­č­ˇč€… + subtitle_html: RubyGems æ­Ŗ在尋扞新įš„įļ­č­ˇč€…加å…Ĩ團隊 (äē†č§ŖčŠŗ情) + share_requirements: čĢ‹čĒĒ明您需čĻå“Ēæ–šéĸįš„協劊 note_for_applicants: - created_by: + created_by: åģēįĢ‹č€… details: - apply: - close: - markup_supported_html: + apply: į”ŗčĢ‹ + close: 關閉 + markup_supported_html: 支援 + Rdoc æ¨™č¨˜čĒžč¨€ create_call: ownership_requests: create: - success_notice: + success_notice: 您įš„所有æŦŠčĢ‹æą‚åˇ˛é€å‡ē。 update: - approved_notice: + approved_notice: 所有æŦŠčĢ‹æą‚åˇ˛æ ¸å‡†ã€‚%{name} åˇ˛åŠ å…Ĩæ“æœ‰č€…åå–Žã€‚ closed_notice: close: success_notice: - ownership_requests: + ownership_requests: 所有æŦŠčĢ‹æą‚ note_for_owners: - your_ownership_requests: - close_all: + your_ownership_requests: 您įš„所有æŦŠčĢ‹æą‚ + close_all: 全部關閉 approve: - gems_published: - created_at: - no_ownership_requests: - create_req: + gems_published: åˇ˛į™ŧ布įš„ Gems + created_at: åģēįĢ‹æ–ŧ + no_ownership_requests: 您įš„å°ˆæĄˆįš„加å…ĨčĢ‹æą‚å°‡åœ¨æ­¤éĄ¯į¤ē。 + create_req: åģēįĢ‹æ‰€æœ‰æŦŠčĢ‹æą‚ signin_to_create_html: webauthn_credentials: callback: - success: + success: æ‚¨åˇ˛æˆåŠŸč¨ģ冊厉全čŖįŊŽã€‚ recovery: - continue: - title: + continue: įšŧįēŒ + title: æ‚¨åˇ˛æˆåŠŸæ–°åĸžåŽ‰å…¨čŖįŊŽ notice_html: - copied: - copy: + copied: "[ åˇ˛č¤‡čŖŊ ]" + copy: "[ 複čŖŊ ]" saved: webauthn_credential: - confirm_delete: - delete_failed: - delete: - confirm: - saved: + confirm_delete: åˇ˛åˆĒ除čĒč­‰ + delete_failed: į„Ąæŗ•åˆĒ除čĒč­‰ + delete: åˆĒ除 + confirm: 您įĸē厚čĻåˆĒ除此čĒč­‰å—ŽīŧŸ + saved: åˇ˛æˆåŠŸåģēįĢ‹åŽ‰å…¨čŖįŊŽ form: - new_device: - nickname: - submit: + new_device: č¨ģ冊新厉全čŖįŊŽ + nickname: æšąį¨ą + submit: č¨ģ冊čŖįŊŽ oidc: api_key_roles: index: From be98212669fa38ba00a4d4eeab585f91ccddf336 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 20:51:07 +0200 Subject: [PATCH 37/60] Add missing straighforward foreign keys. (#4561) - adding those should not casue any troubles data-wise in production - two-phased migration for no database write locks --- db/migrate/20240327004732_add_foreign_keys.rb | 14 ++++++++++++++ db/migrate/20240327005038_validate_new_keys.rb | 14 ++++++++++++++ db/schema.rb | 10 ++++++++++ 3 files changed, 38 insertions(+) create mode 100644 db/migrate/20240327004732_add_foreign_keys.rb create mode 100644 db/migrate/20240327005038_validate_new_keys.rb diff --git a/db/migrate/20240327004732_add_foreign_keys.rb b/db/migrate/20240327004732_add_foreign_keys.rb new file mode 100644 index 00000000000..ca681b43e94 --- /dev/null +++ b/db/migrate/20240327004732_add_foreign_keys.rb @@ -0,0 +1,14 @@ +class AddForeignKeys < ActiveRecord::Migration[7.1] + def change + add_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk", validate: false + add_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk", validate: false + add_foreign_key "ownership_calls", "rubygems", name: "ownership_calls_rubygem_id_fk", validate: false + add_foreign_key "ownership_calls", "users", name: "ownership_calls_user_id_fk", validate: false + add_foreign_key "ownership_requests", "users", column: "approver_id", name: "ownership_requests_approver_id_fk", validate: false + add_foreign_key "ownership_requests", "ownership_calls", name: "ownership_requests_ownership_call_id_fk", validate: false + add_foreign_key "ownership_requests", "rubygems", name: "ownership_requests_rubygem_id_fk", validate: false + add_foreign_key "ownership_requests", "users", name: "ownership_requests_user_id_fk", validate: false + add_foreign_key "versions", "rubygems", name: "versions_rubygem_id_fk", validate: false + add_foreign_key "web_hooks", "users", name: "web_hooks_user_id_fk", validate: false + end +end diff --git a/db/migrate/20240327005038_validate_new_keys.rb b/db/migrate/20240327005038_validate_new_keys.rb new file mode 100644 index 00000000000..13d28610826 --- /dev/null +++ b/db/migrate/20240327005038_validate_new_keys.rb @@ -0,0 +1,14 @@ +class ValidateNewKeys < ActiveRecord::Migration[7.1] + def change + validate_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk" + validate_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk" + validate_foreign_key "ownership_calls", "rubygems", name: "ownership_calls_rubygem_id_fk" + validate_foreign_key "ownership_calls", "users", name: "ownership_calls_user_id_fk" + validate_foreign_key "ownership_requests", "users", column: "approver_id", name: "ownership_requests_approver_id_fk" + validate_foreign_key "ownership_requests", "ownership_calls", name: "ownership_requests_ownership_call_id_fk" + validate_foreign_key "ownership_requests", "rubygems", name: "ownership_requests_rubygem_id_fk" + validate_foreign_key "ownership_requests", "users", name: "ownership_requests_user_id_fk" + validate_foreign_key "versions", "rubygems", name: "versions_rubygem_id_fk" + validate_foreign_key "web_hooks", "users", name: "web_hooks_user_id_fk" + end +end diff --git a/db/schema.rb b/db/schema.rb index 1b8e4a5ed60..a752ea4a969 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -579,6 +579,8 @@ t.index ["user_id"], name: "index_webauthn_verifications_on_user_id", unique: true end + add_foreign_key "api_key_rubygem_scopes", "api_keys", name: "api_key_rubygem_scopes_api_key_id_fk" + add_foreign_key "audits", "admin_github_users", name: "audits_admin_github_user_id_fk" add_foreign_key "events_rubygem_events", "geoip_infos" add_foreign_key "events_rubygem_events", "ip_addresses" add_foreign_key "events_rubygem_events", "rubygems" @@ -592,8 +594,16 @@ add_foreign_key "oidc_id_tokens", "oidc_api_key_roles" add_foreign_key "oidc_pending_trusted_publishers", "users" add_foreign_key "oidc_rubygem_trusted_publishers", "rubygems" + add_foreign_key "ownership_calls", "rubygems", name: "ownership_calls_rubygem_id_fk" + add_foreign_key "ownership_calls", "users", name: "ownership_calls_user_id_fk" + add_foreign_key "ownership_requests", "ownership_calls", name: "ownership_requests_ownership_call_id_fk" + add_foreign_key "ownership_requests", "rubygems", name: "ownership_requests_rubygem_id_fk" + add_foreign_key "ownership_requests", "users", column: "approver_id", name: "ownership_requests_approver_id_fk" + add_foreign_key "ownership_requests", "users", name: "ownership_requests_user_id_fk" add_foreign_key "ownerships", "users", on_delete: :cascade add_foreign_key "versions", "api_keys", column: "pusher_api_key_id" + add_foreign_key "versions", "rubygems", name: "versions_rubygem_id_fk" + add_foreign_key "web_hooks", "users", name: "web_hooks_user_id_fk" add_foreign_key "webauthn_credentials", "users" add_foreign_key "webauthn_verifications", "users" end From 447c743a4e004eb8205c9d8edb03f3ef9c1ba1b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 20:49:49 +0200 Subject: [PATCH 38/60] Use Ruby 3.3.2 and latest RubyGems/Bundler. --- .github/actions/setup-rubygems.org/action.yml | 2 +- .github/workflows/docker.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .ruby-version | 2 +- Dockerfile | 4 ++-- Gemfile.lock | 4 ++-- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/actions/setup-rubygems.org/action.yml b/.github/actions/setup-rubygems.org/action.yml index 0de437399f6..00969ffe0a7 100644 --- a/.github/actions/setup-rubygems.org/action.yml +++ b/.github/actions/setup-rubygems.org/action.yml @@ -14,7 +14,7 @@ runs: shell: bash run: | docker compose up -d --wait - - uses: ruby/setup-ruby@70da3bbf44ac06db1b0547ce2acc9380a5270d1e # v1.175.0 + - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 with: ruby-version: ${{ inputs.ruby-version }} bundler-cache: true diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c6615b58736..ac1676db5be 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -14,8 +14,8 @@ jobs: name: Docker build (and optional push) runs-on: ubuntu-22.04 env: - RUBYGEMS_VERSION: 3.5.10 - RUBY_VERSION: 3.3.1 + RUBYGEMS_VERSION: 3.5.11 + RUBY_VERSION: 3.3.2 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Set up Docker Buildx diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8b3c722f243..7bdd6304f7e 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,10 +26,10 @@ jobs: matrix: rubygems: - name: locked - version: "3.5.10" + version: "3.5.11" - name: latest version: latest - ruby_version: ["3.3.1"] + ruby_version: ["3.3.2"] tests: - name: general command: test diff --git a/.ruby-version b/.ruby-version index bea438e9ade..47725433179 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -3.3.1 +3.3.2 diff --git a/Dockerfile b/Dockerfile index 26bc08ea152..29f9ce05760 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,8 @@ # syntax = docker/dockerfile:1.4 # Make sure RUBY_VERSION matches the Ruby version in .ruby-version and Gemfile -ARG RUBY_VERSION=3.3.1 -ARG ALPINE_VERSION=3.18 +ARG RUBY_VERSION=3.3.2 +ARG ALPINE_VERSION=3.20 FROM ruby:$RUBY_VERSION-alpine${ALPINE_VERSION} as base # Install packages diff --git a/Gemfile.lock b/Gemfile.lock index 22566b9b51d..da13327b940 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1160,7 +1160,7 @@ CHECKSUMS zeitwerk (2.6.15) sha256=b2e68622ba95680a357430c89e1777d6e6796d63c7c02e8790cc38f4c33822cf RUBY VERSION - ruby 3.3.1p55 + ruby 3.3.2p78 BUNDLED WITH - 2.5.10 + 2.5.11 From 001e92d4f5e8137a0c6c7688bd466ee4e8075f64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 21:26:28 +0200 Subject: [PATCH 39/60] Add rubygem_id foreign key constraint to linksets table. (#4571) --- db/migrate/20240328003844_add_linkset_foreign_key.rb | 5 +++++ db/migrate/20240328004017_validate_linkset_foreign_key.rb | 5 +++++ db/schema.rb | 1 + 3 files changed, 11 insertions(+) create mode 100644 db/migrate/20240328003844_add_linkset_foreign_key.rb create mode 100644 db/migrate/20240328004017_validate_linkset_foreign_key.rb diff --git a/db/migrate/20240328003844_add_linkset_foreign_key.rb b/db/migrate/20240328003844_add_linkset_foreign_key.rb new file mode 100644 index 00000000000..9f98f960590 --- /dev/null +++ b/db/migrate/20240328003844_add_linkset_foreign_key.rb @@ -0,0 +1,5 @@ +class AddLinksetForeignKey < ActiveRecord::Migration[7.1] + def change + add_foreign_key "linksets", "rubygems", name: "linksets_rubygem_id_fk", validate: false + end +end diff --git a/db/migrate/20240328004017_validate_linkset_foreign_key.rb b/db/migrate/20240328004017_validate_linkset_foreign_key.rb new file mode 100644 index 00000000000..6d42471cde1 --- /dev/null +++ b/db/migrate/20240328004017_validate_linkset_foreign_key.rb @@ -0,0 +1,5 @@ +class ValidateLinksetForeignKey < ActiveRecord::Migration[7.1] + def change + validate_foreign_key "linksets", "rubygems", name: "linksets_rubygem_id_fk" + end +end diff --git a/db/schema.rb b/db/schema.rb index a752ea4a969..e1bf4f13690 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -588,6 +588,7 @@ add_foreign_key "events_user_events", "ip_addresses" add_foreign_key "events_user_events", "users" add_foreign_key "ip_addresses", "geoip_infos" + add_foreign_key "linksets", "rubygems", name: "linksets_rubygem_id_fk" add_foreign_key "oidc_api_key_roles", "oidc_providers" add_foreign_key "oidc_api_key_roles", "users" add_foreign_key "oidc_id_tokens", "api_keys" From 7b33fe86668a4595103d49de5497004e1e39b764 Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Tue, 5 Sep 2023 10:10:46 -0500 Subject: [PATCH 40/60] Backfill linkset links to version metadata So we can complete the migration off of linkset entirely Next step after this merges & the backfill is run is to completely stop reading/writing linksets --- app/models/rubygem.rb | 4 +- ..._linkset_links_to_version_metadata_task.rb | 37 ++++++++ ...set_links_to_version_metadata_task_test.rb | 91 +++++++++++++++++++ 3 files changed, 130 insertions(+), 2 deletions(-) create mode 100644 app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb create mode 100644 test/tasks/maintenance/backfill_linkset_links_to_version_metadata_task_test.rb diff --git a/app/models/rubygem.rb b/app/models/rubygem.rb index 846a643dfa7..2c52d9f1588 100644 --- a/app/models/rubygem.rb +++ b/app/models/rubygem.rb @@ -130,9 +130,9 @@ def self.current_rubygems_release end def all_errors(version = nil) - [self, linkset, version].compact.map do |ar| + [self, linkset, version].compact.flat_map do |ar| ar.errors.full_messages - end.flatten.join(", ") + end.join(", ") end has_many :public_versions, -> { by_position.published }, class_name: "Version", inverse_of: :rubygem diff --git a/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb b/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb new file mode 100644 index 00000000000..be2c2078d0e --- /dev/null +++ b/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +class Maintenance::BackfillLinksetLinksToVersionMetadataTask < MaintenanceTasks::Task + def collection + Version.all.includes(:rubygem, rubygem: [:linkset]) + end + + def process(version) + return unless (linkset = version.rubygem.linkset) + + if version.metadata_uri_set? + # only the homepage does not respect #metadata_uri_set? + backfill_links(version, linkset, Links::LINKS.slice("home")) + else + backfill_links(version, linkset, Links::LINKS) + end + end + + private + + def backfill_links(version, linkset, links) + # would need a transaction since we're updating multiple attributes and + # metadata_uri_set? needs to be updated atomically to keep the backfill idempotent, + # but there is only a single update being issued here + + changes = false + links.each do |short, long| + next if version.metadata[long].present? + + next unless (value = linkset[short.to_sym]) + + version.metadata[long] = value + changes = true + end + version.save! if changes + end +end diff --git a/test/tasks/maintenance/backfill_linkset_links_to_version_metadata_task_test.rb b/test/tasks/maintenance/backfill_linkset_links_to_version_metadata_task_test.rb new file mode 100644 index 00000000000..258ed6d2b38 --- /dev/null +++ b/test/tasks/maintenance/backfill_linkset_links_to_version_metadata_task_test.rb @@ -0,0 +1,91 @@ +# frozen_string_literal: true + +require "test_helper" + +class Maintenance::BackfillLinksetLinksToVersionMetadataTaskTest < ActiveSupport::TestCase + context "#collection" do + should "return all versions" do + assert_equal Version.count, Maintenance::BackfillLinksetLinksToVersionMetadataTask.collection.count + end + end + + context "#process" do + context "without a linkset" do + setup do + @version = create(:version) + @rubygem = @version.rubygem + @rubygem.update!(linkset: nil) + end + + should "not change version metadata" do + assert_no_changes "@version.reload.metadata" do + Maintenance::BackfillLinksetLinksToVersionMetadataTask.process(@version) + end + end + end + + context "with a linkset and version metadata uris" do + setup do + @version = create( + :version, + metadata: { + "source_code_uri" => "https://example.com/source", + "documentation_uri" => "https://example.com/docs", + "foo" => "bar" + } + ) + @rubygem = @version.rubygem + @rubygem.linkset.update!("home" => "https://example.com/home", + "wiki" => "https://example.com/wiki") + end + + should "only update the home uri" do + Maintenance::BackfillLinksetLinksToVersionMetadataTask.process(@version) + + assert_equal({ + "source_code_uri" => "https://example.com/source", + "documentation_uri" => "https://example.com/docs", + "foo" => "bar", + "homepage_uri" => "https://example.com/home" + }, @version.reload.metadata) + end + + should "not update the home uri when present in metadata" do + @version.metadata["homepage_uri"] = "https://example.com/home/custom" + @version.save! + + Maintenance::BackfillLinksetLinksToVersionMetadataTask.process(@version) + + assert_equal({ + "source_code_uri" => "https://example.com/source", + "documentation_uri" => "https://example.com/docs", + "foo" => "bar", + "homepage_uri" => "https://example.com/home/custom" + }, @version.reload.metadata) + end + end + + context "with a linkset and no version metadata uris" do + setup do + @version = create(:version, metadata: { "foo" => "bar" }) + @rubygem = @version.rubygem + @rubygem.linkset.update!("home" => "https://example.com/home", + "wiki" => "https://example.com/wiki") + end + + should "update the version metadata" do + Maintenance::BackfillLinksetLinksToVersionMetadataTask.process(@version) + + assert_equal({ + "wiki_uri" => "https://example.com/wiki", + "foo" => "bar", + "homepage_uri" => "https://example.com/home", + "bug_tracker_uri" => "http://example.com", + "source_code_uri" => "http://example.com", + "mailing_list_uri" => "http://example.com", + "documentation_uri" => "http://example.com" + }, @version.reload.metadata) + end + end + end +end From a53d1e196c83677592b72525275efa582fa12198 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 21:45:02 +0200 Subject: [PATCH 41/60] Lint backfill maintenance task. --- .../backfill_linkset_links_to_version_metadata_task.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb b/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb index be2c2078d0e..eddbb04aa3f 100644 --- a/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb +++ b/app/tasks/maintenance/backfill_linkset_links_to_version_metadata_task.rb @@ -2,7 +2,7 @@ class Maintenance::BackfillLinksetLinksToVersionMetadataTask < MaintenanceTasks::Task def collection - Version.all.includes(:rubygem, rubygem: [:linkset]) + Version.includes(:rubygem, rubygem: [:linkset]) end def process(version) From 8c6080fbc313712c134b3f433297695640209f2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Sat, 1 Jun 2024 00:48:51 +0200 Subject: [PATCH 42/60] Cleanup database.yml.sample. --- config/database.yml.sample | 9 --------- 1 file changed, 9 deletions(-) diff --git a/config/database.yml.sample b/config/database.yml.sample index 9389ad3e71a..fbc8eb0dcf3 100644 --- a/config/database.yml.sample +++ b/config/database.yml.sample @@ -13,7 +13,6 @@ development: pool: 5 timeout: 5000 - test: primary: <<: *default @@ -24,14 +23,6 @@ test: pool: 5 timeout: 5000 -oidc-api-token: - primary: - <<: *default - database: rubygems_oidc_api_token - min_messages: error - pool: 30 - reconnect: true - staging: primary: <<: *default From c47fb3310758002815eb5028ef90bab411597eba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josef=20=C5=A0im=C3=A1nek?= Date: Fri, 31 May 2024 22:12:51 +0200 Subject: [PATCH 43/60] Add minitest-retry to fix flaky (mostly) Avo tests for now. --- Gemfile | 1 + Gemfile.lock | 4 ++++ test/test_helper.rb | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/Gemfile b/Gemfile index 64979e314ed..916759c8f92 100644 --- a/Gemfile +++ b/Gemfile @@ -123,6 +123,7 @@ end group :test do gem "minitest", "~> 5.23", require: false + gem "minitest-retry", "~> 0.2.2" gem "capybara", "~> 3.40" gem "launchy", "~> 3.0" gem "rack-test", "~> 2.1", require: "rack/test" diff --git a/Gemfile.lock b/Gemfile.lock index da13327b940..25efe43c981 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -400,6 +400,8 @@ GEM builder minitest (>= 5.0) ruby-progressbar + minitest-retry (0.2.2) + minitest (>= 5.0) mocha (2.3.0) ruby2_keywords (>= 0.0.5) msgpack (1.7.2) @@ -808,6 +810,7 @@ DEPENDENCIES minitest (~> 5.23) minitest-gcstats (~> 1.3) minitest-reporters (~> 1.6) + minitest-retry (~> 0.2.2) mocha (~> 2.3) observer (~> 0.1.2) octokit (~> 8.1) @@ -1016,6 +1019,7 @@ CHECKSUMS minitest (5.23.1) sha256=f1e8f8d6ffd96fb17339ce50768bcbbdbbadff5073cb9583d084403877a77abe minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 + minitest-retry (0.2.2) sha256=ea39f8abc3d67a8145ead04ff3828eb45169655c9e6078f182c0271516c03fb0 mocha (2.3.0) sha256=f3af2eee619afe9b67a960a24fcdea3a05f548b528e6974458c89121a0204408 msgpack (1.7.2) sha256=59ab62fd8a4d0dfbde45009f87eb6f158ab2628a7c48886b0256f175166baaa8 multi_json (1.15.0) sha256=1fd04138b6e4a90017e8d1b804c039031399866ff3fbabb7822aea367c78615d diff --git a/test/test_helper.rb b/test/test_helper.rb index 580b2052df9..b7b64ce1f5b 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -29,6 +29,10 @@ require "helpers/oauth_helpers" require "webmock/minitest" require "phlex/testing/rails/view_helper" +require "minitest/retry" + +# Avo tests are super fragile :'( +Minitest::Retry.use! # setup license early since some tests are testing Avo outside of requests # and license is set with first request From 9f138ed78cf78d1c7b1622a7ee5602ce744ea047 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 14:23:15 +0000 Subject: [PATCH 44/60] Bump ruby/setup-ruby from 1.178.0 to 1.179.0 Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.178.0 to 1.179.0. - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Commits](https://github.com/ruby/setup-ruby/compare/0cde4689ba33c09f1b890c1725572ad96751a3fc...d5fb7a202fc07872cb44f00ba8e6197b70cb0c55) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/lint.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 4b9f6a36260..6341d8282a4 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 + - uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0 with: bundler-cache: true - name: Rubocop @@ -23,7 +23,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 + - uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0 with: bundler-cache: true - name: Brakeman @@ -33,7 +33,7 @@ jobs: runs-on: ubuntu-22.04 steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 + - uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0 with: bundler-cache: true - name: Importmap Verify @@ -51,7 +51,7 @@ jobs: - name: login to Github Packages run: echo "${{ github.token }}" | docker login https://ghcr.io -u ${GITHUB_ACTOR} --password-stdin - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: ruby/setup-ruby@0cde4689ba33c09f1b890c1725572ad96751a3fc # v1.178.0 + - uses: ruby/setup-ruby@d5fb7a202fc07872cb44f00ba8e6197b70cb0c55 # v1.179.0 with: bundler-cache: true - name: krane render From d841a4adb72c070fa9607f849dd17625e100c709 Mon Sep 17 00:00:00 2001 From: Samuel Giddins Date: Fri, 24 May 2024 15:54:23 -0700 Subject: [PATCH 45/60] Include spec_sha in webhook request bodies --- app/models/rubygem.rb | 3 ++- test/functional/api/v2/versions_controller_test.rb | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/app/models/rubygem.rb b/app/models/rubygem.rb index 2c52d9f1588..9d94773f0de 100644 --- a/app/models/rubygem.rb +++ b/app/models/rubygem.rb @@ -205,7 +205,7 @@ def links(version = most_recent_version) Links.new(self, version) end - def payload(version = most_recent_version, protocol = Gemcutter::PROTOCOL, host_with_port = Gemcutter::HOST) + def payload(version = most_recent_version, protocol = Gemcutter::PROTOCOL, host_with_port = Gemcutter::HOST) # rubocop:disable Metrics/MethodLength versioned_links = links(version) deps = version.dependencies.to_a.select(&:rubygem) { @@ -221,6 +221,7 @@ def payload(version = most_recent_version, protocol = Gemcutter::PROTOCOL, host_ "metadata" => version.metadata, "yanked" => version.yanked?, "sha" => version.sha256_hex, + "spec_sha" => version.spec_sha256_hex, "project_uri" => "#{protocol}://#{host_with_port}/gems/#{name}", "gem_uri" => "#{protocol}://#{host_with_port}/gems/#{version.gem_file_name}", "homepage_uri" => versioned_links.homepage_uri, diff --git a/test/functional/api/v2/versions_controller_test.rb b/test/functional/api/v2/versions_controller_test.rb index 725f3226f99..1d717a85535 100644 --- a/test/functional/api/v2/versions_controller_test.rb +++ b/test/functional/api/v2/versions_controller_test.rb @@ -217,11 +217,11 @@ def self.should_respond_to(format) assert_equal( %w[ name downloads version version_created_at version_downloads platform - authors info licenses metadata yanked sha project_uri gem_uri + authors info licenses metadata yanked sha spec_sha project_uri gem_uri homepage_uri wiki_uri documentation_uri mailing_list_uri source_code_uri bug_tracker_uri changelog_uri funding_uri dependencies built_at created_at description downloads_count number summary - rubygems_version ruby_version prerelease requirements spec_sha + rubygems_version ruby_version prerelease requirements ], @response.keys ) From c970f782ad08febd54762116d82430d6ed8ec61f Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Mon, 3 Jun 2024 13:41:12 -0700 Subject: [PATCH 46/60] Unify controller OTP validation handling into a before action (#4754) --- app/controllers/concerns/require_mfa.rb | 39 ++++++++++++++++ .../email_confirmations_controller.rb | 30 +++++++------ .../multifactor_auths_controller.rb | 39 ++++++++++------ app/controllers/passwords_controller.rb | 22 ++++++--- app/controllers/sessions_controller.rb | 45 ++++++++++--------- 5 files changed, 122 insertions(+), 53 deletions(-) create mode 100644 app/controllers/concerns/require_mfa.rb diff --git a/app/controllers/concerns/require_mfa.rb b/app/controllers/concerns/require_mfa.rb new file mode 100644 index 00000000000..00dbc580d85 --- /dev/null +++ b/app/controllers/concerns/require_mfa.rb @@ -0,0 +1,39 @@ +module RequireMfa + extend ActiveSupport::Concern + + def otp_param + params.permit(:otp).fetch(:otp, "") + end + + def validate_otp(user = @user) + return mfa_session_expired unless mfa_session_active? + return mfa_not_enabled unless user&.mfa_enabled? + return incorrect_otp unless user.ui_mfa_verified?(otp_param) + @mfa_label = "OTP" + @mfa_method = "otp" + end + + def mfa_session_expired + invalidate_mfa_session(t("multifactor_auths.session_expired")) + end + + def mfa_not_enabled + end + + def incorrect_otp + mfa_failure(t("multifactor_auths.incorrect_otp")) + end + + def invalidate_mfa_session(message) + delete_mfa_session + mfa_failure(message) + end + + def delete_mfa_session + delete_mfa_expiry_session + session.delete(:webauthn_authentication) + session.delete(:mfa_login_started_at) + session.delete(:mfa_user) + session.delete(:level) + end +end diff --git a/app/controllers/email_confirmations_controller.rb b/app/controllers/email_confirmations_controller.rb index fdaf9f9db20..9454ff2ac56 100644 --- a/app/controllers/email_confirmations_controller.rb +++ b/app/controllers/email_confirmations_controller.rb @@ -1,5 +1,6 @@ class EmailConfirmationsController < ApplicationController include EmailResettable + include RequireMfa include MfaExpiryMethods include WebauthnVerifiable @@ -7,6 +8,7 @@ class EmailConfirmationsController < ApplicationController before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?, only: :unconfirmed before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?, only: :unconfirmed before_action :validate_confirmation_token, only: %i[update otp_update webauthn_update] + before_action :validate_otp, only: :otp_update after_action :delete_mfa_expiry_session, only: %i[otp_update webauthn_update] def new @@ -25,8 +27,8 @@ def create def update if @user.mfa_enabled? - @otp_verification_url = otp_update_email_confirmations_url(token: @user.confirmation_token) - setup_webauthn_authentication(form_url: webauthn_update_email_confirmations_url(token: @user.confirmation_token)) + @otp_verification_url = otp_verification_url + setup_webauthn_authentication(form_url: webauthn_verification_url) create_new_mfa_expiry @@ -37,13 +39,7 @@ def update end def otp_update - if otp_update_conditions_met? - confirm_email - elsif !mfa_session_active? - login_failure(t("multifactor_auths.session_expired")) - else - login_failure(t("multifactor_auths.incorrect_otp")) - end + confirm_email end def webauthn_update @@ -96,12 +92,20 @@ def token_params params.permit(:token).require(:token) end - def otp_update_conditions_met? - @user.mfa_enabled? && @user.ui_mfa_verified?(params[:otp]) && mfa_session_active? - end - def login_failure(message) flash.now.alert = message render template: "multifactor_auths/prompt", status: :unauthorized end + + def otp_verification_url + otp_update_email_confirmations_url(token: @user.confirmation_token) + end + + def webauthn_verification_url + webauthn_update_email_confirmations_url(token: @user.confirmation_token) + end + + def mfa_failure(alert) + login_failure(alert) + end end diff --git a/app/controllers/multifactor_auths_controller.rb b/app/controllers/multifactor_auths_controller.rb index 0260fd226ad..adcba718a1c 100644 --- a/app/controllers/multifactor_auths_controller.rb +++ b/app/controllers/multifactor_auths_controller.rb @@ -1,5 +1,6 @@ class MultifactorAuthsController < ApplicationController include MfaExpiryMethods + include RequireMfa include WebauthnVerifiable before_action :redirect_to_signin, unless: :signed_in? @@ -7,7 +8,9 @@ class MultifactorAuthsController < ApplicationController before_action :require_mfa_enabled, only: %i[update otp_update] before_action :require_totp_enabled, only: :destroy before_action :seed_and_expire, only: :create - before_action :verify_session_expiration, only: %i[otp_update webauthn_update] + before_action :verify_session_expiration, only: %i[webauthn_update] + before_action :find_mfa_user, only: %i[otp_update] + before_action :validate_otp, only: %i[otp_update] before_action :disable_cache, only: %i[new recovery] after_action :delete_mfa_level_update_session_variables, only: %i[otp_update webauthn_update] helper_method :issuer @@ -43,8 +46,8 @@ def update session[:level] = level_param @user = current_user - @otp_verification_url = otp_update_multifactor_auth_url(token: current_user.confirmation_token) - setup_webauthn_authentication(form_url: webauthn_update_multifactor_auth_url(token: current_user.confirmation_token)) + @otp_verification_url = otp_verification_url + setup_webauthn_authentication(form_url: webauthn_verification_url) create_new_mfa_expiry @@ -52,24 +55,17 @@ def update end def otp_update - if current_user.ui_mfa_verified?(params[:otp]) - update_level_and_redirect - else - redirect_to edit_settings_path, flash: { error: t("multifactor_auths.incorrect_otp") } - end + update_level_and_redirect end def webauthn_update @user = current_user - unless @user.webauthn_enabled? - redirect_to edit_settings_path, flash: { error: t("multifactor_auths.require_webauthn_enabled") } - return - end + return mfa_failure(t("multifactor_auths.require_webauthn_enabled")) unless @user.webauthn_enabled? if webauthn_credential_verified? update_level_and_redirect else - redirect_to edit_settings_path, flash: { error: @webauthn_error } + mfa_failure(@webauthn_error) end end @@ -162,9 +158,26 @@ def verify_session_expiration redirect_to edit_settings_path, flash: { error: t("multifactor_auths.session_expired") } end + def find_mfa_user + @user = current_user + end + def delete_mfa_level_update_session_variables session.delete(:level) session.delete(:webauthn_authentication) delete_mfa_expiry_session end + + def mfa_failure(message) + delete_mfa_level_update_session_variables + redirect_to edit_settings_path, flash: { error: message } + end + + def otp_verification_url + otp_update_multifactor_auth_url(token: current_user.confirmation_token) + end + + def webauthn_verification_url + setup_webauthn_authentication(form_url: webauthn_update_multifactor_auth_url(token: current_user.confirmation_token)) + end end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 02758088cf8..5bac53a157f 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -1,5 +1,6 @@ class PasswordsController < ApplicationController include MfaExpiryMethods + include RequireMfa include WebauthnVerifiable include SessionVerifiable @@ -8,7 +9,7 @@ class PasswordsController < ApplicationController before_action :validate_confirmation_token, only: %i[edit otp_edit webauthn_edit] before_action :session_expired_failure, only: %i[otp_edit webauthn_edit], unless: :mfa_session_active? before_action :webauthn_failure, only: %i[webauthn_edit], unless: :webauthn_credential_verified? - before_action :otp_failure, only: %i[otp_edit], unless: :otp_edit_conditions_met? + before_action :validate_otp, only: %i[otp_edit] after_action :delete_mfa_expiry_session, only: %i[otp_edit webauthn_edit] verify_session_before only: %i[update] @@ -18,8 +19,8 @@ def new def edit if @user.mfa_enabled? - @otp_verification_url = otp_edit_password_url(token: @user.confirmation_token) - setup_webauthn_authentication(form_url: webauthn_edit_password_url(token: @user.confirmation_token)) + @otp_verification_url = otp_verification_url + setup_webauthn_authentication(form_url: webauthn_verification_url) create_new_mfa_expiry @@ -90,19 +91,28 @@ def validate_confirmation_token redirect_to root_path, alert: t("passwords.edit.token_failure") unless @user&.valid_confirmation_token? end - def otp_edit_conditions_met? = @user.mfa_enabled? && @user.ui_mfa_verified?(params[:otp]) && mfa_session_active? - def session_expired_failure = login_failure(t("multifactor_auths.session_expired")) def webauthn_failure = login_failure(@webauthn_error) - def otp_failure = login_failure(t("multifactor_auths.incorrect_otp")) def login_failure(message) flash.now.alert = message render template: "multifactor_auths/prompt", status: :unauthorized end + def mfa_failure(message) + login_failure(message) + end + def redirect_to_verify session[:redirect_uri] = verify_session_redirect_path redirect_to verify_session_path, alert: t("verification_expired") end + + def otp_verification_url + otp_edit_password_url(token: @user.confirmation_token) + end + + def webauthn_verification_url + webauthn_edit_password_url(token: @user.confirmation_token) + end end diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 6d8e75d7b18..a38fdcbb709 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,5 +1,6 @@ class SessionsController < Clearance::SessionsController include MfaExpiryMethods + include RequireMfa include WebauthnVerifiable include SessionVerifiable @@ -10,6 +11,7 @@ class SessionsController < Clearance::SessionsController before_action :ensure_not_blocked, only: %i[create] before_action :find_mfa_user, only: %i[webauthn_create otp_create] + before_action :validate_otp, only: %i[otp_create] after_action :delete_mfa_session, only: %i[webauthn_create webauthn_full_create otp_create] after_action :delete_session_verification, only: :destroy @@ -17,8 +19,8 @@ def create @user = find_user if @user&.mfa_enabled? - @otp_verification_url = otp_create_session_path - setup_webauthn_authentication(form_url: webauthn_create_session_path) + @otp_verification_url = otp_verification_url + setup_webauthn_authentication(form_url: webauthn_verification_url) session[:mfa_user] = @user.id session[:mfa_login_started_at] = Time.now.utc.to_s create_new_mfa_expiry @@ -30,7 +32,7 @@ def create end def webauthn_create - return login_failure(@webauthn_error) unless webauthn_credential_verified? + return mfa_failure(@webauthn_error) unless webauthn_credential_verified? record_mfa_login_duration(mfa_type: "webauthn") @@ -52,13 +54,8 @@ def webauthn_full_create end def otp_create - if login_conditions_met? - record_mfa_login_duration(mfa_type: "otp") - - do_login(two_factor_label: "OTP", two_factor_method: "otp", authentication_method: "password") - else - login_failure(t("multifactor_auths.incorrect_otp")) - end + record_mfa_login_duration(mfa_type: @mfa_method) + do_login(two_factor_label: @mfa_label, two_factor_method: @mfa_method, authentication_method: "password") end def verify @@ -124,6 +121,10 @@ def login_failure(message) render "sessions/new", status: :unauthorized end + def mfa_failure(message) + login_failure(message) + end + def find_user password = params.permit(session: :password).require(:session).fetch(:password, nil) User.authenticate(who, password) if password.is_a?(String) && who @@ -170,17 +171,6 @@ def ensure_not_blocked render template: "sessions/new", status: :unauthorized end - def login_conditions_met? - @user&.mfa_enabled? && @user&.ui_mfa_verified?(params[:otp]) && mfa_session_active? - end - - def delete_mfa_session - delete_mfa_expiry_session - session.delete(:webauthn_authentication) - session.delete(:mfa_login_started_at) - session.delete(:mfa_user) - end - def record_mfa_login_duration(mfa_type:) started_at = Time.zone.parse(session[:mfa_login_started_at]).utc duration = Time.now.utc - started_at @@ -203,4 +193,17 @@ def webauthn_new_setup def delete_session_verification session[:verified_user] = session[:verification] = nil end + + def otp_verification_url + otp_create_session_path + end + + def webauthn_verification_url + webauthn_create_session_path + end + + def incorrect_otp + delete_mfa_session + super + end end From f05c9d8ebce5eb7592d823c15c4fda4fd21fa6bc Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Mon, 3 Jun 2024 13:51:22 -0700 Subject: [PATCH 47/60] Unify WebAuthN validation (#4756) * validate_webauthn in session_controller * validate_webauthn in passwords_controller * validate_webauthn in email_confirmations_controller * validate_webauthn in multifactor_auths_controller --- app/controllers/concerns/require_mfa.rb | 12 ++++++++ .../email_confirmations_controller.rb | 8 +---- .../multifactor_auths_controller.rb | 29 ++++++++----------- app/controllers/passwords_controller.rb | 6 +--- app/controllers/sessions_controller.rb | 4 +-- test/functional/sessions_controller_test.rb | 8 +++-- 6 files changed, 33 insertions(+), 34 deletions(-) diff --git a/app/controllers/concerns/require_mfa.rb b/app/controllers/concerns/require_mfa.rb index 00dbc580d85..715821b49ef 100644 --- a/app/controllers/concerns/require_mfa.rb +++ b/app/controllers/concerns/require_mfa.rb @@ -13,6 +13,14 @@ def validate_otp(user = @user) @mfa_method = "otp" end + def validate_webauthn(user = @user) + return mfa_session_expired unless mfa_session_active? + return mfa_not_enabled unless user&.mfa_enabled? + return webauthn_failure unless webauthn_credential_verified? + @mfa_label = user_webauthn_credential.nickname + @mfa_method = "webauthn" + end + def mfa_session_expired invalidate_mfa_session(t("multifactor_auths.session_expired")) end @@ -24,6 +32,10 @@ def incorrect_otp mfa_failure(t("multifactor_auths.incorrect_otp")) end + def webauthn_failure + invalidate_mfa_session(@webauthn_error) + end + def invalidate_mfa_session(message) delete_mfa_session mfa_failure(message) diff --git a/app/controllers/email_confirmations_controller.rb b/app/controllers/email_confirmations_controller.rb index 9454ff2ac56..6a1c2d3beec 100644 --- a/app/controllers/email_confirmations_controller.rb +++ b/app/controllers/email_confirmations_controller.rb @@ -9,6 +9,7 @@ class EmailConfirmationsController < ApplicationController before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?, only: :unconfirmed before_action :validate_confirmation_token, only: %i[update otp_update webauthn_update] before_action :validate_otp, only: :otp_update + before_action :validate_webauthn, only: :webauthn_update after_action :delete_mfa_expiry_session, only: %i[otp_update webauthn_update] def new @@ -43,13 +44,6 @@ def otp_update end def webauthn_update - unless mfa_session_active? - login_failure(t("multifactor_auths.session_expired")) - return - end - - return login_failure(@webauthn_error) unless webauthn_credential_verified? - confirm_email end diff --git a/app/controllers/multifactor_auths_controller.rb b/app/controllers/multifactor_auths_controller.rb index adcba718a1c..84a4822de87 100644 --- a/app/controllers/multifactor_auths_controller.rb +++ b/app/controllers/multifactor_auths_controller.rb @@ -8,9 +8,10 @@ class MultifactorAuthsController < ApplicationController before_action :require_mfa_enabled, only: %i[update otp_update] before_action :require_totp_enabled, only: :destroy before_action :seed_and_expire, only: :create - before_action :verify_session_expiration, only: %i[webauthn_update] - before_action :find_mfa_user, only: %i[otp_update] + before_action :find_mfa_user, only: %i[otp_update webauthn_update] before_action :validate_otp, only: %i[otp_update] + before_action :require_webauthn_enabled, only: %i[webauthn_update] + before_action :validate_webauthn, only: %i[webauthn_update] before_action :disable_cache, only: %i[new recovery] after_action :delete_mfa_level_update_session_variables, only: %i[otp_update webauthn_update] helper_method :issuer @@ -59,14 +60,7 @@ def otp_update end def webauthn_update - @user = current_user - return mfa_failure(t("multifactor_auths.require_webauthn_enabled")) unless @user.webauthn_enabled? - - if webauthn_credential_verified? - update_level_and_redirect - else - mfa_failure(@webauthn_error) - end + update_level_and_redirect end def destroy @@ -128,6 +122,14 @@ def require_totp_enabled redirect_to edit_settings_path end + def require_webauthn_enabled + return if current_user.webauthn_enabled? + + flash[:error] = t("multifactor_auths.require_webauthn_enabled") + delete_mfa_level_update_session_variables + redirect_to edit_settings_path + end + def seed_and_expire @seed = session.delete(:totp_seed) @expire = Time.at(session.delete(:totp_seed_expire) || 0).utc @@ -151,13 +153,6 @@ def handle_new_level_param end # rubocop:enable Rails/ActionControllerFlashBeforeRender - def verify_session_expiration - return if mfa_session_active? - - delete_mfa_level_update_session_variables - redirect_to edit_settings_path, flash: { error: t("multifactor_auths.session_expired") } - end - def find_mfa_user @user = current_user end diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 5bac53a157f..8ebc91bcbe2 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -7,9 +7,8 @@ class PasswordsController < ApplicationController before_action :ensure_email_present, only: %i[create] before_action :validate_confirmation_token, only: %i[edit otp_edit webauthn_edit] - before_action :session_expired_failure, only: %i[otp_edit webauthn_edit], unless: :mfa_session_active? - before_action :webauthn_failure, only: %i[webauthn_edit], unless: :webauthn_credential_verified? before_action :validate_otp, only: %i[otp_edit] + before_action :validate_webauthn, only: %i[webauthn_edit] after_action :delete_mfa_expiry_session, only: %i[otp_edit webauthn_edit] verify_session_before only: %i[update] @@ -91,9 +90,6 @@ def validate_confirmation_token redirect_to root_path, alert: t("passwords.edit.token_failure") unless @user&.valid_confirmation_token? end - def session_expired_failure = login_failure(t("multifactor_auths.session_expired")) - def webauthn_failure = login_failure(@webauthn_error) - def login_failure(message) flash.now.alert = message render template: "multifactor_auths/prompt", status: :unauthorized diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index a38fdcbb709..c7bda56b795 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -12,6 +12,7 @@ class SessionsController < Clearance::SessionsController before_action :ensure_not_blocked, only: %i[create] before_action :find_mfa_user, only: %i[webauthn_create otp_create] before_action :validate_otp, only: %i[otp_create] + before_action :validate_webauthn, only: %i[webauthn_create] after_action :delete_mfa_session, only: %i[webauthn_create webauthn_full_create otp_create] after_action :delete_session_verification, only: :destroy @@ -32,10 +33,7 @@ def create end def webauthn_create - return mfa_failure(@webauthn_error) unless webauthn_credential_verified? - record_mfa_login_duration(mfa_type: "webauthn") - do_login(two_factor_label: user_webauthn_credential.nickname, two_factor_method: "webauthn", authentication_method: "password") end diff --git a/test/functional/sessions_controller_test.rb b/test/functional/sessions_controller_test.rb index 485f5085ec8..7a2af561d8f 100644 --- a/test/functional/sessions_controller_test.rb +++ b/test/functional/sessions_controller_test.rb @@ -600,6 +600,7 @@ class SessionsControllerTest < ActionController::TestCase context "when not providing credentials" do setup do + @existing_webauthn = @controller.session[:webauthn_authentication] post( :webauthn_create, format: :html @@ -614,18 +615,20 @@ class SessionsControllerTest < ActionController::TestCase should "render sign in page" do assert_template "sessions/new" + refute_nil @controller.session[:webauthn_authentication] + refute_equal @existing_webauthn, @controller.session[:webauthn_authentication] end should "clear session" do assert_nil @controller.session[:mfa_expires_at] assert_nil @controller.session[:mfa_login_started_at] assert_nil @controller.session[:mfa_user] - assert_nil @controller.session[:webauthn_authentication] end end context "when providing wrong credentials" do setup do + @existing_webauthn = @controller.session[:webauthn_authentication] @wrong_challenge = SecureRandom.hex post( :webauthn_create, @@ -648,13 +651,14 @@ class SessionsControllerTest < ActionController::TestCase should "render sign in page" do assert_template "sessions/new" + refute_nil @controller.session[:webauthn_authentication] + refute_equal @existing_webauthn, @controller.session[:webauthn_authentication] end should "clear session" do assert_nil @controller.session[:mfa_expires_at] assert_nil @controller.session[:mfa_login_started_at] assert_nil @controller.session[:mfa_user] - assert_nil @controller.session[:webauthn_authentication] end end From 4ea30bc0e6d76282bef14b8bec4f8c91236c919c Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Mon, 3 Jun 2024 20:30:18 -0700 Subject: [PATCH 48/60] Unify initialization of MFA (#4757) * initialize_mfa * prompt_mfa renders multifactor_auths/prompt * require_mfa abstracts initialize_mfa + prompt_mfa --- app/controllers/concerns/require_mfa.rb | 21 +++++++++++++++++++ .../email_confirmations_controller.rb | 12 ++--------- .../multifactor_auths_controller.rb | 12 +++-------- app/controllers/passwords_controller.rb | 16 ++++---------- app/controllers/sessions_controller.rb | 18 ++++------------ 5 files changed, 34 insertions(+), 45 deletions(-) diff --git a/app/controllers/concerns/require_mfa.rb b/app/controllers/concerns/require_mfa.rb index 715821b49ef..810eed8565a 100644 --- a/app/controllers/concerns/require_mfa.rb +++ b/app/controllers/concerns/require_mfa.rb @@ -1,6 +1,27 @@ module RequireMfa extend ActiveSupport::Concern + def require_mfa(user = @user) + return unless user&.mfa_enabled? + initialize_mfa(user) + prompt_mfa + end + + # Call initialize_mfa once at the start of the MFA flow for a user (after login, after reset token verified). + def initialize_mfa(user = @user) + delete_mfa_session + create_new_mfa_expiry + session[:mfa_login_started_at] = Time.now.utc.to_s + session[:mfa_user] = user.id + end + + def prompt_mfa(alert: nil, status: :ok) + @otp_verification_url = otp_verification_url + setup_webauthn_authentication form_url: webauthn_verification_url + flash.now.alert = alert if alert + render template: "multifactor_auths/prompt", status: + end + def otp_param params.permit(:otp).fetch(:otp, "") end diff --git a/app/controllers/email_confirmations_controller.rb b/app/controllers/email_confirmations_controller.rb index 6a1c2d3beec..223deb8ced0 100644 --- a/app/controllers/email_confirmations_controller.rb +++ b/app/controllers/email_confirmations_controller.rb @@ -8,6 +8,7 @@ class EmailConfirmationsController < ApplicationController before_action :redirect_to_new_mfa, if: :mfa_required_not_yet_enabled?, only: :unconfirmed before_action :redirect_to_settings_strong_mfa_required, if: :mfa_required_weak_level_enabled?, only: :unconfirmed before_action :validate_confirmation_token, only: %i[update otp_update webauthn_update] + before_action :require_mfa, only: %i[update] before_action :validate_otp, only: :otp_update before_action :validate_webauthn, only: :webauthn_update after_action :delete_mfa_expiry_session, only: %i[otp_update webauthn_update] @@ -27,16 +28,7 @@ def create end def update - if @user.mfa_enabled? - @otp_verification_url = otp_verification_url - setup_webauthn_authentication(form_url: webauthn_verification_url) - - create_new_mfa_expiry - - render template: "multifactor_auths/prompt" - else - confirm_email - end + confirm_email end def otp_update diff --git a/app/controllers/multifactor_auths_controller.rb b/app/controllers/multifactor_auths_controller.rb index 84a4822de87..3d4c73ad2aa 100644 --- a/app/controllers/multifactor_auths_controller.rb +++ b/app/controllers/multifactor_auths_controller.rb @@ -8,7 +8,7 @@ class MultifactorAuthsController < ApplicationController before_action :require_mfa_enabled, only: %i[update otp_update] before_action :require_totp_enabled, only: :destroy before_action :seed_and_expire, only: :create - before_action :find_mfa_user, only: %i[otp_update webauthn_update] + before_action :find_mfa_user, only: %i[update otp_update webauthn_update] before_action :validate_otp, only: %i[otp_update] before_action :require_webauthn_enabled, only: %i[webauthn_update] before_action :validate_webauthn, only: %i[webauthn_update] @@ -44,15 +44,9 @@ def create end def update + initialize_mfa(@user) session[:level] = level_param - @user = current_user - - @otp_verification_url = otp_verification_url - setup_webauthn_authentication(form_url: webauthn_verification_url) - - create_new_mfa_expiry - - render template: "multifactor_auths/prompt" + prompt_mfa end def otp_update diff --git a/app/controllers/passwords_controller.rb b/app/controllers/passwords_controller.rb index 8ebc91bcbe2..f4e874ba411 100644 --- a/app/controllers/passwords_controller.rb +++ b/app/controllers/passwords_controller.rb @@ -7,6 +7,7 @@ class PasswordsController < ApplicationController before_action :ensure_email_present, only: %i[create] before_action :validate_confirmation_token, only: %i[edit otp_edit webauthn_edit] + before_action :require_mfa, only: %i[edit] before_action :validate_otp, only: %i[otp_edit] before_action :validate_webauthn, only: %i[webauthn_edit] after_action :delete_mfa_expiry_session, only: %i[otp_edit webauthn_edit] @@ -17,18 +18,9 @@ def new end def edit - if @user.mfa_enabled? - @otp_verification_url = otp_verification_url - setup_webauthn_authentication(form_url: webauthn_verification_url) - - create_new_mfa_expiry - - render template: "multifactor_auths/prompt" - else - # When user doesn't have mfa, a valid token is a full "magic link" sign in. - verified_sign_in - render :edit - end + # When user doesn't have mfa, a valid token is a full "magic link" sign in. + verified_sign_in + render :edit end def create diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index c7bda56b795..93e57a4ff63 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -10,6 +10,8 @@ class SessionsController < Clearance::SessionsController before_action :webauthn_new_setup, only: :new before_action :ensure_not_blocked, only: %i[create] + before_action :find_user, only: %i[create] + before_action :require_mfa, only: %i[create] before_action :find_mfa_user, only: %i[webauthn_create otp_create] before_action :validate_otp, only: %i[otp_create] before_action :validate_webauthn, only: %i[webauthn_create] @@ -17,19 +19,7 @@ class SessionsController < Clearance::SessionsController after_action :delete_session_verification, only: :destroy def create - @user = find_user - - if @user&.mfa_enabled? - @otp_verification_url = otp_verification_url - setup_webauthn_authentication(form_url: webauthn_verification_url) - session[:mfa_user] = @user.id - session[:mfa_login_started_at] = Time.now.utc.to_s - create_new_mfa_expiry - - render "multifactor_auths/prompt" - else - do_login(two_factor_label: nil, two_factor_method: nil, authentication_method: "password") - end + do_login(two_factor_label: nil, two_factor_method: nil, authentication_method: "password") end def webauthn_create @@ -125,7 +115,7 @@ def mfa_failure(message) def find_user password = params.permit(session: :password).require(:session).fetch(:password, nil) - User.authenticate(who, password) if password.is_a?(String) && who + @user = User.authenticate(who, password) if password.is_a?(String) && who end def find_mfa_user From d1e71eeb6ad02b0505af5d7d7d019dcb1498994b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 22:39:58 +0000 Subject: [PATCH 49/60] Bump actiontext from 7.1.3.2 to 7.1.3.4 Bumps [actiontext](https://github.com/rails/rails) from 7.1.3.2 to 7.1.3.4. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actiontext/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v7.1.3.2...v7.1.3.4) --- updated-dependencies: - dependency-name: actiontext dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 136 +++++++++++++++++++++++++-------------------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 25efe43c981..8898afcaee1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,35 +1,35 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.3.2) - actionpack (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.3.2) - actionview (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -37,15 +37,15 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.2) - actionpack (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.2) - activesupport (= 7.1.3.2) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) @@ -53,22 +53,22 @@ GEM active_link_to (1.0.5) actionpack addressable - activejob (7.1.3.2) - activesupport (= 7.1.3.2) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.3.6) - activemodel (7.1.3.2) - activesupport (= 7.1.3.2) - activerecord (7.1.3.2) - activemodel (= 7.1.3.2) - activesupport (= 7.1.3.2) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) timeout (>= 0.4.0) - activestorage (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activesupport (= 7.1.3.2) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) marcel (~> 1.0) - activesupport (7.1.3.2) + activesupport (7.1.3.4) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -391,7 +391,7 @@ GEM method_source (1.1.0) mini_histogram (0.3.1) mini_mime (1.1.5) - mini_portile2 (2.8.6) + mini_portile2 (2.8.7) minitest (5.23.1) minitest-gcstats (1.3.1) minitest (~> 5.0) @@ -525,20 +525,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.3.2) - actioncable (= 7.1.3.2) - actionmailbox (= 7.1.3.2) - actionmailer (= 7.1.3.2) - actionpack (= 7.1.3.2) - actiontext (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activemodel (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) bundler (>= 1.15.0) - railties (= 7.1.3.2) + railties (= 7.1.3.4) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -562,9 +562,9 @@ GEM rack railties (>= 5.1) semantic_logger (~> 4.13) - railties (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) irb rackup (>= 1.0.0) rake (>= 12.2) @@ -873,18 +873,18 @@ DEPENDENCIES xml-simple (~> 1.1) CHECKSUMS - actioncable (7.1.3.2) sha256=e162ce4094368e86237cbf8345cc78c2c7cf1fddaf5d8aacf86428d32cf9d145 - actionmailbox (7.1.3.2) sha256=2493fe676720b6f82a7f0c0396b7ebc41e08ca2abbf5e9c3c9cd11f68bb3b8a9 - actionmailer (7.1.3.2) sha256=dab3ad5df3053c24e68c96d88394a3d9d45090dbd3f0c9b2d68b43d78aed5504 - actionpack (7.1.3.2) sha256=b8f958d5d77e17b0fcbcd21f03eedac0405b0bf17421479be38529cf4a263b58 - actiontext (7.1.3.2) sha256=ece807199490521c8d7c8048899fdd110951073c04bf38883b6d3193bcd3c52a - actionview (7.1.3.2) sha256=369b1a33764017d017623622a33b6be007c7c0de3d1a4f1e9676466e3b5909cf + actioncable (7.1.3.4) sha256=787ba8651caaa93d5c161f0d1110105300974be65e89483071146fc42d4bd310 + actionmailbox (7.1.3.4) sha256=a3fd3019a44597e49ae18b4ed5c68e0f21c1d1b389bbcc10be357e205a83cad0 + actionmailer (7.1.3.4) sha256=1f196096740587b08ef935db8a672971f448cadb8299e3d9a7bc24088a2a0351 + actionpack (7.1.3.4) sha256=dcafc71bec6a975c3984a1ed8e698e2f9afeeb441c838766c16c29633705edd2 + actiontext (7.1.3.4) sha256=84964dae95a3c99819d42641084f21e28de502fcefa6efb9df3805d6c439b784 + actionview (7.1.3.4) sha256=41fcf5242dec11e100a0ba3d3717612c6534e8571c8a290a5b2a950aa58b615b active_link_to (1.0.5) sha256=4830847b3d14589df1e9fc62038ceec015257fce975ec1c2a77836c461b139ba - activejob (7.1.3.2) sha256=d2a90501e8b8697eac541c1cf9aa23ac330d40dc4f5b7fb87cdf17d336f7f221 - activemodel (7.1.3.2) sha256=108e5262f96333c694e0fdba0209de5beeec1084b9a947940c259450f45d715c - activerecord (7.1.3.2) sha256=4872900c3340948e2fc92ea08397034eaacd8cec1760ed7704975a116cc78173 - activestorage (7.1.3.2) sha256=283777f15a5ae2519ccf2a573968fa7afaea02d24b90cd6e0c23f77331069727 - activesupport (7.1.3.2) sha256=ad8445b7ae4a6d3acc5f88c8c5f437eb0b54062032aaf44856c7b6d3855b8b2e + activejob (7.1.3.4) sha256=3f8aeef0fdfb2dd65f9a663828dbcc8ca187e70ef0c5a773c5fe4dd67e040f62 + activemodel (7.1.3.4) sha256=f4c838ea76dfca8967e433ac89603342ae20b65dd61366e62f07120a08e1ad72 + activerecord (7.1.3.4) sha256=784eeca4d6f23391d445552d6675a47c594555361c3b042108d29f0c7b9230f2 + activestorage (7.1.3.4) sha256=f2020ea0a77e105e480a9a15251c91d615eecb4b28a1a80968d6fb6a5dcb0a2e + activesupport (7.1.3.4) sha256=455bbc43d82e5ba20daa25f0888b80c9f7e2d80ca0cc96cea3e6acfec3e40309 addressable (2.8.6) sha256=798f6af3556641a7619bad1dce04cdb6eb44b0216a991b0396ea7339276f2b47 aes_key_wrap (1.1.0) sha256=b935f4756b37375895db45669e79dfcdc0f7901e12d4e08974d5540c8e0776a5 aggregate_assertions (0.2.0) sha256=9bc51a48323a8e7b82f47cc38d48132817247345e5a8713686c9d65b25daca9e @@ -1015,7 +1015,7 @@ CHECKSUMS method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5 mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94 mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef - mini_portile2 (2.8.6) sha256=4e2ab09b924906fd42c0b6eb72816db6a435d0404e9cbdcc5d722c133b493991 + mini_portile2 (2.8.7) sha256=13eef5ab459bbfd33d61e539564ec25a9c2cf593b0a5ea6d4d7ef8c19b162ee0 minitest (5.23.1) sha256=f1e8f8d6ffd96fb17339ce50768bcbbdbbadff5073cb9583d084403877a77abe minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 @@ -1072,14 +1072,14 @@ CHECKSUMS rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb rack-utf8_sanitizer (1.9.1) sha256=6414b70172f5678e23044abf1d00f6a32e62a335507c9548bc5caf9e3bff6da0 rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d - rails (7.1.3.2) sha256=2d787a65e87b70ee65f9d1cb644aaa5bb80eea12298982f474da949772c1bfa0 + rails (7.1.3.4) sha256=3a7fca9df74ee641dc1e89b8302ac6d03f22883de771e786a0e9f3094e5aa6ad rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94 rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369 rails_semantic_logger (4.14.0) sha256=738ca601d544108765bb0c9ea45d5ef7967777fecc5bba83bc9c2d86ac4a127f - railties (7.1.3.2) sha256=59fcd55cbfb90044ea4c3e9fdea2cf5687385c138cacc4a258a46508b7d36510 + railties (7.1.3.4) sha256=6c6049f3a788669d94f95c7bf6378204ae94098567cc25237e3c73dac4a21afc rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe From dbcf3432b6547e41ad392623319ebdbf4964a6fb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 22:41:21 +0000 Subject: [PATCH 50/60] Bump actionpack from 7.1.3.2 to 7.1.3.4 Bumps [actionpack](https://github.com/rails/rails) from 7.1.3.2 to 7.1.3.4. - [Release notes](https://github.com/rails/rails/releases) - [Changelog](https://github.com/rails/rails/blob/v7.1.3.4/actionpack/CHANGELOG.md) - [Commits](https://github.com/rails/rails/compare/v7.1.3.2...v7.1.3.4) --- updated-dependencies: - dependency-name: actionpack dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 136 +++++++++++++++++++++++++-------------------------- 1 file changed, 68 insertions(+), 68 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 25efe43c981..8898afcaee1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,35 +1,35 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.1.3.2) - actionpack (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp rails-dom-testing (~> 2.2) - actionpack (7.1.3.2) - actionview (= 7.1.3.2) - activesupport (= 7.1.3.2) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) nokogiri (>= 1.8.5) racc rack (>= 2.2.4) @@ -37,15 +37,15 @@ GEM rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - actiontext (7.1.3.2) - actionpack (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.1.3.2) - activesupport (= 7.1.3.2) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) @@ -53,22 +53,22 @@ GEM active_link_to (1.0.5) actionpack addressable - activejob (7.1.3.2) - activesupport (= 7.1.3.2) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.3.6) - activemodel (7.1.3.2) - activesupport (= 7.1.3.2) - activerecord (7.1.3.2) - activemodel (= 7.1.3.2) - activesupport (= 7.1.3.2) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) timeout (>= 0.4.0) - activestorage (7.1.3.2) - actionpack (= 7.1.3.2) - activejob (= 7.1.3.2) - activerecord (= 7.1.3.2) - activesupport (= 7.1.3.2) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) marcel (~> 1.0) - activesupport (7.1.3.2) + activesupport (7.1.3.4) base64 bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) @@ -391,7 +391,7 @@ GEM method_source (1.1.0) mini_histogram (0.3.1) mini_mime (1.1.5) - mini_portile2 (2.8.6) + mini_portile2 (2.8.7) minitest (5.23.1) minitest-gcstats (1.3.1) minitest (~> 5.0) @@ -525,20 +525,20 @@ GEM rackup (2.1.0) rack (>= 3) webrick (~> 1.8) - rails (7.1.3.2) - actioncable (= 7.1.3.2) - actionmailbox (= 7.1.3.2) - actionmailer (= 7.1.3.2) - actionpack (= 7.1.3.2) - actiontext (= 7.1.3.2) - actionview (= 7.1.3.2) - activejob (= 7.1.3.2) - activemodel (= 7.1.3.2) - activerecord (= 7.1.3.2) - activestorage (= 7.1.3.2) - activesupport (= 7.1.3.2) + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) bundler (>= 1.15.0) - railties (= 7.1.3.2) + railties (= 7.1.3.4) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -562,9 +562,9 @@ GEM rack railties (>= 5.1) semantic_logger (~> 4.13) - railties (7.1.3.2) - actionpack (= 7.1.3.2) - activesupport (= 7.1.3.2) + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) irb rackup (>= 1.0.0) rake (>= 12.2) @@ -873,18 +873,18 @@ DEPENDENCIES xml-simple (~> 1.1) CHECKSUMS - actioncable (7.1.3.2) sha256=e162ce4094368e86237cbf8345cc78c2c7cf1fddaf5d8aacf86428d32cf9d145 - actionmailbox (7.1.3.2) sha256=2493fe676720b6f82a7f0c0396b7ebc41e08ca2abbf5e9c3c9cd11f68bb3b8a9 - actionmailer (7.1.3.2) sha256=dab3ad5df3053c24e68c96d88394a3d9d45090dbd3f0c9b2d68b43d78aed5504 - actionpack (7.1.3.2) sha256=b8f958d5d77e17b0fcbcd21f03eedac0405b0bf17421479be38529cf4a263b58 - actiontext (7.1.3.2) sha256=ece807199490521c8d7c8048899fdd110951073c04bf38883b6d3193bcd3c52a - actionview (7.1.3.2) sha256=369b1a33764017d017623622a33b6be007c7c0de3d1a4f1e9676466e3b5909cf + actioncable (7.1.3.4) sha256=787ba8651caaa93d5c161f0d1110105300974be65e89483071146fc42d4bd310 + actionmailbox (7.1.3.4) sha256=a3fd3019a44597e49ae18b4ed5c68e0f21c1d1b389bbcc10be357e205a83cad0 + actionmailer (7.1.3.4) sha256=1f196096740587b08ef935db8a672971f448cadb8299e3d9a7bc24088a2a0351 + actionpack (7.1.3.4) sha256=dcafc71bec6a975c3984a1ed8e698e2f9afeeb441c838766c16c29633705edd2 + actiontext (7.1.3.4) sha256=84964dae95a3c99819d42641084f21e28de502fcefa6efb9df3805d6c439b784 + actionview (7.1.3.4) sha256=41fcf5242dec11e100a0ba3d3717612c6534e8571c8a290a5b2a950aa58b615b active_link_to (1.0.5) sha256=4830847b3d14589df1e9fc62038ceec015257fce975ec1c2a77836c461b139ba - activejob (7.1.3.2) sha256=d2a90501e8b8697eac541c1cf9aa23ac330d40dc4f5b7fb87cdf17d336f7f221 - activemodel (7.1.3.2) sha256=108e5262f96333c694e0fdba0209de5beeec1084b9a947940c259450f45d715c - activerecord (7.1.3.2) sha256=4872900c3340948e2fc92ea08397034eaacd8cec1760ed7704975a116cc78173 - activestorage (7.1.3.2) sha256=283777f15a5ae2519ccf2a573968fa7afaea02d24b90cd6e0c23f77331069727 - activesupport (7.1.3.2) sha256=ad8445b7ae4a6d3acc5f88c8c5f437eb0b54062032aaf44856c7b6d3855b8b2e + activejob (7.1.3.4) sha256=3f8aeef0fdfb2dd65f9a663828dbcc8ca187e70ef0c5a773c5fe4dd67e040f62 + activemodel (7.1.3.4) sha256=f4c838ea76dfca8967e433ac89603342ae20b65dd61366e62f07120a08e1ad72 + activerecord (7.1.3.4) sha256=784eeca4d6f23391d445552d6675a47c594555361c3b042108d29f0c7b9230f2 + activestorage (7.1.3.4) sha256=f2020ea0a77e105e480a9a15251c91d615eecb4b28a1a80968d6fb6a5dcb0a2e + activesupport (7.1.3.4) sha256=455bbc43d82e5ba20daa25f0888b80c9f7e2d80ca0cc96cea3e6acfec3e40309 addressable (2.8.6) sha256=798f6af3556641a7619bad1dce04cdb6eb44b0216a991b0396ea7339276f2b47 aes_key_wrap (1.1.0) sha256=b935f4756b37375895db45669e79dfcdc0f7901e12d4e08974d5540c8e0776a5 aggregate_assertions (0.2.0) sha256=9bc51a48323a8e7b82f47cc38d48132817247345e5a8713686c9d65b25daca9e @@ -1015,7 +1015,7 @@ CHECKSUMS method_source (1.1.0) sha256=181301c9c45b731b4769bc81e8860e72f9161ad7d66dd99103c9ab84f560f5c5 mini_histogram (0.3.1) sha256=6a114b504e4618b0e076cc672996036870f7cc6f16b8e5c25c0c637726d2dd94 mini_mime (1.1.5) sha256=8681b7e2e4215f2a159f9400b5816d85e9d8c6c6b491e96a12797e798f8bccef - mini_portile2 (2.8.6) sha256=4e2ab09b924906fd42c0b6eb72816db6a435d0404e9cbdcc5d722c133b493991 + mini_portile2 (2.8.7) sha256=13eef5ab459bbfd33d61e539564ec25a9c2cf593b0a5ea6d4d7ef8c19b162ee0 minitest (5.23.1) sha256=f1e8f8d6ffd96fb17339ce50768bcbbdbbadff5073cb9583d084403877a77abe minitest-gcstats (1.3.1) sha256=cb25490f93aac02e3a5ff307e560d41afcdcafa7952c1c32efdeb9886b1f4711 minitest-reporters (1.6.1) sha256=f8fe74e46ab40dada29402f55ca236368d0af65afc410db4219189b7a1c0fc38 @@ -1072,14 +1072,14 @@ CHECKSUMS rack-test (2.1.0) sha256=0c61fc61904049d691922ea4bb99e28004ed3f43aa5cfd495024cc345f125dfb rack-utf8_sanitizer (1.9.1) sha256=6414b70172f5678e23044abf1d00f6a32e62a335507c9548bc5caf9e3bff6da0 rackup (2.1.0) sha256=6ecb884a581990332e45ee17bdfdc14ccbee46c2f710ae1566019907869a6c4d - rails (7.1.3.2) sha256=2d787a65e87b70ee65f9d1cb644aaa5bb80eea12298982f474da949772c1bfa0 + rails (7.1.3.4) sha256=3a7fca9df74ee641dc1e89b8302ac6d03f22883de771e786a0e9f3094e5aa6ad rails-controller-testing (1.0.5) sha256=741448db59366073e86fc965ba403f881c636b79a2c39a48d0486f2607182e94 rails-dom-testing (2.2.0) sha256=e515712e48df1f687a1d7c380fd7b07b8558faa26464474da64183a7426fa93b rails-erd (1.7.2) sha256=0b17d0fba25d319d8da8af7a3e5e2149d02d6187cc7351e8be43423f07c48bcd rails-html-sanitizer (1.6.0) sha256=86e9f19d2e6748890dcc2633c8945ca45baa08a1df9d8c215ce17b3b0afaa4de rails-i18n (7.0.9) sha256=c184db80a7c7bf21c14e0e400fe9e27c4c20312f019aaff5b364a82858dc1369 rails_semantic_logger (4.14.0) sha256=738ca601d544108765bb0c9ea45d5ef7967777fecc5bba83bc9c2d86ac4a127f - railties (7.1.3.2) sha256=59fcd55cbfb90044ea4c3e9fdea2cf5687385c138cacc4a258a46508b7d36510 + railties (7.1.3.4) sha256=6c6049f3a788669d94f95c7bf6378204ae94098567cc25237e3c73dac4a21afc rainbow (3.1.1) sha256=039491aa3a89f42efa1d6dec2fc4e62ede96eb6acd95e52f1ad581182b79bc6a rake (13.2.1) sha256=46cb38dae65d7d74b6020a4ac9d48afed8eb8149c040eccf0523bec91907059d rb-fsevent (0.11.2) sha256=43900b972e7301d6570f64b850a5aa67833ee7d87b458ee92805d56b7318aefe From 7d786d6ce8529dd0b20642256f2b55b407f6fca7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jun 2024 15:51:34 -0500 Subject: [PATCH 51/60] Bump user_agent_parser from 2.17.0 to 2.18.0 (#4763) Bumps [user_agent_parser](https://github.com/ua-parser/uap-ruby) from 2.17.0 to 2.18.0. - [Release notes](https://github.com/ua-parser/uap-ruby/releases) - [Changelog](https://github.com/ua-parser/uap-ruby/blob/main/CHANGELOG.md) - [Commits](https://github.com/ua-parser/uap-ruby/compare/v2.17.0...v2.18.0) --- updated-dependencies: - dependency-name: user_agent_parser dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Gemfile | 2 +- Gemfile.lock | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 916759c8f92..af269e9232e 100644 --- a/Gemfile +++ b/Gemfile @@ -56,7 +56,7 @@ gem "maintenance_tasks", "~> 2.7" gem "strong_migrations", "~> 1.8" gem "phlex-rails", "~> 1.2" gem "discard", "~> 1.3" -gem "user_agent_parser", "~> 2.17" +gem "user_agent_parser", "~> 2.18" gem "pghero", "~> 3.5" # Admin dashboard diff --git a/Gemfile.lock b/Gemfile.lock index 8898afcaee1..c89e64ae8a6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -719,7 +719,7 @@ GEM bloomer (~> 1.0) pwned (~> 2.0) uri (0.13.0) - user_agent_parser (2.17.0) + user_agent_parser (2.18.0) validate_url (1.0.15) activemodel (>= 3.0.0) public_suffix @@ -865,7 +865,7 @@ DEPENDENCIES terser (~> 1.2) toxiproxy (~> 2.0) unpwn (~> 1.0) - user_agent_parser (~> 2.17) + user_agent_parser (~> 2.18) validates_formatting_of (~> 0.9) view_component (~> 3.12) webauthn (~> 3.1) @@ -1146,7 +1146,7 @@ CHECKSUMS unicode-display_width (2.5.0) sha256=7e7681dcade1add70cb9fda20dd77f300b8587c81ebbd165d14fd93144ff0ab4 unpwn (1.0.0) sha256=6239d17d46a882b3719b24fb79c78a34caff89d57ab0f5e546be5b5c882bc7d3 uri (0.13.0) sha256=26553c2a9399762e1e8bebd4444b4361c4b21298cf1c864b22eeabc9c4998f24 - user_agent_parser (2.17.0) sha256=2d61f58dceda00b3f6e65b557a35be36d10c277dc8405cfedce04a8e6a6ffde5 + user_agent_parser (2.18.0) sha256=aa943b91da8906cace7d3fe16b450c9d77b68f571485c11e577af97aecb25584 validate_url (1.0.15) sha256=72fe164c0713d63a9970bd6700bea948babbfbdcec392f2342b6704042f57451 validates_formatting_of (0.9.0) sha256=139590a4b87596dbfb04d93e897bd2e6d30fb849d04fab0343e71ed2ca856e7e version_gem (1.1.1) sha256=3c2da6ded29045ddcc0387e152dc634e1f0c490b7128dce0697ccc1cf0915b6c From f3cca8e78f64927a984240cc40da1621fac02262 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 5 Jun 2024 15:51:47 -0500 Subject: [PATCH 52/60] Bump github/codeql-action from 3.25.7 to 3.25.8 (#4764) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f079b8493333aace61c81488f8bd40919487bd9f...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/scorecards.yml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6649a87632c..4ca18820ffa 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,7 +45,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -58,7 +58,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/autobuild@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -71,6 +71,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 7da88d79ed5..3a7915ec098 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -67,6 +67,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 726882818f61c10fc784a2f1d20c1dcaff6fcc79 Mon Sep 17 00:00:00 2001 From: Martin Emde Date: Wed, 5 Jun 2024 14:49:17 -0700 Subject: [PATCH 53/60] Move Avo-related Pundit policies into Admin:: namespace (#4745) * Move all policies under Admin:: namespace * Add basic ApplicationPolicy for userland policies * Add hack around avo not using authorization_policy everywhere yet (fixed in Avo 3) --- .../resources/admin_github_user_resource.rb | 1 + .../show_component.rb | 2 +- app/policies/{ => admin}/api_key_policy.rb | 6 +- .../admin/api_key_rubygem_scope_policy.rb | 11 +++ app/policies/admin/application_policy.rb | 74 +++++++++++++++++++ app/policies/{ => admin}/audit_policy.rb | 4 +- .../concerns/policy_helpers.rb} | 6 +- app/policies/{ => admin}/deletion_policy.rb | 4 +- app/policies/admin/dependency_policy.rb | 11 +++ .../events/rubygem_event_policy.rb | 4 +- .../{ => admin}/events/user_event_policy.rb | 4 +- .../{ => admin}/gem_download_policy.rb | 4 +- .../gem_name_reservation_policy.rb | 4 +- .../{ => admin}/gem_typo_exception_policy.rb | 4 +- app/policies/{ => admin}/geoip_info_policy.rb | 4 +- app/policies/admin/github_user_policy.rb | 4 +- app/policies/{ => admin}/ip_address_policy.rb | 4 +- .../{ => admin}/link_verification_policy.rb | 4 +- app/policies/admin/linkset_policy.rb | 15 ++++ app/policies/{ => admin}/log_ticket_policy.rb | 4 +- .../maintenance_tasks/run_policy.rb | 4 +- .../{ => admin}/oidc/api_key_role_policy.rb | 4 +- .../{ => admin}/oidc/id_token_policy.rb | 4 +- .../oidc/pending_trusted_publisher_policy.rb | 4 +- .../{ => admin}/oidc/provider_policy.rb | 4 +- .../oidc/rubygem_trusted_publisher_policy.rb | 4 +- .../trusted_publisher/github_action_policy.rb | 4 +- app/policies/{ => admin}/ownership_policy.rb | 4 +- app/policies/{ => admin}/rubygem_policy.rb | 4 +- .../{ => admin}/sendgrid_event_policy.rb | 4 +- app/policies/{ => admin}/user_policy.rb | 4 +- app/policies/{ => admin}/version_policy.rb | 4 +- app/policies/{ => admin}/web_hook_policy.rb | 4 +- .../admin/webauthn_credential_policy.rb | 13 ++++ .../admin/webauthn_verification_policy.rb | 13 ++++ app/policies/api_key_rubygem_scope_policy.rb | 11 --- app/policies/application_policy.rb | 67 +++++++---------- app/policies/dependency_policy.rb | 11 --- app/policies/linkset_policy.rb | 15 ---- app/policies/webauthn_credential_policy.rb | 13 ---- app/policies/webauthn_verification_policy.rb | 13 ---- config/initializers/avo.rb | 2 +- lib/admin/authorization_client.rb | 42 +++++++++++ test/policies/admin/api_key_policy_test.rb | 41 ++++++++++ .../api_key_rubygem_scope_policy_test.rb | 42 +++++++++++ .../policies/{ => admin}/audit_policy_test.rb | 2 +- .../policies/{ => admin}/avo_policies_test.rb | 9 ++- test/policies/admin/deletion_policy_test.rb | 44 +++++++++++ .../{ => admin}/dependency_policy_test.rb | 2 +- .../events/rubygem_event_policy_test.rb | 2 +- .../events/user_event_policy_test.rb | 2 +- .../{ => admin}/gem_download_policy_test.rb | 2 +- .../admin/gem_name_reservation_policy_test.rb | 39 ++++++++++ .../admin/gem_typo_exception_policy_test.rb | 47 ++++++++++++ test/policies/admin/geoip_info_policy_test.rb | 44 +++++++++++ .../policies/admin/github_user_policy_test.rb | 32 ++++---- .../{ => admin}/ip_address_policy_test.rb | 2 +- .../admin/link_verification_policy_test.rb | 46 ++++++++++++ test/policies/admin/linkset_policy_test.rb | 43 +++++++++++ test/policies/admin/log_ticket_policy_test.rb | 42 +++++++++++ .../maintenance_tasks/run_policy_test.rb | 43 +++++++++++ .../admin/oidc/api_key_role_policy_test.rb | 46 ++++++++++++ .../admin/oidc/id_token_policy_test.rb | 44 +++++++++++ .../pending_trusted_publisher_policy_test.rb | 44 +++++++++++ .../admin/oidc/provider_policy_test.rb | 46 ++++++++++++ .../rubygem_trusted_publisher_policy_test.rb | 44 +++++++++++ .../github_action_policy_test.rb | 44 +++++++++++ test/policies/admin/ownership_policy_test.rb | 39 ++++++++++ test/policies/admin/rubygem_policy_test.rb | 28 +++++++ .../admin/sendgrid_event_policy_test.rb | 47 ++++++++++++ test/policies/{ => admin}/user_policy_test.rb | 6 +- .../{ => admin}/version_policy_test.rb | 2 +- test/policies/admin/web_hook_policy_test.rb | 48 ++++++++++++ .../admin/webauthn_credential_policy_test.rb | 42 +++++++++++ .../webauthn_verification_policy_test.rb | 42 +++++++++++ test/policies/api_key_policy_test.rb | 41 ---------- .../api_key_rubygem_scope_policy_test.rb | 41 ---------- test/policies/deletion_policy_test.rb | 42 ----------- .../gem_name_reservation_policy_test.rb | 39 ---------- .../gem_typo_exception_policy_test.rb | 42 ----------- test/policies/geoip_info_policy_test.rb | 42 ----------- .../policies/link_verification_policy_test.rb | 44 ----------- test/policies/linkset_policy_test.rb | 41 ---------- test/policies/log_ticket_policy_test.rb | 41 ---------- .../maintenance_tasks/run_policy_test.rb | 41 ---------- .../policies/oidc/api_key_role_policy_test.rb | 42 ----------- test/policies/oidc/id_token_policy_test.rb | 42 ----------- .../pending_trusted_publisher_policy_test.rb | 42 ----------- test/policies/oidc/provider_policy_test.rb | 42 ----------- .../rubygem_trusted_publisher_policy_test.rb | 42 ----------- .../github_action_policy_test.rb | 42 ----------- test/policies/ownership_policy_test.rb | 41 ---------- test/policies/rubygem_policy_test.rb | 18 ----- test/policies/sendgrid_event_policy_test.rb | 46 ------------ test/policies/web_hook_policy_test.rb | 46 ------------ .../webauthn_credential_policy_test.rb | 41 ---------- .../webauthn_verification_policy_test.rb | 41 ---------- test/system/avo/manual_changes_test.rb | 6 +- test/test_helper.rb | 35 +++++++++ 99 files changed, 1285 insertions(+), 1087 deletions(-) rename app/policies/{ => admin}/api_key_policy.rb (55%) create mode 100644 app/policies/admin/api_key_rubygem_scope_policy.rb create mode 100644 app/policies/admin/application_policy.rb rename app/policies/{ => admin}/audit_policy.rb (74%) rename app/policies/{concerns/admin_user.rb => admin/concerns/policy_helpers.rb} (70%) rename app/policies/{ => admin}/deletion_policy.rb (62%) create mode 100644 app/policies/admin/dependency_policy.rb rename app/policies/{ => admin}/events/rubygem_event_policy.rb (61%) rename app/policies/{ => admin}/events/user_event_policy.rb (62%) rename app/policies/{ => admin}/gem_download_policy.rb (62%) rename app/policies/{ => admin}/gem_name_reservation_policy.rb (68%) rename app/policies/{ => admin}/gem_typo_exception_policy.rb (73%) rename app/policies/{ => admin}/geoip_info_policy.rb (60%) rename app/policies/{ => admin}/ip_address_policy.rb (65%) rename app/policies/{ => admin}/link_verification_policy.rb (53%) create mode 100644 app/policies/admin/linkset_policy.rb rename app/policies/{ => admin}/log_ticket_policy.rb (58%) rename app/policies/{ => admin}/maintenance_tasks/run_policy.rb (55%) rename app/policies/{ => admin}/oidc/api_key_role_policy.rb (73%) rename app/policies/{ => admin}/oidc/id_token_policy.rb (66%) rename app/policies/{ => admin}/oidc/pending_trusted_publisher_policy.rb (60%) rename app/policies/{ => admin}/oidc/provider_policy.rb (71%) rename app/policies/{ => admin}/oidc/rubygem_trusted_publisher_policy.rb (60%) rename app/policies/{ => admin}/oidc/trusted_publisher/github_action_policy.rb (70%) rename app/policies/{ => admin}/ownership_policy.rb (57%) rename app/policies/{ => admin}/rubygem_policy.rb (88%) rename app/policies/{ => admin}/sendgrid_event_policy.rb (57%) rename app/policies/{ => admin}/user_policy.rb (88%) rename app/policies/{ => admin}/version_policy.rb (77%) rename app/policies/{ => admin}/web_hook_policy.rb (68%) create mode 100644 app/policies/admin/webauthn_credential_policy.rb create mode 100644 app/policies/admin/webauthn_verification_policy.rb delete mode 100644 app/policies/api_key_rubygem_scope_policy.rb delete mode 100644 app/policies/dependency_policy.rb delete mode 100644 app/policies/linkset_policy.rb delete mode 100644 app/policies/webauthn_credential_policy.rb delete mode 100644 app/policies/webauthn_verification_policy.rb create mode 100644 lib/admin/authorization_client.rb create mode 100644 test/policies/admin/api_key_policy_test.rb create mode 100644 test/policies/admin/api_key_rubygem_scope_policy_test.rb rename test/policies/{ => admin}/audit_policy_test.rb (74%) rename test/policies/{ => admin}/avo_policies_test.rb (74%) create mode 100644 test/policies/admin/deletion_policy_test.rb rename test/policies/{ => admin}/dependency_policy_test.rb (72%) rename test/policies/{ => admin}/events/rubygem_event_policy_test.rb (69%) rename test/policies/{ => admin}/events/user_event_policy_test.rb (70%) rename test/policies/{ => admin}/gem_download_policy_test.rb (72%) create mode 100644 test/policies/admin/gem_name_reservation_policy_test.rb create mode 100644 test/policies/admin/gem_typo_exception_policy_test.rb create mode 100644 test/policies/admin/geoip_info_policy_test.rb rename test/policies/{ => admin}/ip_address_policy_test.rb (73%) create mode 100644 test/policies/admin/link_verification_policy_test.rb create mode 100644 test/policies/admin/linkset_policy_test.rb create mode 100644 test/policies/admin/log_ticket_policy_test.rb create mode 100644 test/policies/admin/maintenance_tasks/run_policy_test.rb create mode 100644 test/policies/admin/oidc/api_key_role_policy_test.rb create mode 100644 test/policies/admin/oidc/id_token_policy_test.rb create mode 100644 test/policies/admin/oidc/pending_trusted_publisher_policy_test.rb create mode 100644 test/policies/admin/oidc/provider_policy_test.rb create mode 100644 test/policies/admin/oidc/rubygem_trusted_publisher_policy_test.rb create mode 100644 test/policies/admin/oidc/trusted_publisher/github_action_policy_test.rb create mode 100644 test/policies/admin/ownership_policy_test.rb create mode 100644 test/policies/admin/rubygem_policy_test.rb create mode 100644 test/policies/admin/sendgrid_event_policy_test.rb rename test/policies/{ => admin}/user_policy_test.rb (65%) rename test/policies/{ => admin}/version_policy_test.rb (73%) create mode 100644 test/policies/admin/web_hook_policy_test.rb create mode 100644 test/policies/admin/webauthn_credential_policy_test.rb create mode 100644 test/policies/admin/webauthn_verification_policy_test.rb delete mode 100644 test/policies/api_key_policy_test.rb delete mode 100644 test/policies/api_key_rubygem_scope_policy_test.rb delete mode 100644 test/policies/deletion_policy_test.rb delete mode 100644 test/policies/gem_name_reservation_policy_test.rb delete mode 100644 test/policies/gem_typo_exception_policy_test.rb delete mode 100644 test/policies/geoip_info_policy_test.rb delete mode 100644 test/policies/link_verification_policy_test.rb delete mode 100644 test/policies/linkset_policy_test.rb delete mode 100644 test/policies/log_ticket_policy_test.rb delete mode 100644 test/policies/maintenance_tasks/run_policy_test.rb delete mode 100644 test/policies/oidc/api_key_role_policy_test.rb delete mode 100644 test/policies/oidc/id_token_policy_test.rb delete mode 100644 test/policies/oidc/pending_trusted_publisher_policy_test.rb delete mode 100644 test/policies/oidc/provider_policy_test.rb delete mode 100644 test/policies/oidc/rubygem_trusted_publisher_policy_test.rb delete mode 100644 test/policies/oidc/trusted_publisher/github_action_policy_test.rb delete mode 100644 test/policies/ownership_policy_test.rb delete mode 100644 test/policies/rubygem_policy_test.rb delete mode 100644 test/policies/sendgrid_event_policy_test.rb delete mode 100644 test/policies/web_hook_policy_test.rb delete mode 100644 test/policies/webauthn_credential_policy_test.rb delete mode 100644 test/policies/webauthn_verification_policy_test.rb diff --git a/app/avo/resources/admin_github_user_resource.rb b/app/avo/resources/admin_github_user_resource.rb index d9a915f1af5..65a1e6c79e3 100644 --- a/app/avo/resources/admin_github_user_resource.rb +++ b/app/avo/resources/admin_github_user_resource.rb @@ -2,6 +2,7 @@ class AdminGitHubUserResource < Avo::BaseResource self.title = :login self.includes = [] self.model_class = ::Admin::GitHubUser + self.authorization_policy = ::Admin::GitHubUserPolicy self.search_query = lambda { scope.where("login LIKE ?", "%#{params[:q]}%") } diff --git a/app/components/avo/audited_changes_record_diff/show_component.rb b/app/components/avo/audited_changes_record_diff/show_component.rb index 15e30b6ca2a..e898fe4593f 100644 --- a/app/components/avo/audited_changes_record_diff/show_component.rb +++ b/app/components/avo/audited_changes_record_diff/show_component.rb @@ -64,7 +64,7 @@ def component_for_field(field, resource) end def authorized? - Pundit.policy!(user, resource.model).avo_show? + Pundit.policy!(user, [:admin, resource.model]).avo_show? end def title_link diff --git a/app/policies/api_key_policy.rb b/app/policies/admin/api_key_policy.rb similarity index 55% rename from app/policies/api_key_policy.rb rename to app/policies/admin/api_key_policy.rb index bea701cfbd8..d8d4499fc67 100644 --- a/app/policies/api_key_policy.rb +++ b/app/policies/admin/api_key_policy.rb @@ -1,5 +1,5 @@ -class ApiKeyPolicy < ApplicationPolicy - class Scope < Scope +class Admin::ApiKeyPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end @@ -10,6 +10,6 @@ def resolve has_association :oidc_id_token def avo_show? - Pundit.policy!(user, record.owner).avo_show? + policy!(user, record.owner).avo_show? end end diff --git a/app/policies/admin/api_key_rubygem_scope_policy.rb b/app/policies/admin/api_key_rubygem_scope_policy.rb new file mode 100644 index 00000000000..3bb6b6ebdf0 --- /dev/null +++ b/app/policies/admin/api_key_rubygem_scope_policy.rb @@ -0,0 +1,11 @@ +class Admin::ApiKeyRubygemScopePolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope + def resolve + scope.all + end + end + + def avo_show? + policy!(user, record.ownership).avo_show? + end +end diff --git a/app/policies/admin/application_policy.rb b/app/policies/admin/application_policy.rb new file mode 100644 index 00000000000..8ad2f0d4846 --- /dev/null +++ b/app/policies/admin/application_policy.rb @@ -0,0 +1,74 @@ +# frozen_string_literal: true + +class Admin::ApplicationPolicy + include Admin::Concerns::PolicyHelpers + include SemanticLogger::Loggable + + attr_reader :user, :record + + def initialize(user, record) + @user = user + @record = record + end + + def avo_index? + false + end + + def avo_show? + false + end + + def avo_create? + false + end + + def avo_new? + avo_create? + end + + def avo_update? + false + end + + def avo_edit? + avo_update? + end + + def avo_destroy? + false + end + + def avo_search? + avo_index? + end + + def act_on? + false + end + + def self.has_association(assocation) # rubocop:disable Naming/PredicateName + %w[create attach detach destroy edit].each do |action| + define_method(:"#{action}_#{assocation}?") { false } + end + define_method(:"show_#{assocation}?") { policy!(user, record).avo_show? } + alias_method :"view_#{assocation}?", :avo_show? + end + + class Scope + include Admin::Concerns::PolicyHelpers + + def initialize(user, scope) + @user = user + @scope = scope + end + + def resolve + raise NotImplementedError, "You must define #resolve in #{self.class}" + end + + private + + attr_reader :user, :scope + end +end diff --git a/app/policies/audit_policy.rb b/app/policies/admin/audit_policy.rb similarity index 74% rename from app/policies/audit_policy.rb rename to app/policies/admin/audit_policy.rb index 915d9d4cfa9..db45584e4c9 100644 --- a/app/policies/audit_policy.rb +++ b/app/policies/admin/audit_policy.rb @@ -1,5 +1,5 @@ -class AuditPolicy < ApplicationPolicy - class Scope < Scope +class Admin::AuditPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope # NOTE: Be explicit about which records you allow access to! def resolve if rubygems_org_admin? diff --git a/app/policies/concerns/admin_user.rb b/app/policies/admin/concerns/policy_helpers.rb similarity index 70% rename from app/policies/concerns/admin_user.rb rename to app/policies/admin/concerns/policy_helpers.rb index a21b1dd2703..362afda6584 100644 --- a/app/policies/concerns/admin_user.rb +++ b/app/policies/admin/concerns/policy_helpers.rb @@ -1,4 +1,4 @@ -module AdminUser +module Admin::Concerns::PolicyHelpers extend ActiveSupport::Concern included do @@ -13,5 +13,9 @@ def belongs_to_team?(slug) def rubygems_org_admin? belongs_to_team?("rubygems-org") end + + def policy!(user, record) + Pundit.policy!(user, [:admin, record]) + end end end diff --git a/app/policies/deletion_policy.rb b/app/policies/admin/deletion_policy.rb similarity index 62% rename from app/policies/deletion_policy.rb rename to app/policies/admin/deletion_policy.rb index 491ccd15578..1e86916fd1b 100644 --- a/app/policies/deletion_policy.rb +++ b/app/policies/admin/deletion_policy.rb @@ -1,5 +1,5 @@ -class DeletionPolicy < ApplicationPolicy - class Scope < Scope +class Admin::DeletionPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/admin/dependency_policy.rb b/app/policies/admin/dependency_policy.rb new file mode 100644 index 00000000000..ad92f6b0f80 --- /dev/null +++ b/app/policies/admin/dependency_policy.rb @@ -0,0 +1,11 @@ +class Admin::DependencyPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope + def resolve + scope.all + end + end + + def avo_show? + rubygems_org_admin? + end +end diff --git a/app/policies/events/rubygem_event_policy.rb b/app/policies/admin/events/rubygem_event_policy.rb similarity index 61% rename from app/policies/events/rubygem_event_policy.rb rename to app/policies/admin/events/rubygem_event_policy.rb index 0c1644d8efa..6f8f45c4a53 100644 --- a/app/policies/events/rubygem_event_policy.rb +++ b/app/policies/admin/events/rubygem_event_policy.rb @@ -1,5 +1,5 @@ -class Events::RubygemEventPolicy < ApplicationPolicy - class Scope < Scope +class Admin::Events::RubygemEventPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/events/user_event_policy.rb b/app/policies/admin/events/user_event_policy.rb similarity index 62% rename from app/policies/events/user_event_policy.rb rename to app/policies/admin/events/user_event_policy.rb index bbe74fb1457..d2d3b02f9d2 100644 --- a/app/policies/events/user_event_policy.rb +++ b/app/policies/admin/events/user_event_policy.rb @@ -1,5 +1,5 @@ -class Events::UserEventPolicy < ApplicationPolicy - class Scope < Scope +class Admin::Events::UserEventPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/gem_download_policy.rb b/app/policies/admin/gem_download_policy.rb similarity index 62% rename from app/policies/gem_download_policy.rb rename to app/policies/admin/gem_download_policy.rb index 24784e3e3aa..ec2322e286c 100644 --- a/app/policies/gem_download_policy.rb +++ b/app/policies/admin/gem_download_policy.rb @@ -1,5 +1,5 @@ -class GemDownloadPolicy < ApplicationPolicy - class Scope < Scope +class Admin::GemDownloadPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope # NOTE: Be explicit about which records you allow access to! def resolve scope.all diff --git a/app/policies/gem_name_reservation_policy.rb b/app/policies/admin/gem_name_reservation_policy.rb similarity index 68% rename from app/policies/gem_name_reservation_policy.rb rename to app/policies/admin/gem_name_reservation_policy.rb index cdc258c3d60..c539d9b0c58 100644 --- a/app/policies/gem_name_reservation_policy.rb +++ b/app/policies/admin/gem_name_reservation_policy.rb @@ -1,5 +1,5 @@ -class GemNameReservationPolicy < ApplicationPolicy - class Scope < Scope +class Admin::GemNameReservationPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/gem_typo_exception_policy.rb b/app/policies/admin/gem_typo_exception_policy.rb similarity index 73% rename from app/policies/gem_typo_exception_policy.rb rename to app/policies/admin/gem_typo_exception_policy.rb index a623733a594..f6056ef61b5 100644 --- a/app/policies/gem_typo_exception_policy.rb +++ b/app/policies/admin/gem_typo_exception_policy.rb @@ -1,5 +1,5 @@ -class GemTypoExceptionPolicy < ApplicationPolicy - class Scope < Scope +class Admin::GemTypoExceptionPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/geoip_info_policy.rb b/app/policies/admin/geoip_info_policy.rb similarity index 60% rename from app/policies/geoip_info_policy.rb rename to app/policies/admin/geoip_info_policy.rb index 42f0aa258dd..d60f1b1ffee 100644 --- a/app/policies/geoip_info_policy.rb +++ b/app/policies/admin/geoip_info_policy.rb @@ -1,5 +1,5 @@ -class GeoipInfoPolicy < ApplicationPolicy - class Scope < Scope +class Admin::GeoipInfoPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/admin/github_user_policy.rb b/app/policies/admin/github_user_policy.rb index 7013e69abe0..91eaabfb6c1 100644 --- a/app/policies/admin/github_user_policy.rb +++ b/app/policies/admin/github_user_policy.rb @@ -1,5 +1,5 @@ -class Admin::GitHubUserPolicy < ApplicationPolicy - class Scope < Scope +class Admin::GitHubUserPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope # NOTE: Be explicit about which records you allow access to! def resolve if rubygems_org_admin? diff --git a/app/policies/ip_address_policy.rb b/app/policies/admin/ip_address_policy.rb similarity index 65% rename from app/policies/ip_address_policy.rb rename to app/policies/admin/ip_address_policy.rb index fda18b72cfa..e05baef361d 100644 --- a/app/policies/ip_address_policy.rb +++ b/app/policies/admin/ip_address_policy.rb @@ -1,5 +1,5 @@ -class IpAddressPolicy < ApplicationPolicy - class Scope < Scope +class Admin::IpAddressPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/link_verification_policy.rb b/app/policies/admin/link_verification_policy.rb similarity index 53% rename from app/policies/link_verification_policy.rb rename to app/policies/admin/link_verification_policy.rb index af62c46bbcf..ff8f2f812cb 100644 --- a/app/policies/link_verification_policy.rb +++ b/app/policies/admin/link_verification_policy.rb @@ -1,5 +1,5 @@ -class LinkVerificationPolicy < ApplicationPolicy - class Scope < Scope +class Admin::LinkVerificationPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/admin/linkset_policy.rb b/app/policies/admin/linkset_policy.rb new file mode 100644 index 00000000000..ff2c35e2280 --- /dev/null +++ b/app/policies/admin/linkset_policy.rb @@ -0,0 +1,15 @@ +class Admin::LinksetPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope + def resolve + scope.all + end + end + + def avo_index? + policy!(user, Rubygem).avo_index? + end + + def avo_show? + policy!(user, record.rubygem).avo_show? + end +end diff --git a/app/policies/log_ticket_policy.rb b/app/policies/admin/log_ticket_policy.rb similarity index 58% rename from app/policies/log_ticket_policy.rb rename to app/policies/admin/log_ticket_policy.rb index c8162d0c774..1c9517c9e36 100644 --- a/app/policies/log_ticket_policy.rb +++ b/app/policies/admin/log_ticket_policy.rb @@ -1,5 +1,5 @@ -class LogTicketPolicy < ApplicationPolicy - class Scope < Scope +class Admin::LogTicketPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/maintenance_tasks/run_policy.rb b/app/policies/admin/maintenance_tasks/run_policy.rb similarity index 55% rename from app/policies/maintenance_tasks/run_policy.rb rename to app/policies/admin/maintenance_tasks/run_policy.rb index bfbf14ab7dc..dab68f1715f 100644 --- a/app/policies/maintenance_tasks/run_policy.rb +++ b/app/policies/admin/maintenance_tasks/run_policy.rb @@ -1,5 +1,5 @@ -class MaintenanceTasks::RunPolicy < ApplicationPolicy - class Scope < Scope +class Admin::MaintenanceTasks::RunPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/api_key_role_policy.rb b/app/policies/admin/oidc/api_key_role_policy.rb similarity index 73% rename from app/policies/oidc/api_key_role_policy.rb rename to app/policies/admin/oidc/api_key_role_policy.rb index a3f0ffba8da..51f0c3ae0c5 100644 --- a/app/policies/oidc/api_key_role_policy.rb +++ b/app/policies/admin/oidc/api_key_role_policy.rb @@ -1,5 +1,5 @@ -class OIDC::ApiKeyRolePolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::ApiKeyRolePolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/id_token_policy.rb b/app/policies/admin/oidc/id_token_policy.rb similarity index 66% rename from app/policies/oidc/id_token_policy.rb rename to app/policies/admin/oidc/id_token_policy.rb index f2c5b2553f9..723b0812567 100644 --- a/app/policies/oidc/id_token_policy.rb +++ b/app/policies/admin/oidc/id_token_policy.rb @@ -1,5 +1,5 @@ -class OIDC::IdTokenPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::IdTokenPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/pending_trusted_publisher_policy.rb b/app/policies/admin/oidc/pending_trusted_publisher_policy.rb similarity index 60% rename from app/policies/oidc/pending_trusted_publisher_policy.rb rename to app/policies/admin/oidc/pending_trusted_publisher_policy.rb index e7b0ee3b09a..452917695d0 100644 --- a/app/policies/oidc/pending_trusted_publisher_policy.rb +++ b/app/policies/admin/oidc/pending_trusted_publisher_policy.rb @@ -1,5 +1,5 @@ -class OIDC::PendingTrustedPublisherPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::PendingTrustedPublisherPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/provider_policy.rb b/app/policies/admin/oidc/provider_policy.rb similarity index 71% rename from app/policies/oidc/provider_policy.rb rename to app/policies/admin/oidc/provider_policy.rb index 84ede4d5f06..2ce7284a943 100644 --- a/app/policies/oidc/provider_policy.rb +++ b/app/policies/admin/oidc/provider_policy.rb @@ -1,5 +1,5 @@ -class OIDC::ProviderPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::ProviderPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/rubygem_trusted_publisher_policy.rb b/app/policies/admin/oidc/rubygem_trusted_publisher_policy.rb similarity index 60% rename from app/policies/oidc/rubygem_trusted_publisher_policy.rb rename to app/policies/admin/oidc/rubygem_trusted_publisher_policy.rb index bb16fe9a8f3..eb8877afe0b 100644 --- a/app/policies/oidc/rubygem_trusted_publisher_policy.rb +++ b/app/policies/admin/oidc/rubygem_trusted_publisher_policy.rb @@ -1,5 +1,5 @@ -class OIDC::RubygemTrustedPublisherPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::RubygemTrustedPublisherPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/oidc/trusted_publisher/github_action_policy.rb b/app/policies/admin/oidc/trusted_publisher/github_action_policy.rb similarity index 70% rename from app/policies/oidc/trusted_publisher/github_action_policy.rb rename to app/policies/admin/oidc/trusted_publisher/github_action_policy.rb index 66837ff5ad3..191795b52ec 100644 --- a/app/policies/oidc/trusted_publisher/github_action_policy.rb +++ b/app/policies/admin/oidc/trusted_publisher/github_action_policy.rb @@ -1,5 +1,5 @@ -class OIDC::TrustedPublisher::GitHubActionPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OIDC::TrustedPublisher::GitHubActionPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/ownership_policy.rb b/app/policies/admin/ownership_policy.rb similarity index 57% rename from app/policies/ownership_policy.rb rename to app/policies/admin/ownership_policy.rb index a13333c77ca..fb446f62cf6 100644 --- a/app/policies/ownership_policy.rb +++ b/app/policies/admin/ownership_policy.rb @@ -1,5 +1,5 @@ -class OwnershipPolicy < ApplicationPolicy - class Scope < Scope +class Admin::OwnershipPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/rubygem_policy.rb b/app/policies/admin/rubygem_policy.rb similarity index 88% rename from app/policies/rubygem_policy.rb rename to app/policies/admin/rubygem_policy.rb index 8c22536f1d7..e7a4f3c932c 100644 --- a/app/policies/rubygem_policy.rb +++ b/app/policies/admin/rubygem_policy.rb @@ -1,5 +1,5 @@ -class RubygemPolicy < ApplicationPolicy - class Scope < Scope +class Admin::RubygemPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve if rubygems_org_admin? scope.all diff --git a/app/policies/sendgrid_event_policy.rb b/app/policies/admin/sendgrid_event_policy.rb similarity index 57% rename from app/policies/sendgrid_event_policy.rb rename to app/policies/admin/sendgrid_event_policy.rb index fcf484b3d53..2a9d008723f 100644 --- a/app/policies/sendgrid_event_policy.rb +++ b/app/policies/admin/sendgrid_event_policy.rb @@ -1,5 +1,5 @@ -class SendgridEventPolicy < ApplicationPolicy - class Scope < Scope +class Admin::SendgridEventPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/user_policy.rb b/app/policies/admin/user_policy.rb similarity index 88% rename from app/policies/user_policy.rb rename to app/policies/admin/user_policy.rb index daf84c1449d..91a1738210f 100644 --- a/app/policies/user_policy.rb +++ b/app/policies/admin/user_policy.rb @@ -1,5 +1,5 @@ -class UserPolicy < ApplicationPolicy - class Scope < Scope +class Admin::UserPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope # NOTE: Be explicit about which records you allow access to! def resolve scope.all diff --git a/app/policies/version_policy.rb b/app/policies/admin/version_policy.rb similarity index 77% rename from app/policies/version_policy.rb rename to app/policies/admin/version_policy.rb index 91da344956d..50670f2ab86 100644 --- a/app/policies/version_policy.rb +++ b/app/policies/admin/version_policy.rb @@ -1,5 +1,5 @@ -class VersionPolicy < ApplicationPolicy - class Scope < Scope +class Admin::VersionPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve if rubygems_org_admin? scope.all diff --git a/app/policies/web_hook_policy.rb b/app/policies/admin/web_hook_policy.rb similarity index 68% rename from app/policies/web_hook_policy.rb rename to app/policies/admin/web_hook_policy.rb index 7555fb6082d..b3ccb7a87b5 100644 --- a/app/policies/web_hook_policy.rb +++ b/app/policies/admin/web_hook_policy.rb @@ -1,5 +1,5 @@ -class WebHookPolicy < ApplicationPolicy - class Scope < Scope +class Admin::WebHookPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope def resolve scope.all end diff --git a/app/policies/admin/webauthn_credential_policy.rb b/app/policies/admin/webauthn_credential_policy.rb new file mode 100644 index 00000000000..9bcd1c888d1 --- /dev/null +++ b/app/policies/admin/webauthn_credential_policy.rb @@ -0,0 +1,13 @@ +class Admin::WebauthnCredentialPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope + def resolve + scope.all + end + end + + has_association :user + + def avo_show? + policy!(user, record.user).avo_show? + end +end diff --git a/app/policies/admin/webauthn_verification_policy.rb b/app/policies/admin/webauthn_verification_policy.rb new file mode 100644 index 00000000000..9b246cb283f --- /dev/null +++ b/app/policies/admin/webauthn_verification_policy.rb @@ -0,0 +1,13 @@ +class Admin::WebauthnVerificationPolicy < Admin::ApplicationPolicy + class Scope < Admin::ApplicationPolicy::Scope + def resolve + scope.all + end + end + + has_association :user + + def avo_show? + policy!(user, record.user).avo_show? + end +end diff --git a/app/policies/api_key_rubygem_scope_policy.rb b/app/policies/api_key_rubygem_scope_policy.rb deleted file mode 100644 index 8379407551b..00000000000 --- a/app/policies/api_key_rubygem_scope_policy.rb +++ /dev/null @@ -1,11 +0,0 @@ -class ApiKeyRubygemScopePolicy < ApplicationPolicy - class Scope < Scope - def resolve - scope.all - end - end - - def avo_show? - Pundit.policy!(user, record.ownership).avo_show? - end -end diff --git a/app/policies/application_policy.rb b/app/policies/application_policy.rb index 2fdb6243eb1..17b17aa87ab 100644 --- a/app/policies/application_policy.rb +++ b/app/policies/application_policy.rb @@ -1,9 +1,23 @@ # frozen_string_literal: true class ApplicationPolicy - include AdminUser include SemanticLogger::Loggable + class Scope + def initialize(user, scope) + @user = user + @scope = scope + end + + def resolve + raise NotImplementedError, "You must define #resolve in #{self.class}" + end + + private + + attr_reader :user, :scope + end + attr_reader :user, :record def initialize(user, record) @@ -11,64 +25,35 @@ def initialize(user, record) @record = record end - def avo_index? + def index? false end - def avo_show? + def show? false end - def avo_create? + def create? false end - def avo_new? - avo_create? + def new? + create? end - def avo_update? + def update? false end - def avo_edit? - avo_update? + def edit? + update? end - def avo_destroy? + def destroy? false end - def avo_search? - avo_index? - end - - def act_on? - false - end - - def self.has_association(assocation) # rubocop:disable Naming/PredicateName - %w[create attach detach destroy edit].each do |action| - define_method(:"#{action}_#{assocation}?") { false } - end - define_method(:"show_#{assocation}?") { Pundit.policy!(user, record).avo_show? } - alias_method :"view_#{assocation}?", :avo_show? - end - - class Scope - include AdminUser - - def initialize(user, scope) - @user = user - @scope = scope - end - - def resolve - raise NotImplementedError, "You must define #resolve in #{self.class}" - end - - private - - attr_reader :user, :scope + def search? + index? end end diff --git a/app/policies/dependency_policy.rb b/app/policies/dependency_policy.rb deleted file mode 100644 index 21b2bb033d0..00000000000 --- a/app/policies/dependency_policy.rb +++ /dev/null @@ -1,11 +0,0 @@ -class DependencyPolicy < ApplicationPolicy - class Scope < Scope - def resolve - scope.all - end - end - - def avo_show? - rubygems_org_admin? - end -end diff --git a/app/policies/linkset_policy.rb b/app/policies/linkset_policy.rb deleted file mode 100644 index 6fbbd53900d..00000000000 --- a/app/policies/linkset_policy.rb +++ /dev/null @@ -1,15 +0,0 @@ -class LinksetPolicy < ApplicationPolicy - class Scope < Scope - def resolve - scope.all - end - end - - def avo_index? - Pundit.policy!(user, Rubygem).avo_index? - end - - def avo_show? - Pundit.policy!(user, record.rubygem).avo_show? - end -end diff --git a/app/policies/webauthn_credential_policy.rb b/app/policies/webauthn_credential_policy.rb deleted file mode 100644 index 3fa6d688e27..00000000000 --- a/app/policies/webauthn_credential_policy.rb +++ /dev/null @@ -1,13 +0,0 @@ -class WebauthnCredentialPolicy < ApplicationPolicy - class Scope < Scope - def resolve - scope.all - end - end - - has_association :user - - def avo_show? - Pundit.policy!(user, record.user).avo_show? - end -end diff --git a/app/policies/webauthn_verification_policy.rb b/app/policies/webauthn_verification_policy.rb deleted file mode 100644 index 1c2e3300ad1..00000000000 --- a/app/policies/webauthn_verification_policy.rb +++ /dev/null @@ -1,13 +0,0 @@ -class WebauthnVerificationPolicy < ApplicationPolicy - class Scope < Scope - def resolve - scope.all - end - end - - has_association :user - - def avo_show? - Pundit.policy!(user, record.user).avo_show? - end -end diff --git a/config/initializers/avo.rb b/config/initializers/avo.rb index 794d93736ae..f1d8d70c8b7 100644 --- a/config/initializers/avo.rb +++ b/config/initializers/avo.rb @@ -40,7 +40,7 @@ search: 'avo_search?' } config.raise_error_on_missing_policy = true - config.authorization_client = :pundit + config.authorization_client = "Admin::AuthorizationClient" ## == Localization == # config.locale = 'en-US' diff --git a/lib/admin/authorization_client.rb b/lib/admin/authorization_client.rb new file mode 100644 index 00000000000..6a95c709438 --- /dev/null +++ b/lib/admin/authorization_client.rb @@ -0,0 +1,42 @@ +# This class is the same as the default pundit authorization client. +# It just adds the admin scope automatically so that Avo pundit policies can be kept separate. +class Admin::AuthorizationClient < Avo::Services::AuthorizationClients::PunditClient + def authorize(user, record, action, policy_class: nil) + # After https://github.com/avo-hq/avo/pull/2827 lands, we can hopefully remove this hack + policy_class ||= Admin::GitHubUserPolicy if record == Admin::GitHubUser + super(user, [:admin, record], action, policy_class: policy_class) + end + + def policy(user, record) + super(user, [:admin, record]) + end + + def policy!(user, record) + super(user, [:admin, record]) + end + + def apply_policy(user, model, policy_class: nil) + # Try and figure out the scope from a given policy or auto-detected one + scope_from_policy_class = scope_for_policy_class(policy_class) + + # If we discover one use it. + # Else fallback to pundit. + if scope_from_policy_class.present? + scope_from_policy_class.new(user, model).resolve + else + Pundit.policy_scope!(user, [:admin, model]) + end + rescue Pundit::NotDefinedError => e + raise Avo::NoPolicyError, e.message + end + + private + + # Fetches the scope for a given policy + def scope_for_policy_class(policy_class = nil) + return if policy_class.blank? + + return unless policy_class.present? && defined?(Admin.const_get(policy_class.to_s)&.const_get("Scope")) + policy_class::Scope + end +end diff --git a/test/policies/admin/api_key_policy_test.rb b/test/policies/admin/api_key_policy_test.rb new file mode 100644 index 00000000000..97da3b5fb3d --- /dev/null +++ b/test/policies/admin/api_key_policy_test.rb @@ -0,0 +1,41 @@ +require "test_helper" + +class Admin::ApiKeyPolicyTest < AdminPolicyTestCase + setup do + @api_key = FactoryBot.create(:api_key) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@api_key], policy_scope!( + @admin, + ApiKey + ).to_a + end + + def test_avo_index + refute_authorizes @admin, ApiKey, :avo_index? + refute_authorizes @non_admin, ApiKey, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @api_key, :avo_show? + refute_authorizes @non_admin, @api_key, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, ApiKey, :avo_create? + refute_authorizes @non_admin, ApiKey, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @api_key, :avo_update? + refute_authorizes @non_admin, @api_key, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @api_key, :avo_destroy? + refute_authorizes @non_admin, @api_key, :avo_destroy? + end +end diff --git a/test/policies/admin/api_key_rubygem_scope_policy_test.rb b/test/policies/admin/api_key_rubygem_scope_policy_test.rb new file mode 100644 index 00000000000..c4b65646a28 --- /dev/null +++ b/test/policies/admin/api_key_rubygem_scope_policy_test.rb @@ -0,0 +1,42 @@ +require "test_helper" + +class Admin::ApiKeyRubygemScopePolicyTest < AdminPolicyTestCase + setup do + @scope = FactoryBot.create(:api_key_rubygem_scope) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@scope], policy_scope!( + @admin, + ApiKeyRubygemScope + ).to_a + end + + def test_avo_index + refute_authorizes @admin, ApiKeyRubygemScope, :avo_index? + refute_authorizes @non_admin, ApiKeyRubygemScope, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @scope, :avo_show? + + refute_authorizes @non_admin, @scope, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, ApiKeyRubygemScope, :avo_create? + refute_authorizes @non_admin, ApiKeyRubygemScope, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @scope, :avo_update? + refute_authorizes @non_admin, @scope, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @scope, :avo_destroy? + refute_authorizes @non_admin, @scope, :avo_destroy? + end +end diff --git a/test/policies/audit_policy_test.rb b/test/policies/admin/audit_policy_test.rb similarity index 74% rename from test/policies/audit_policy_test.rb rename to test/policies/admin/audit_policy_test.rb index acefe6c1e80..d5e8ca21936 100644 --- a/test/policies/audit_policy_test.rb +++ b/test/policies/admin/audit_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class AuditPolicyTest < ActiveSupport::TestCase +class Admin::AuditPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/avo_policies_test.rb b/test/policies/admin/avo_policies_test.rb similarity index 74% rename from test/policies/avo_policies_test.rb rename to test/policies/admin/avo_policies_test.rb index a8cb38ee830..e03ee0e9cc0 100644 --- a/test/policies/avo_policies_test.rb +++ b/test/policies/admin/avo_policies_test.rb @@ -1,13 +1,18 @@ require "test_helper" -class AvoPoliciesTest < ActiveSupport::TestCase +class Admin::AvoPoliciesTest < AdminPolicyTestCase def test_association_methods_defined resources = Avo::App.init_resources association_actions = %w[create attach detach destroy edit show view] aggregate_assertions do resources.each do |resource| - policy = Pundit.policy(nil, resource) + policy = + if resource.authorization_policy + resource.authorization_policy.new(nil, resource) + else + policy!(nil, resource) + end refute_nil policy diff --git a/test/policies/admin/deletion_policy_test.rb b/test/policies/admin/deletion_policy_test.rb new file mode 100644 index 00000000000..50508bc5863 --- /dev/null +++ b/test/policies/admin/deletion_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::DeletionPolicyTest < AdminPolicyTestCase + setup do + @version = create(:version) + @deletion = Deletion.create!(version: @version, user: create(:user)) + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@deletion], policy_scope!( + @admin, + Deletion + ).to_a + end + + def test_avo_index + assert_authorizes @admin, Deletion, :avo_index? + + refute_authorizes @non_admin, Deletion, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @deletion, :avo_show? + + refute_authorizes @non_admin, @deletion, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, Deletion, :avo_create? + refute_authorizes @non_admin, Deletion, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @deletion, :avo_update? + refute_authorizes @non_admin, @deletion, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @deletion, :avo_destroy? + refute_authorizes @non_admin, @deletion, :avo_destroy? + end +end diff --git a/test/policies/dependency_policy_test.rb b/test/policies/admin/dependency_policy_test.rb similarity index 72% rename from test/policies/dependency_policy_test.rb rename to test/policies/admin/dependency_policy_test.rb index cc6a2f66f9f..e056ea610a0 100644 --- a/test/policies/dependency_policy_test.rb +++ b/test/policies/admin/dependency_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class DependencyPolicyTest < ActiveSupport::TestCase +class Admin::DependencyPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/events/rubygem_event_policy_test.rb b/test/policies/admin/events/rubygem_event_policy_test.rb similarity index 69% rename from test/policies/events/rubygem_event_policy_test.rb rename to test/policies/admin/events/rubygem_event_policy_test.rb index 2689db7392a..4807bd780a1 100644 --- a/test/policies/events/rubygem_event_policy_test.rb +++ b/test/policies/admin/events/rubygem_event_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class Events::RubygemEventPolicyTest < ActiveSupport::TestCase +class Admin::Events::RubygemEventPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/events/user_event_policy_test.rb b/test/policies/admin/events/user_event_policy_test.rb similarity index 70% rename from test/policies/events/user_event_policy_test.rb rename to test/policies/admin/events/user_event_policy_test.rb index 1b485c2ae60..d40fcffe93e 100644 --- a/test/policies/events/user_event_policy_test.rb +++ b/test/policies/admin/events/user_event_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class Events::UserEventPolicyTest < ActiveSupport::TestCase +class Admin::Events::UserEventPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/gem_download_policy_test.rb b/test/policies/admin/gem_download_policy_test.rb similarity index 72% rename from test/policies/gem_download_policy_test.rb rename to test/policies/admin/gem_download_policy_test.rb index d20d1d3150b..74598a944f1 100644 --- a/test/policies/gem_download_policy_test.rb +++ b/test/policies/admin/gem_download_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class GemDownloadPolicyTest < ActiveSupport::TestCase +class Admin::GemDownloadPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/admin/gem_name_reservation_policy_test.rb b/test/policies/admin/gem_name_reservation_policy_test.rb new file mode 100644 index 00000000000..ec26de4bb90 --- /dev/null +++ b/test/policies/admin/gem_name_reservation_policy_test.rb @@ -0,0 +1,39 @@ +require "test_helper" + +class Admin::GemNameReservationPolicyTest < AdminPolicyTestCase + setup do + @scope = create(:gem_name_reservation) + @admin = create(:admin_github_user, :is_admin) + end + + def test_scope + assert_equal [@scope], policy_scope!( + @admin, + GemNameReservation + ).to_a + end + + def test_avo_index + assert_authorizes @admin, GemNameReservation, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, GemNameReservation, :avo_show? + end + + def test_avo_create + assert_authorizes @admin, GemNameReservation, :avo_create? + end + + def test_avo_destroy + assert_authorizes @admin, GemNameReservation, :avo_destroy? + end + + def test_avo_search + assert_authorizes @admin, GemNameReservation, :avo_search? + end + + def test_avo_update + refute_authorizes @admin, GemNameReservation, :avo_update? + end +end diff --git a/test/policies/admin/gem_typo_exception_policy_test.rb b/test/policies/admin/gem_typo_exception_policy_test.rb new file mode 100644 index 00000000000..85b94f025e1 --- /dev/null +++ b/test/policies/admin/gem_typo_exception_policy_test.rb @@ -0,0 +1,47 @@ +require "test_helper" + +class Admin::GemTypoExceptionPolicyTest < AdminPolicyTestCase + setup do + @exception = create(:gem_typo_exception) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@exception], policy_scope!( + @admin, + GemTypoException + ).to_a + end + + def test_avo_index + assert_authorizes @admin, GemTypoException, :avo_index? + + refute_authorizes @non_admin, GemTypoException, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @exception, :avo_show? + + refute_authorizes @non_admin, @exception, :avo_show? + end + + def test_avo_create + assert_authorizes @admin, GemTypoException, :avo_create? + + refute_authorizes @non_admin, GemTypoException, :avo_create? + end + + def test_avo_update + assert_authorizes @admin, @exception, :avo_update? + + refute_authorizes @non_admin, @exception, :avo_update? + end + + def test_avo_destroy + assert_authorizes @admin, @exception, :avo_destroy? + + refute_authorizes @non_admin, @exception, :avo_destroy? + end +end diff --git a/test/policies/admin/geoip_info_policy_test.rb b/test/policies/admin/geoip_info_policy_test.rb new file mode 100644 index 00000000000..9c81adb8439 --- /dev/null +++ b/test/policies/admin/geoip_info_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::GeoipInfoPolicyTest < AdminPolicyTestCase + setup do + @geoip_info = create(:geoip_info) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@geoip_info], policy_scope!( + @admin, + GeoipInfo + ).to_a + end + + def test_avo_index + assert_authorizes @admin, GeoipInfo, :avo_index? + + refute_authorizes @non_admin, GeoipInfo, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @geoip_info, :avo_show? + + refute_authorizes @non_admin, @geoip_info, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, GeoipInfo, :avo_create? + refute_authorizes @non_admin, GeoipInfo, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @geoip_info, :avo_update? + refute_authorizes @non_admin, @geoip_info, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @geoip_info, :avo_destroy? + refute_authorizes @non_admin, @geoip_info, :avo_destroy? + end +end diff --git a/test/policies/admin/github_user_policy_test.rb b/test/policies/admin/github_user_policy_test.rb index 59f3b83702b..88eed2da631 100644 --- a/test/policies/admin/github_user_policy_test.rb +++ b/test/policies/admin/github_user_policy_test.rb @@ -1,42 +1,48 @@ require "test_helper" -class Admin::GitHubUserPolicyTest < ActiveSupport::TestCase +class Admin::GitHubUserPolicyTest < AdminPolicyTestCase + def policy_class + Admin::GitHubUserPolicy + end + setup do @user = FactoryBot.create(:admin_github_user) @admin = FactoryBot.create(:admin_github_user, :is_admin) end def test_scope - assert_equal [@user], Pundit.policy_scope!( + assert_equal [@user], policy_scope!( @user, Admin::GitHubUser ).to_a - assert_equal [@user, @admin], Pundit.policy_scope!( + assert_equal [@user, @admin], policy_scope!( @admin, Admin::GitHubUser ).to_a end def test_avo_show - assert_predicate Pundit.policy!(@admin, @user), :avo_show? - assert_predicate Pundit.policy!(@admin, @admin), :avo_show? - refute_predicate Pundit.policy!(@user, @user), :avo_show? - refute_predicate Pundit.policy!(@user, @admin), :avo_show? + assert_authorizes @admin, @user, :avo_show? + assert_authorizes @admin, @user, :avo_show? + assert_authorizes @admin, @admin, :avo_show? + + refute_authorizes @user, @user, :avo_show? + refute_authorizes @user, @admin, :avo_show? end def test_avo_create - refute_predicate Pundit.policy!(@user, @user), :avo_create? - refute_predicate Pundit.policy!(@admin, @admin), :avo_create? + refute_authorizes @user, @user, :avo_create? + refute_authorizes @admin, @admin, :avo_create? end def test_avo_update - refute_predicate Pundit.policy!(@user, @user), :avo_update? - refute_predicate Pundit.policy!(@admin, @admin), :avo_update? + refute_authorizes @user, @user, :avo_update? + refute_authorizes @admin, @admin, :avo_update? end def test_avo_destroy - refute_predicate Pundit.policy!(@user, @user), :avo_destroy? - refute_predicate Pundit.policy!(@admin, @admin), :avo_destroy? + refute_authorizes @user, @user, :avo_destroy? + refute_authorizes @admin, @admin, :avo_destroy? end end diff --git a/test/policies/ip_address_policy_test.rb b/test/policies/admin/ip_address_policy_test.rb similarity index 73% rename from test/policies/ip_address_policy_test.rb rename to test/policies/admin/ip_address_policy_test.rb index c27c07fda9d..be4485beed2 100644 --- a/test/policies/ip_address_policy_test.rb +++ b/test/policies/admin/ip_address_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class IpAddressPolicyTest < ActiveSupport::TestCase +class Admin::IpAddressPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/admin/link_verification_policy_test.rb b/test/policies/admin/link_verification_policy_test.rb new file mode 100644 index 00000000000..a957581422a --- /dev/null +++ b/test/policies/admin/link_verification_policy_test.rb @@ -0,0 +1,46 @@ +require "test_helper" + +class Admin::LinkVerificationPolicyTest < AdminPolicyTestCase + setup do + @verification = create(:link_verification) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + home_verification = @verification.linkable.link_verifications.for_uri(@verification.linkable.linkset.home).sole + + assert_equal [home_verification, @verification], policy_scope!( + @admin, + LinkVerification + ).to_a + end + + def test_avo_index + assert_authorizes @admin, LinkVerification, :avo_index? + + refute_authorizes @non_admin, LinkVerification, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @verification, :avo_show? + + refute_authorizes @non_admin, @verification, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, LinkVerification, :avo_create? + refute_authorizes @non_admin, LinkVerification, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @verification, :avo_update? + refute_authorizes @non_admin, @verification, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @verification, :avo_destroy? + refute_authorizes @non_admin, @verification, :avo_destroy? + end +end diff --git a/test/policies/admin/linkset_policy_test.rb b/test/policies/admin/linkset_policy_test.rb new file mode 100644 index 00000000000..cc849f0fe65 --- /dev/null +++ b/test/policies/admin/linkset_policy_test.rb @@ -0,0 +1,43 @@ +require "test_helper" + +class Admin::LinksetPolicyTest < AdminPolicyTestCase + setup do + @linkset = FactoryBot.create(:rubygem).linkset + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@linkset], policy_scope!( + @admin, + Linkset + ).to_a + end + + def test_avo_index + assert_authorizes @admin, Linkset, :avo_index? + + refute_authorizes @non_admin, Linkset, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @linkset, :avo_show? + + refute_authorizes @non_admin, @linkset, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, Linkset, :avo_create? + refute_authorizes @non_admin, Linkset, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @linkset, :avo_update? + refute_authorizes @non_admin, @linkset, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @linkset, :avo_destroy? + refute_authorizes @non_admin, @linkset, :avo_destroy? + end +end diff --git a/test/policies/admin/log_ticket_policy_test.rb b/test/policies/admin/log_ticket_policy_test.rb new file mode 100644 index 00000000000..b62d007ba1c --- /dev/null +++ b/test/policies/admin/log_ticket_policy_test.rb @@ -0,0 +1,42 @@ +require "test_helper" + +class Admin::LogTicketPolicyTest < AdminPolicyTestCase + setup do + @log_ticket = FactoryBot.create(:log_ticket) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@log_ticket], policy_scope!( + @admin, + LogTicket + ).to_a + end + + def test_avo_index + refute_authorizes @admin, ApiKey, :avo_index? + refute_authorizes @non_admin, ApiKey, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @log_ticket, :avo_show? + + refute_authorizes @non_admin, @log_ticket, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, ApiKey, :avo_create? + refute_authorizes @non_admin, ApiKey, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @log_ticket, :avo_update? + refute_authorizes @non_admin, @log_ticket, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @log_ticket, :avo_destroy? + refute_authorizes @non_admin, @log_ticket, :avo_destroy? + end +end diff --git a/test/policies/admin/maintenance_tasks/run_policy_test.rb b/test/policies/admin/maintenance_tasks/run_policy_test.rb new file mode 100644 index 00000000000..042dcd00c2b --- /dev/null +++ b/test/policies/admin/maintenance_tasks/run_policy_test.rb @@ -0,0 +1,43 @@ +require "test_helper" + +class Admin::MaintenanceTasks::RunPolicyTest < AdminPolicyTestCase + setup do + @run = create(:maintenance_tasks_run) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@run], policy_scope!( + @admin, + MaintenanceTasks::Run + ).to_a + end + + def test_avo_index + assert_authorizes @admin, MaintenanceTasks::Run, :avo_index? + + refute_authorizes @non_admin, MaintenanceTasks::Run, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @run, :avo_show? + + refute_authorizes @non_admin, @run, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, MaintenanceTasks::Run, :avo_create? + refute_authorizes @non_admin, MaintenanceTasks::Run, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @run, :avo_update? + refute_authorizes @non_admin, @run, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @run, :avo_destroy? + refute_authorizes @non_admin, @run, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/api_key_role_policy_test.rb b/test/policies/admin/oidc/api_key_role_policy_test.rb new file mode 100644 index 00000000000..41861431aab --- /dev/null +++ b/test/policies/admin/oidc/api_key_role_policy_test.rb @@ -0,0 +1,46 @@ +require "test_helper" + +class Admin::OIDC::ApiKeyRolePolicyTest < AdminPolicyTestCase + setup do + @api_key_role = FactoryBot.create(:oidc_api_key_role) + + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@api_key_role], policy_scope!( + @admin, + OIDC::ApiKeyRole + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::ApiKeyRole, :avo_index? + + refute_authorizes @non_admin, OIDC::ApiKeyRole, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @api_key_role, :avo_show? + + refute_authorizes @non_admin, @api_key_role, :avo_show? + end + + def test_avo_create + assert_authorizes @admin, OIDC::ApiKeyRole, :avo_create? + + refute_authorizes @non_admin, OIDC::ApiKeyRole, :avo_create? + end + + def test_avo_update + assert_authorizes @admin, @api_key_role, :avo_update? + + refute_authorizes @non_admin, @api_key_role, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @api_key_role, :avo_destroy? + refute_authorizes @non_admin, @api_key_role, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/id_token_policy_test.rb b/test/policies/admin/oidc/id_token_policy_test.rb new file mode 100644 index 00000000000..d088feb5f0d --- /dev/null +++ b/test/policies/admin/oidc/id_token_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::OIDC::IdTokenPolicyTest < AdminPolicyTestCase + setup do + @id_token = FactoryBot.create(:oidc_id_token) + + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@id_token], policy_scope!( + @admin, + OIDC::IdToken + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::IdToken, :avo_index? + + refute_authorizes @non_admin, OIDC::IdToken, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @id_token, :avo_show? + + refute_authorizes @non_admin, @id_token, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, OIDC::IdToken, :avo_create? + refute_authorizes @non_admin, OIDC::IdToken, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @id_token, :avo_update? + refute_authorizes @non_admin, @id_token, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @id_token, :avo_destroy? + refute_authorizes @non_admin, @id_token, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/pending_trusted_publisher_policy_test.rb b/test/policies/admin/oidc/pending_trusted_publisher_policy_test.rb new file mode 100644 index 00000000000..f49c937f744 --- /dev/null +++ b/test/policies/admin/oidc/pending_trusted_publisher_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::OIDC::PendingTrustedPublisherPolicyTest < AdminPolicyTestCase + setup do + @pending_trusted_publisher = create(:oidc_pending_trusted_publisher) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@pending_trusted_publisher], policy_scope!( + @admin, + OIDC::PendingTrustedPublisher + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::PendingTrustedPublisher, :avo_index? + + refute_authorizes @non_admin, OIDC::PendingTrustedPublisher, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @pending_trusted_publisher, :avo_show? + + refute_authorizes @non_admin, @pending_trusted_publisher, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, OIDC::PendingTrustedPublisher, :avo_create? + refute_authorizes @non_admin, OIDC::PendingTrustedPublisher, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @pending_trusted_publisher, :avo_update? + refute_authorizes @non_admin, @pending_trusted_publisher, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @pending_trusted_publisher, :avo_destroy? + refute_authorizes @non_admin, @pending_trusted_publisher, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/provider_policy_test.rb b/test/policies/admin/oidc/provider_policy_test.rb new file mode 100644 index 00000000000..46d74157382 --- /dev/null +++ b/test/policies/admin/oidc/provider_policy_test.rb @@ -0,0 +1,46 @@ +require "test_helper" + +class Admin::OIDC::ProviderPolicyTest < AdminPolicyTestCase + setup do + @provider = FactoryBot.create(:oidc_provider) + + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@provider], policy_scope!( + @admin, + OIDC::Provider + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::Provider, :avo_index? + + refute_authorizes @non_admin, OIDC::Provider, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @provider, :avo_show? + + refute_authorizes @non_admin, @provider, :avo_show? + end + + def test_avo_create + assert_authorizes @admin, OIDC::Provider, :avo_create? + + refute_authorizes @non_admin, OIDC::Provider, :avo_create? + end + + def test_avo_update + assert_authorizes @admin, @provider, :avo_update? + + refute_authorizes @non_admin, @provider, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @provider, :avo_destroy? + refute_authorizes @non_admin, @provider, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/rubygem_trusted_publisher_policy_test.rb b/test/policies/admin/oidc/rubygem_trusted_publisher_policy_test.rb new file mode 100644 index 00000000000..87b4d5f18d9 --- /dev/null +++ b/test/policies/admin/oidc/rubygem_trusted_publisher_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::OIDC::RubygemTrustedPublisherPolicyTest < AdminPolicyTestCase + setup do + @rubygem_trusted_publisher = create(:oidc_rubygem_trusted_publisher) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@rubygem_trusted_publisher], policy_scope!( + @admin, + OIDC::RubygemTrustedPublisher + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::RubygemTrustedPublisher, :avo_index? + + refute_authorizes @non_admin, OIDC::RubygemTrustedPublisher, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @rubygem_trusted_publisher, :avo_show? + + refute_authorizes @non_admin, @rubygem_trusted_publisher, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, OIDC::RubygemTrustedPublisher, :avo_create? + refute_authorizes @non_admin, OIDC::RubygemTrustedPublisher, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @rubygem_trusted_publisher, :avo_update? + refute_authorizes @non_admin, @rubygem_trusted_publisher, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @rubygem_trusted_publisher, :avo_destroy? + refute_authorizes @non_admin, @rubygem_trusted_publisher, :avo_destroy? + end +end diff --git a/test/policies/admin/oidc/trusted_publisher/github_action_policy_test.rb b/test/policies/admin/oidc/trusted_publisher/github_action_policy_test.rb new file mode 100644 index 00000000000..64e6249da70 --- /dev/null +++ b/test/policies/admin/oidc/trusted_publisher/github_action_policy_test.rb @@ -0,0 +1,44 @@ +require "test_helper" + +class Admin::OIDC::TrustedPublisher::GitHubActionPolicyTest < AdminPolicyTestCase + setup do + @trusted_publisher_github_action = create(:oidc_trusted_publisher_github_action) + + @admin = create(:admin_github_user, :is_admin) + @non_admin = create(:admin_github_user) + end + + def test_scope + assert_equal [@trusted_publisher_github_action], policy_scope!( + @admin, + OIDC::TrustedPublisher::GitHubAction + ).to_a + end + + def test_avo_index + assert_authorizes @admin, OIDC::TrustedPublisher::GitHubAction, :avo_index? + + refute_authorizes @non_admin, OIDC::TrustedPublisher::GitHubAction, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @trusted_publisher_github_action, :avo_show? + + refute_authorizes @non_admin, @trusted_publisher_github_action, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, OIDC::TrustedPublisher::GitHubAction, :avo_create? + refute_authorizes @non_admin, OIDC::TrustedPublisher::GitHubAction, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @trusted_publisher_github_action, :avo_update? + refute_authorizes @non_admin, @trusted_publisher_github_action, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @trusted_publisher_github_action, :avo_destroy? + refute_authorizes @non_admin, @trusted_publisher_github_action, :avo_destroy? + end +end diff --git a/test/policies/admin/ownership_policy_test.rb b/test/policies/admin/ownership_policy_test.rb new file mode 100644 index 00000000000..1b43cfcde18 --- /dev/null +++ b/test/policies/admin/ownership_policy_test.rb @@ -0,0 +1,39 @@ +require "test_helper" + +class Admin::OwnershipPolicyTest < AdminPolicyTestCase + setup do + @ownership = FactoryBot.create(:ownership) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@ownership], policy_scope!(@admin, Ownership).to_a + end + + def test_avo_index + refute_authorizes @admin, Ownership, :avo_index? + refute_authorizes @non_admin, Ownership, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @ownership, :avo_show? + + refute_authorizes @non_admin, @ownership, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, Ownership, :avo_create? + refute_authorizes @non_admin, Ownership, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @ownership, :avo_update? + refute_authorizes @non_admin, @ownership, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @ownership, :avo_destroy? + refute_authorizes @non_admin, @ownership, :avo_destroy? + end +end diff --git a/test/policies/admin/rubygem_policy_test.rb b/test/policies/admin/rubygem_policy_test.rb new file mode 100644 index 00000000000..95cd3b67462 --- /dev/null +++ b/test/policies/admin/rubygem_policy_test.rb @@ -0,0 +1,28 @@ +require "test_helper" + +class Admin::RubygemPolicyTest < AdminPolicyTestCase + setup do + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + @rubygem = FactoryBot.create(:rubygem) + end + + def test_scope + assert_equal [@rubygem], policy_scope!( + @admin, + Rubygem + ).to_a + end + + def test_avo_index + assert_authorizes @admin, Rubygem, :avo_index? + + refute_authorizes @non_admin, Rubygem, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @rubygem, :avo_show? + + refute_authorizes @non_admin, @rubygem, :avo_show? + end +end diff --git a/test/policies/admin/sendgrid_event_policy_test.rb b/test/policies/admin/sendgrid_event_policy_test.rb new file mode 100644 index 00000000000..a51fb48797c --- /dev/null +++ b/test/policies/admin/sendgrid_event_policy_test.rb @@ -0,0 +1,47 @@ +require "test_helper" + +class Admin::SendgridEventPolicyTest < AdminPolicyTestCase + setup do + @sendgrid_event = FactoryBot.create(:sendgrid_event) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@sendgrid_event], policy_scope!( + @admin, + SendgridEvent + ).to_a + end + + def test_avo_index + refute_authorizes @admin, ApiKey, :avo_index? + refute_authorizes @non_admin, ApiKey, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @sendgrid_event, :avo_show? + + refute_authorizes @non_admin, @sendgrid_event, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, ApiKey, :avo_create? + refute_authorizes @non_admin, ApiKey, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @sendgrid_event, :avo_update? + refute_authorizes @non_admin, @sendgrid_event, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @sendgrid_event, :avo_destroy? + refute_authorizes @non_admin, @sendgrid_event, :avo_destroy? + end + + def test_act_on + refute_authorizes @admin, @sendgrid_event, :act_on? + refute_authorizes @non_admin, @sendgrid_event, :act_on? + end +end diff --git a/test/policies/user_policy_test.rb b/test/policies/admin/user_policy_test.rb similarity index 65% rename from test/policies/user_policy_test.rb rename to test/policies/admin/user_policy_test.rb index 178635f4af4..bcd362c4bed 100644 --- a/test/policies/user_policy_test.rb +++ b/test/policies/admin/user_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class UserPolicyTest < ActiveSupport::TestCase +class Admin::UserPolicyTest < AdminPolicyTestCase setup do @user = FactoryBot.create(:user) @admin = FactoryBot.create(:admin_github_user, :is_admin) @@ -23,7 +23,7 @@ def test_destroy end def test_search - assert_predicate Pundit.policy!(@admin, @user), :avo_search? - refute_predicate Pundit.policy!(@non_admin, @user), :avo_search? + assert_authorizes @admin, @user, :avo_search? + refute_authorizes @non_admin, @user, :avo_search? end end diff --git a/test/policies/version_policy_test.rb b/test/policies/admin/version_policy_test.rb similarity index 73% rename from test/policies/version_policy_test.rb rename to test/policies/admin/version_policy_test.rb index 14b0fcb980b..fa53c031e37 100644 --- a/test/policies/version_policy_test.rb +++ b/test/policies/admin/version_policy_test.rb @@ -1,6 +1,6 @@ require "test_helper" -class VersionPolicyTest < ActiveSupport::TestCase +class Admin::VersionPolicyTest < AdminPolicyTestCase def test_scope end diff --git a/test/policies/admin/web_hook_policy_test.rb b/test/policies/admin/web_hook_policy_test.rb new file mode 100644 index 00000000000..39a75876304 --- /dev/null +++ b/test/policies/admin/web_hook_policy_test.rb @@ -0,0 +1,48 @@ +require "test_helper" + +class Admin::WebHookPolicyTest < AdminPolicyTestCase + setup do + @web_hook = FactoryBot.create(:web_hook) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@web_hook], policy_scope!( + @admin, + WebHook + ).to_a + end + + def test_avo_index + refute_authorizes @admin, ApiKey, :avo_index? + refute_authorizes @non_admin, ApiKey, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @web_hook, :avo_show? + + refute_authorizes @non_admin, @web_hook, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, ApiKey, :avo_create? + refute_authorizes @non_admin, ApiKey, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @web_hook, :avo_update? + refute_authorizes @non_admin, @web_hook, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @web_hook, :avo_destroy? + refute_authorizes @non_admin, @web_hook, :avo_destroy? + end + + def test_act_on + assert_authorizes @admin, @web_hook, :act_on? + + refute_authorizes @non_admin, @web_hook, :act_on? + end +end diff --git a/test/policies/admin/webauthn_credential_policy_test.rb b/test/policies/admin/webauthn_credential_policy_test.rb new file mode 100644 index 00000000000..4d3370bd927 --- /dev/null +++ b/test/policies/admin/webauthn_credential_policy_test.rb @@ -0,0 +1,42 @@ +require "test_helper" + +class Admin::WebauthnCredentialPolicyTest < AdminPolicyTestCase + setup do + @webauthn_credential = FactoryBot.create(:webauthn_credential) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@webauthn_credential], policy_scope!( + @admin, + WebauthnCredential + ).to_a + end + + def test_avo_index + refute_authorizes @admin, WebauthnCredential, :avo_index? + refute_authorizes @non_admin, WebauthnCredential, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @webauthn_credential, :avo_show? + + refute_authorizes @non_admin, @webauthn_credential, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, WebauthnCredential, :avo_create? + refute_authorizes @non_admin, WebauthnCredential, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @webauthn_credential, :avo_update? + refute_authorizes @non_admin, @webauthn_credential, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @webauthn_credential, :avo_destroy? + refute_authorizes @non_admin, @webauthn_credential, :avo_destroy? + end +end diff --git a/test/policies/admin/webauthn_verification_policy_test.rb b/test/policies/admin/webauthn_verification_policy_test.rb new file mode 100644 index 00000000000..e4790c02e0e --- /dev/null +++ b/test/policies/admin/webauthn_verification_policy_test.rb @@ -0,0 +1,42 @@ +require "test_helper" + +class Admin::WebauthnVerificationPolicyTest < AdminPolicyTestCase + setup do + @webauthn_verification = FactoryBot.create(:webauthn_verification) + @admin = FactoryBot.create(:admin_github_user, :is_admin) + @non_admin = FactoryBot.create(:admin_github_user) + end + + def test_scope + assert_equal [@webauthn_verification], policy_scope!( + @admin, + WebauthnVerification + ).to_a + end + + def test_avo_index + refute_authorizes @admin, WebauthnVerification, :avo_index? + refute_authorizes @non_admin, WebauthnVerification, :avo_index? + end + + def test_avo_show + assert_authorizes @admin, @webauthn_verification, :avo_show? + + refute_authorizes @non_admin, @webauthn_verification, :avo_show? + end + + def test_avo_create + refute_authorizes @admin, WebauthnVerification, :avo_create? + refute_authorizes @non_admin, WebauthnVerification, :avo_create? + end + + def test_avo_update + refute_authorizes @admin, @webauthn_verification, :avo_update? + refute_authorizes @non_admin, @webauthn_verification, :avo_update? + end + + def test_avo_destroy + refute_authorizes @admin, @webauthn_verification, :avo_destroy? + refute_authorizes @non_admin, @webauthn_verification, :avo_destroy? + end +end diff --git a/test/policies/api_key_policy_test.rb b/test/policies/api_key_policy_test.rb deleted file mode 100644 index 30201da8925..00000000000 --- a/test/policies/api_key_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class ApiKeyPolicyTest < ActiveSupport::TestCase - setup do - @api_key = FactoryBot.create(:api_key) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@api_key], Pundit.policy_scope!( - @admin, - ApiKey - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_index? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @api_key), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @api_key), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_create? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @api_key), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @api_key), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @api_key), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @api_key), :avo_destroy? - end -end diff --git a/test/policies/api_key_rubygem_scope_policy_test.rb b/test/policies/api_key_rubygem_scope_policy_test.rb deleted file mode 100644 index 5a4e9f46ac6..00000000000 --- a/test/policies/api_key_rubygem_scope_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class ApiKeyRubygemScopePolicyTest < ActiveSupport::TestCase - setup do - @scope = FactoryBot.create(:api_key_rubygem_scope) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@scope], Pundit.policy_scope!( - @admin, - ApiKeyRubygemScope - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, ApiKeyRubygemScope), :avo_index? - refute_predicate Pundit.policy!(@non_admin, ApiKeyRubygemScope), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @scope), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @scope), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, ApiKeyRubygemScope), :avo_create? - refute_predicate Pundit.policy!(@non_admin, ApiKeyRubygemScope), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @scope), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @scope), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @scope), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @scope), :avo_destroy? - end -end diff --git a/test/policies/deletion_policy_test.rb b/test/policies/deletion_policy_test.rb deleted file mode 100644 index f6c2f8b5553..00000000000 --- a/test/policies/deletion_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class DeletionPolicyTest < ActiveSupport::TestCase - setup do - @version = create(:version) - @deletion = Deletion.create!(version: @version, user: create(:user)) - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@deletion], Pundit.policy_scope!( - @admin, - Deletion - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, Deletion), :avo_index? - refute_predicate Pundit.policy!(@non_admin, Deletion), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @deletion), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @deletion), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, Deletion), :avo_create? - refute_predicate Pundit.policy!(@non_admin, Deletion), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @deletion), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @deletion), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @deletion), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @deletion), :avo_destroy? - end -end diff --git a/test/policies/gem_name_reservation_policy_test.rb b/test/policies/gem_name_reservation_policy_test.rb deleted file mode 100644 index 77e42a5658c..00000000000 --- a/test/policies/gem_name_reservation_policy_test.rb +++ /dev/null @@ -1,39 +0,0 @@ -require "test_helper" - -class GemNameReservationPolicyTest < ActiveSupport::TestCase - setup do - @scope = create(:gem_name_reservation) - @admin = create(:admin_github_user, :is_admin) - end - - def test_scope - assert_equal [@scope], Pundit.policy_scope!( - @admin, - GemNameReservation - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, GemNameReservation), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, GemNameReservation), :avo_show? - end - - def test_avo_create - assert_predicate Pundit.policy!(@admin, GemNameReservation), :avo_create? - end - - def test_avo_destroy - assert_predicate Pundit.policy!(@admin, GemNameReservation), :avo_destroy? - end - - def test_avo_search - assert_predicate Pundit.policy!(@admin, GemNameReservation), :avo_search? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, GemNameReservation), :avo_update? - end -end diff --git a/test/policies/gem_typo_exception_policy_test.rb b/test/policies/gem_typo_exception_policy_test.rb deleted file mode 100644 index 795827e49c9..00000000000 --- a/test/policies/gem_typo_exception_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class GemTypoExceptionPolicyTest < ActiveSupport::TestCase - setup do - @exception = create(:gem_typo_exception) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@exception], Pundit.policy_scope!( - @admin, - GemTypoException - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, GemTypoException), :avo_index? - refute_predicate Pundit.policy!(@non_admin, GemTypoException), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @exception), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @exception), :avo_show? - end - - def test_avo_create - assert_predicate Pundit.policy!(@admin, GemTypoException), :avo_create? - refute_predicate Pundit.policy!(@non_admin, GemTypoException), :avo_create? - end - - def test_avo_update - assert_predicate Pundit.policy!(@admin, @exception), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @exception), :avo_update? - end - - def test_avo_destroy - assert_predicate Pundit.policy!(@admin, @exception), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @exception), :avo_destroy? - end -end diff --git a/test/policies/geoip_info_policy_test.rb b/test/policies/geoip_info_policy_test.rb deleted file mode 100644 index 452f55f816c..00000000000 --- a/test/policies/geoip_info_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class GeoipInfoPolicyTest < ActiveSupport::TestCase - setup do - @geoip_info = create(:geoip_info) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@geoip_info], Pundit.policy_scope!( - @admin, - GeoipInfo - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, GeoipInfo), :avo_index? - refute_predicate Pundit.policy!(@non_admin, GeoipInfo), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @geoip_info), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @geoip_info), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, GeoipInfo), :avo_create? - refute_predicate Pundit.policy!(@non_admin, GeoipInfo), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @geoip_info), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @geoip_info), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @geoip_info), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @geoip_info), :avo_destroy? - end -end diff --git a/test/policies/link_verification_policy_test.rb b/test/policies/link_verification_policy_test.rb deleted file mode 100644 index 58a81f5d22a..00000000000 --- a/test/policies/link_verification_policy_test.rb +++ /dev/null @@ -1,44 +0,0 @@ -require "test_helper" - -class LinkVerificationPolicyTest < ActiveSupport::TestCase - setup do - @verification = create(:link_verification) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - home_verification = @verification.linkable.link_verifications.for_uri(@verification.linkable.linkset.home).sole - - assert_equal [home_verification, @verification], Pundit.policy_scope!( - @admin, - LinkVerification - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, LinkVerification), :avo_index? - refute_predicate Pundit.policy!(@non_admin, LinkVerification), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @verification), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @verification), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, LinkVerification), :avo_create? - refute_predicate Pundit.policy!(@non_admin, LinkVerification), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @verification), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @verification), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @verification), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @verification), :avo_destroy? - end -end diff --git a/test/policies/linkset_policy_test.rb b/test/policies/linkset_policy_test.rb deleted file mode 100644 index 6697ebaba45..00000000000 --- a/test/policies/linkset_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class LinksetPolicyTest < ActiveSupport::TestCase - setup do - @linkset = FactoryBot.create(:rubygem).linkset - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@linkset], Pundit.policy_scope!( - @admin, - Linkset - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, Linkset), :avo_index? - refute_predicate Pundit.policy!(@non_admin, Linkset), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @linkset), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @linkset), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, Linkset), :avo_create? - refute_predicate Pundit.policy!(@non_admin, Linkset), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @linkset), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @linkset), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @linkset), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @linkset), :avo_destroy? - end -end diff --git a/test/policies/log_ticket_policy_test.rb b/test/policies/log_ticket_policy_test.rb deleted file mode 100644 index 416e10c127f..00000000000 --- a/test/policies/log_ticket_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class LogTicketPolicyTest < ActiveSupport::TestCase - setup do - @log_ticket = FactoryBot.create(:log_ticket) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@log_ticket], Pundit.policy_scope!( - @admin, - LogTicket - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_index? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @log_ticket), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @log_ticket), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_create? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @log_ticket), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @log_ticket), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @log_ticket), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @log_ticket), :avo_destroy? - end -end diff --git a/test/policies/maintenance_tasks/run_policy_test.rb b/test/policies/maintenance_tasks/run_policy_test.rb deleted file mode 100644 index 8879fdcaa47..00000000000 --- a/test/policies/maintenance_tasks/run_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class MaintenanceTasks::RunPolicyTest < ActiveSupport::TestCase - setup do - @run = create(:maintenance_tasks_run) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@run], Pundit.policy_scope!( - @admin, - MaintenanceTasks::Run - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, MaintenanceTasks::Run), :avo_index? - refute_predicate Pundit.policy!(@non_admin, MaintenanceTasks::Run), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @run), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @run), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, MaintenanceTasks::Run), :avo_create? - refute_predicate Pundit.policy!(@non_admin, MaintenanceTasks::Run), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @run), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @run), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @run), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @run), :avo_destroy? - end -end diff --git a/test/policies/oidc/api_key_role_policy_test.rb b/test/policies/oidc/api_key_role_policy_test.rb deleted file mode 100644 index ab590a2533d..00000000000 --- a/test/policies/oidc/api_key_role_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::ApiKeyRolePolicyTest < ActiveSupport::TestCase - setup do - @api_key_role = FactoryBot.create(:oidc_api_key_role) - - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@api_key_role], Pundit.policy_scope!( - @admin, - OIDC::ApiKeyRole - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::ApiKeyRole), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::ApiKeyRole), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @api_key_role), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @api_key_role), :avo_show? - end - - def test_avo_create - assert_predicate Pundit.policy!(@admin, OIDC::ApiKeyRole), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::ApiKeyRole), :avo_create? - end - - def test_avo_update - assert_predicate Pundit.policy!(@admin, @api_key_role), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @api_key_role), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @api_key_role), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @api_key_role), :avo_destroy? - end -end diff --git a/test/policies/oidc/id_token_policy_test.rb b/test/policies/oidc/id_token_policy_test.rb deleted file mode 100644 index 9b5c4ad7790..00000000000 --- a/test/policies/oidc/id_token_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::IdTokenPolicyTest < ActiveSupport::TestCase - setup do - @id_token = FactoryBot.create(:oidc_id_token) - - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@id_token], Pundit.policy_scope!( - @admin, - OIDC::IdToken - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::IdToken), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::IdToken), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @id_token), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @id_token), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, OIDC::IdToken), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::IdToken), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @id_token), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @id_token), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @id_token), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @id_token), :avo_destroy? - end -end diff --git a/test/policies/oidc/pending_trusted_publisher_policy_test.rb b/test/policies/oidc/pending_trusted_publisher_policy_test.rb deleted file mode 100644 index 74c921e3bdd..00000000000 --- a/test/policies/oidc/pending_trusted_publisher_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::PendingTrustedPublisherPolicyTest < ActiveSupport::TestCase - setup do - @pending_trusted_publisher = create(:oidc_pending_trusted_publisher) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@pending_trusted_publisher], Pundit.policy_scope!( - @admin, - OIDC::PendingTrustedPublisher - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::PendingTrustedPublisher), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::PendingTrustedPublisher), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @pending_trusted_publisher), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @pending_trusted_publisher), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, OIDC::PendingTrustedPublisher), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::PendingTrustedPublisher), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @pending_trusted_publisher), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @pending_trusted_publisher), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @pending_trusted_publisher), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @pending_trusted_publisher), :avo_destroy? - end -end diff --git a/test/policies/oidc/provider_policy_test.rb b/test/policies/oidc/provider_policy_test.rb deleted file mode 100644 index 6789c0b3c0c..00000000000 --- a/test/policies/oidc/provider_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::ProviderPolicyTest < ActiveSupport::TestCase - setup do - @provider = FactoryBot.create(:oidc_provider) - - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@provider], Pundit.policy_scope!( - @admin, - OIDC::Provider - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::Provider), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::Provider), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @provider), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @provider), :avo_show? - end - - def test_avo_create - assert_predicate Pundit.policy!(@admin, OIDC::Provider), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::Provider), :avo_create? - end - - def test_avo_update - assert_predicate Pundit.policy!(@admin, @provider), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @provider), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @provider), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @provider), :avo_destroy? - end -end diff --git a/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb b/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb deleted file mode 100644 index 1ec4e6c33cc..00000000000 --- a/test/policies/oidc/rubygem_trusted_publisher_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::RubygemTrustedPublisherPolicyTest < ActiveSupport::TestCase - setup do - @rubygem_trusted_publisher = create(:oidc_rubygem_trusted_publisher) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@rubygem_trusted_publisher], Pundit.policy_scope!( - @admin, - OIDC::RubygemTrustedPublisher - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::RubygemTrustedPublisher), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::RubygemTrustedPublisher), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @rubygem_trusted_publisher), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @rubygem_trusted_publisher), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, OIDC::RubygemTrustedPublisher), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::RubygemTrustedPublisher), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @rubygem_trusted_publisher), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @rubygem_trusted_publisher), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @rubygem_trusted_publisher), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @rubygem_trusted_publisher), :avo_destroy? - end -end diff --git a/test/policies/oidc/trusted_publisher/github_action_policy_test.rb b/test/policies/oidc/trusted_publisher/github_action_policy_test.rb deleted file mode 100644 index 4d00f78ab02..00000000000 --- a/test/policies/oidc/trusted_publisher/github_action_policy_test.rb +++ /dev/null @@ -1,42 +0,0 @@ -require "test_helper" - -class OIDC::TrustedPublisher::GitHubActionPolicyTest < ActiveSupport::TestCase - setup do - @trusted_publisher_github_action = create(:oidc_trusted_publisher_github_action) - - @admin = create(:admin_github_user, :is_admin) - @non_admin = create(:admin_github_user) - end - - def test_scope - assert_equal [@trusted_publisher_github_action], Pundit.policy_scope!( - @admin, - OIDC::TrustedPublisher::GitHubAction - ).to_a - end - - def test_avo_index - assert_predicate Pundit.policy!(@admin, OIDC::TrustedPublisher::GitHubAction), :avo_index? - refute_predicate Pundit.policy!(@non_admin, OIDC::TrustedPublisher::GitHubAction), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @trusted_publisher_github_action), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @trusted_publisher_github_action), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, OIDC::TrustedPublisher::GitHubAction), :avo_create? - refute_predicate Pundit.policy!(@non_admin, OIDC::TrustedPublisher::GitHubAction), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @trusted_publisher_github_action), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @trusted_publisher_github_action), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @trusted_publisher_github_action), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @trusted_publisher_github_action), :avo_destroy? - end -end diff --git a/test/policies/ownership_policy_test.rb b/test/policies/ownership_policy_test.rb deleted file mode 100644 index 4232efed171..00000000000 --- a/test/policies/ownership_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class OwnershipPolicyTest < ActiveSupport::TestCase - setup do - @ownership = FactoryBot.create(:ownership) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@ownership], Pundit.policy_scope!( - @admin, - Ownership - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, Ownership), :avo_index? - refute_predicate Pundit.policy!(@non_admin, Ownership), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @ownership), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @ownership), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, Ownership), :avo_create? - refute_predicate Pundit.policy!(@non_admin, Ownership), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @ownership), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @ownership), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @ownership), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @ownership), :avo_destroy? - end -end diff --git a/test/policies/rubygem_policy_test.rb b/test/policies/rubygem_policy_test.rb deleted file mode 100644 index ada55a56753..00000000000 --- a/test/policies/rubygem_policy_test.rb +++ /dev/null @@ -1,18 +0,0 @@ -require "test_helper" - -class RubygemPolicyTest < ActiveSupport::TestCase - def test_scope - end - - def test_show - end - - def test_create - end - - def test_update - end - - def test_destroy - end -end diff --git a/test/policies/sendgrid_event_policy_test.rb b/test/policies/sendgrid_event_policy_test.rb deleted file mode 100644 index 9f699ef2bc5..00000000000 --- a/test/policies/sendgrid_event_policy_test.rb +++ /dev/null @@ -1,46 +0,0 @@ -require "test_helper" - -class SendgridEventPolicyTest < ActiveSupport::TestCase - setup do - @sendgrid_event = FactoryBot.create(:sendgrid_event) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@sendgrid_event], Pundit.policy_scope!( - @admin, - SendgridEvent - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_index? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @sendgrid_event), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @sendgrid_event), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_create? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @sendgrid_event), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @sendgrid_event), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @sendgrid_event), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @sendgrid_event), :avo_destroy? - end - - def test_act_on - refute_predicate Pundit.policy!(@admin, @sendgrid_event), :act_on? - refute_predicate Pundit.policy!(@non_admin, @sendgrid_event), :act_on? - end -end diff --git a/test/policies/web_hook_policy_test.rb b/test/policies/web_hook_policy_test.rb deleted file mode 100644 index ff7f2193101..00000000000 --- a/test/policies/web_hook_policy_test.rb +++ /dev/null @@ -1,46 +0,0 @@ -require "test_helper" - -class WebHookPolicyTest < ActiveSupport::TestCase - setup do - @web_hook = FactoryBot.create(:web_hook) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@web_hook], Pundit.policy_scope!( - @admin, - WebHook - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_index? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @web_hook), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @web_hook), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, ApiKey), :avo_create? - refute_predicate Pundit.policy!(@non_admin, ApiKey), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @web_hook), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @web_hook), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @web_hook), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @web_hook), :avo_destroy? - end - - def test_act_on - assert_predicate Pundit.policy!(@admin, @web_hook), :act_on? - refute_predicate Pundit.policy!(@non_admin, @web_hook), :act_on? - end -end diff --git a/test/policies/webauthn_credential_policy_test.rb b/test/policies/webauthn_credential_policy_test.rb deleted file mode 100644 index 0d947926379..00000000000 --- a/test/policies/webauthn_credential_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class WebauthnCredentialPolicyTest < ActiveSupport::TestCase - setup do - @webauthn_credential = FactoryBot.create(:webauthn_credential) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@webauthn_credential], Pundit.policy_scope!( - @admin, - WebauthnCredential - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, WebauthnCredential), :avo_index? - refute_predicate Pundit.policy!(@non_admin, WebauthnCredential), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @webauthn_credential), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @webauthn_credential), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, WebauthnCredential), :avo_create? - refute_predicate Pundit.policy!(@non_admin, WebauthnCredential), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @webauthn_credential), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @webauthn_credential), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @webauthn_credential), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @webauthn_credential), :avo_destroy? - end -end diff --git a/test/policies/webauthn_verification_policy_test.rb b/test/policies/webauthn_verification_policy_test.rb deleted file mode 100644 index 3afef2dc596..00000000000 --- a/test/policies/webauthn_verification_policy_test.rb +++ /dev/null @@ -1,41 +0,0 @@ -require "test_helper" - -class WebauthnVerificationPolicyTest < ActiveSupport::TestCase - setup do - @webauthn_verification = FactoryBot.create(:webauthn_verification) - @admin = FactoryBot.create(:admin_github_user, :is_admin) - @non_admin = FactoryBot.create(:admin_github_user) - end - - def test_scope - assert_equal [@webauthn_verification], Pundit.policy_scope!( - @admin, - WebauthnVerification - ).to_a - end - - def test_avo_index - refute_predicate Pundit.policy!(@admin, WebauthnVerification), :avo_index? - refute_predicate Pundit.policy!(@non_admin, WebauthnVerification), :avo_index? - end - - def test_avo_show - assert_predicate Pundit.policy!(@admin, @webauthn_verification), :avo_show? - refute_predicate Pundit.policy!(@non_admin, @webauthn_verification), :avo_show? - end - - def test_avo_create - refute_predicate Pundit.policy!(@admin, WebauthnVerification), :avo_create? - refute_predicate Pundit.policy!(@non_admin, WebauthnVerification), :avo_create? - end - - def test_avo_update - refute_predicate Pundit.policy!(@admin, @webauthn_verification), :avo_update? - refute_predicate Pundit.policy!(@non_admin, @webauthn_verification), :avo_update? - end - - def test_avo_destroy - refute_predicate Pundit.policy!(@admin, @webauthn_verification), :avo_destroy? - refute_predicate Pundit.policy!(@non_admin, @webauthn_verification), :avo_destroy? - end -end diff --git a/test/system/avo/manual_changes_test.rb b/test/system/avo/manual_changes_test.rb index ccd71e75855..ad990b0bf1a 100644 --- a/test/system/avo/manual_changes_test.rb +++ b/test/system/avo/manual_changes_test.rb @@ -28,9 +28,9 @@ def sign_in_as(user) admin_user = create(:admin_github_user, :is_admin) sign_in_as admin_user - LogTicketPolicy.any_instance.stubs(:avo_create?).returns(true) - LogTicketPolicy.any_instance.stubs(:avo_update?).returns(true) - LogTicketPolicy.any_instance.stubs(:avo_destroy?).returns(true) + Admin::LogTicketPolicy.any_instance.stubs(:avo_create?).returns(true) + Admin::LogTicketPolicy.any_instance.stubs(:avo_update?).returns(true) + Admin::LogTicketPolicy.any_instance.stubs(:avo_destroy?).returns(true) visit avo.resources_log_tickets_path click_on "Create new log ticket" diff --git a/test/test_helper.rb b/test/test_helper.rb index b7b64ce1f5b..d424e235f6c 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -224,6 +224,41 @@ class SystemTest < ActionDispatch::IntegrationTest end end +class AdminPolicyTestCase < ActiveSupport::TestCase + def setup + @authorization_client = Admin::AuthorizationClient.new + end + + def assert_authorizes(user, record, action) + assert @authorization_client.authorize(user, record, action, policy_class: policy_class) + rescue Avo::NotAuthorizedError + policy_class ||= policy!(user, record).class + + flunk("Expected #{policy_class} to authorize #{action} on #{record} for #{user}") + end + + def refute_authorizes(user, record, action) + @authorization_client.authorize(user, record, action, policy_class: policy_class) + policy_class ||= policy!(user, record).class + + flunk("Expected #{policy_class} not to authorize #{action} on #{record} for #{user}") + rescue Avo::NotAuthorizedError + # Expected + end + + def policy_class + nil + end + + def policy!(user, record) + @authorization_client.policy!(user, record) + end + + def policy_scope!(user, record) + @authorization_client.apply_policy(user, record, policy_class: policy_class) + end +end + class ComponentTest < ActiveSupport::TestCase include Phlex::Testing::Rails::ViewHelper include Capybara::Minitest::Assertions From 887f4ab6fb2f2d8f55fa07c068cc969a8e2312ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 14:22:11 +0000 Subject: [PATCH 54/60] Bump ddtrace from 1.23.0 to 1.23.1 Bumps [ddtrace](https://github.com/DataDog/dd-trace-rb) from 1.23.0 to 1.23.1. - [Release notes](https://github.com/DataDog/dd-trace-rb/releases) - [Changelog](https://github.com/DataDog/dd-trace-rb/blob/master/CHANGELOG.md) - [Commits](https://github.com/DataDog/dd-trace-rb/compare/v1.23.0...v1.23.1) --- updated-dependencies: - dependency-name: ddtrace dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c89e64ae8a6..c954f11834e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -190,7 +190,7 @@ GEM datadog-ci (0.8.3) msgpack date (3.3.4) - ddtrace (1.23.0) + ddtrace (1.23.1) datadog-ci (~> 0.8.1) debase-ruby_core_source (= 3.3.1) libdatadog (~> 7.0.0.1.0) @@ -243,7 +243,7 @@ GEM faraday_middleware-aws-sigv4 (1.0.1) aws-sigv4 (~> 1.0) faraday (>= 2.0, < 3) - ffi (1.16.3) + ffi (1.17.0) ffi-compiler (1.3.2) ffi (>= 1.15.5) rake @@ -936,7 +936,7 @@ CHECKSUMS dartsass-sprockets (3.1.0) sha256=c238ec9f7f496489ac5a7813cd1f83d1e077a1826921acefc7e290a521b7a20a datadog-ci (0.8.3) sha256=6e78c03aa2524476dc99b969a7c3154195d1d84a912a21707e7f5c17783e03f9 date (3.3.4) sha256=971f2cb66b945bcbea4ddd9c7908c9400b31a71bc316833cb42fa584b59d3291 - ddtrace (1.23.0) sha256=e966fa6667e5365e727643f743c62a1ebdb3a9d04735418bef38baeb8e5244db + ddtrace (1.23.1) sha256=44634a5c5c693f3e49f8db0b18d9a0815c2d887e767d3b0967d5187bb6413e50 dead_end (4.0.0) sha256=695c8438993bb4c5415b1618a1b6e0afcae849ef2812fb8cb3846723904307eb debase-ruby_core_source (3.3.1) sha256=ed904cae290edf0cf274ad707f8981bf1cefad8081e78d4bb71be2a483bc2c08 derailed_benchmarks (2.1.2) sha256=eaadc6206ceeb5538ff8f5e04a0023d54ebdd95d04f33e8960fb95a5f189a14f @@ -959,7 +959,7 @@ CHECKSUMS faraday-net_http (3.1.0) sha256=1627be414960d0131691190ff524506ba6607402a50fb6eccda9e64ca60f859f faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608 faraday_middleware-aws-sigv4 (1.0.1) sha256=a001ea4f687ca1c60bad8f2a627196905ce3dbf285e461dc153240e92eaabe8f - ffi (1.16.3) sha256=6d3242ff10c87271b0675c58d68d3f10148fabc2ad6da52a18123f06078871fb + ffi (1.17.0) sha256=51630e43425078311c056ca75f961bb3bda1641ab36e44ad4c455e0b0e4a231c ffi-compiler (1.3.2) sha256=a94f3d81d12caf5c5d4ecf13980a70d0aeaa72268f3b9cc13358bcc6509184a0 fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9 get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba From da80c2db007c971e709d346f4bbf3e477ea55ffe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 14:23:09 +0000 Subject: [PATCH 55/60] Bump faraday from 2.9.0 to 2.9.1 Bumps [faraday](https://github.com/lostisland/faraday) from 2.9.0 to 2.9.1. - [Release notes](https://github.com/lostisland/faraday/releases) - [Changelog](https://github.com/lostisland/faraday/blob/main/CHANGELOG.md) - [Commits](https://github.com/lostisland/faraday/compare/v2.9.0...v2.9.1) --- updated-dependencies: - dependency-name: faraday dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c89e64ae8a6..62ca477071c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -232,7 +232,7 @@ GEM factory_bot_rails (6.4.3) factory_bot (~> 6.4) railties (>= 5.0.0) - faraday (2.9.0) + faraday (2.9.1) faraday-net_http (>= 2.0, < 3.2) faraday-follow_redirects (0.3.0) faraday (>= 1, < 3) @@ -954,7 +954,7 @@ CHECKSUMS execjs (2.9.1) sha256=e8fd066f6df60c8e8fbebc32c6fb356b5212c77374e8416a9019ca4bb154dcfb factory_bot (6.4.5) sha256=d71dd29bc95f0ec2bf27e3dd9b1b4d557bd534caca744663cb7db4bacf3198be factory_bot_rails (6.4.3) sha256=ea73ceac1c0ff3dc11fff390bf2ea8a2604066525ed8ecd3b3bc2c267226dcc8 - faraday (2.9.0) sha256=1aa114507006eed6779a726b932d5cc12f5f6053984a19a3403539306b0e0be3 + faraday (2.9.1) sha256=8ffbc8aaa28509dc31edd57f27a9e49250a283caf0d04090667a3264895b168a faraday-follow_redirects (0.3.0) sha256=d92d975635e2c7fe525dd494fcd4b9bb7f0a4a0ec0d5f4c15c729530fdb807f9 faraday-net_http (3.1.0) sha256=1627be414960d0131691190ff524506ba6607402a50fb6eccda9e64ca60f859f faraday-retry (2.2.1) sha256=4146fed14549c0580bf14591fca419a40717de0dd24f267a8ec2d9a728677608 From 1a0ab3e9273793cf23a88719aada371c239978d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 14:24:19 +0000 Subject: [PATCH 56/60] Bump aws-sdk-sqs from 1.74.0 to 1.75.0 Bumps [aws-sdk-sqs](https://github.com/aws/aws-sdk-ruby) from 1.74.0 to 1.75.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-sqs/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-sqs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Gemfile b/Gemfile index af269e9232e..022515d5059 100644 --- a/Gemfile +++ b/Gemfile @@ -6,7 +6,7 @@ gem "rails", "~> 7.1.0", ">= 7.1.3.2" gem "rails-i18n", "~> 7.0" gem "aws-sdk-s3", "~> 1.151" -gem "aws-sdk-sqs", "~> 1.74" +gem "aws-sdk-sqs", "~> 1.75" gem "bootsnap", "~> 1.18" gem "clearance", "~> 2.7" gem "dalli", "~> 3.2" diff --git a/Gemfile.lock b/Gemfile.lock index c89e64ae8a6..aa6ab3d86f8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,8 +110,8 @@ GEM zeitwerk (>= 2.6.2) awrence (1.2.1) aws-eventstream (1.3.0) - aws-partitions (1.930.0) - aws-sdk-core (3.196.1) + aws-partitions (1.940.0) + aws-sdk-core (3.197.0) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) @@ -123,8 +123,8 @@ GEM aws-sdk-core (~> 3, >= 3.194.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) - aws-sdk-sqs (1.74.0) - aws-sdk-core (~> 3, >= 3.193.0) + aws-sdk-sqs (1.75.0) + aws-sdk-core (~> 3, >= 3.197.0) aws-sigv4 (~> 1.1) aws-sigv4 (1.8.0) aws-eventstream (~> 1, >= 1.0.2) @@ -768,7 +768,7 @@ DEPENDENCIES autoprefixer-rails (~> 10.4) avo (~> 2.51) aws-sdk-s3 (~> 1.151) - aws-sdk-sqs (~> 1.74) + aws-sdk-sqs (~> 1.75) bcrypt (~> 3.1) bootsnap (~> 1.18) brakeman (~> 6.1) @@ -898,11 +898,11 @@ CHECKSUMS avo (2.51.0) sha256=0d5785cda01b5b0d2575e7419cda4dc7a5d7805068f160d48ecc7458ee74ec03 awrence (1.2.1) sha256=dd1d214c12a91f449d1ef81d7ee3babc2816944e450752e7522c65521872483e aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f - aws-partitions (1.930.0) sha256=6cfce1550e3586813dc2765bd5b95c59e7471739f417d9c66f742750dca3994b - aws-sdk-core (3.196.1) sha256=e36bfec78d841041acb4424a728e35fc2c324e4ee6f07e1c301bbdf4c69d8438 + aws-partitions (1.940.0) sha256=ee8561e842a40755ed485970a0c7c1598f48a4b2516593cec45f72e2408c8f14 + aws-sdk-core (3.197.0) sha256=34c44883d3cc91ada382f6ecab981a1b7ede9a1ec47cf8eb2eaa3ee46035db90 aws-sdk-kms (1.81.0) sha256=b15dd1e840756a13f27d4f3d8308571f97a4902e0a21c753ea9be14138a4f496 aws-sdk-s3 (1.151.0) sha256=9e40e64f3ea112b33fdbb0416b6b44247372b983f6a7a9c30fa9b5627a4f7008 - aws-sdk-sqs (1.74.0) sha256=cc4951b044803a7e6ad51d4e24f4c182dbca404afc6528183f207de4be1f1bda + aws-sdk-sqs (1.75.0) sha256=b5895960a731acc2284dee9aefe63e3989d0ca4f506706712aff303e00680b9a aws-sigv4 (1.8.0) sha256=84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507 bcrypt (3.1.20) sha256=8410f8c7b3ed54a3c00cd2456bf13917d695117f033218e2483b2e40b0784099 From 84ce71fa3edbae98a9e35a09055238b12147e737 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 6 Jun 2024 23:00:58 +0000 Subject: [PATCH 57/60] Bump aws-sdk-s3 from 1.151.0 to 1.152.0 Bumps [aws-sdk-s3](https://github.com/aws/aws-sdk-ruby) from 1.151.0 to 1.152.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-sdk-s3/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-sdk-s3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Gemfile | 2 +- Gemfile.lock | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index 022515d5059..5758ba799ee 100644 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ ruby file: ".ruby-version" gem "rails", "~> 7.1.0", ">= 7.1.3.2" gem "rails-i18n", "~> 7.0" -gem "aws-sdk-s3", "~> 1.151" +gem "aws-sdk-s3", "~> 1.152" gem "aws-sdk-sqs", "~> 1.75" gem "bootsnap", "~> 1.18" gem "clearance", "~> 2.7" diff --git a/Gemfile.lock b/Gemfile.lock index ffb96395b46..f9ed5fb9425 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -116,11 +116,11 @@ GEM aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.8) jmespath (~> 1, >= 1.6.1) - aws-sdk-kms (1.81.0) - aws-sdk-core (~> 3, >= 3.193.0) + aws-sdk-kms (1.83.0) + aws-sdk-core (~> 3, >= 3.197.0) aws-sigv4 (~> 1.1) - aws-sdk-s3 (1.151.0) - aws-sdk-core (~> 3, >= 3.194.0) + aws-sdk-s3 (1.152.0) + aws-sdk-core (~> 3, >= 3.197.0) aws-sdk-kms (~> 1) aws-sigv4 (~> 1.8) aws-sdk-sqs (1.75.0) @@ -767,7 +767,7 @@ DEPENDENCIES amazing_print (~> 1.6) autoprefixer-rails (~> 10.4) avo (~> 2.51) - aws-sdk-s3 (~> 1.151) + aws-sdk-s3 (~> 1.152) aws-sdk-sqs (~> 1.75) bcrypt (~> 3.1) bootsnap (~> 1.18) @@ -900,8 +900,8 @@ CHECKSUMS aws-eventstream (1.3.0) sha256=f1434cc03ab2248756eb02cfa45e900e59a061d7fbdc4a9fd82a5dd23d796d3f aws-partitions (1.940.0) sha256=ee8561e842a40755ed485970a0c7c1598f48a4b2516593cec45f72e2408c8f14 aws-sdk-core (3.197.0) sha256=34c44883d3cc91ada382f6ecab981a1b7ede9a1ec47cf8eb2eaa3ee46035db90 - aws-sdk-kms (1.81.0) sha256=b15dd1e840756a13f27d4f3d8308571f97a4902e0a21c753ea9be14138a4f496 - aws-sdk-s3 (1.151.0) sha256=9e40e64f3ea112b33fdbb0416b6b44247372b983f6a7a9c30fa9b5627a4f7008 + aws-sdk-kms (1.83.0) sha256=1c9c875a52bd36e62828aae454c3f42b77a61b118d8414ee66dbbe0c69ec16bf + aws-sdk-s3 (1.152.0) sha256=f502f292b691ea45db0b4ac8f04ff54ed5625d647340f93c7e1b4a91ea08d720 aws-sdk-sqs (1.75.0) sha256=b5895960a731acc2284dee9aefe63e3989d0ca4f506706712aff303e00680b9a aws-sigv4 (1.8.0) sha256=84dd99768b91b93b63d1d8e53ee837cfd06ab402812772a7899a78f9f9117cbc base64 (0.2.0) sha256=0f25e9b21a02a0cc0cea8ef92b2041035d39350946e8789c562b2d1a3da01507 From ca88c2620382da81280f8e6654e223ab660fde1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 02:28:56 +0000 Subject: [PATCH 58/60] Bump sprockets-rails from 3.4.2 to 3.5.0 (#4765) --- Gemfile | 2 +- Gemfile.lock | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile b/Gemfile index 5758ba799ee..e44b9aa0360 100644 --- a/Gemfile +++ b/Gemfile @@ -76,7 +76,7 @@ gem "csv", "~> 3.3" # zeitwerk-2.6.12 gem "observer", "~> 0.1.2" # launchdarkly-server-sdk-8.0.0 # Assets -gem "sprockets-rails", "~> 3.4" +gem "sprockets-rails", "~> 3.5" gem "importmap-rails", "~> 2.0" gem "stimulus-rails", "~> 1.3" # this adds stimulus-loading.js so it must be available at runtime diff --git a/Gemfile.lock b/Gemfile.lock index f9ed5fb9425..cd91840f971 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -678,9 +678,9 @@ GEM sprockets (4.2.1) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) + sprockets-rails (3.5.0) + actionpack (>= 6.1) + activesupport (>= 6.1) sprockets (>= 3.0.0) statsd-instrument (3.7.0) stimulus-rails (1.3.3) @@ -857,7 +857,7 @@ DEPENDENCIES shoulda-matchers (~> 6.2) simplecov (~> 0.22) simplecov-cobertura (~> 2.1) - sprockets-rails (~> 3.4) + sprockets-rails (~> 3.5) statsd-instrument (~> 3.7) stimulus-rails (~> 1.3) strong_migrations (~> 1.8) @@ -1126,7 +1126,7 @@ CHECKSUMS simplecov_json_formatter (0.1.4) sha256=529418fbe8de1713ac2b2d612aa3daa56d316975d307244399fa4838c601b428 snaky_hash (2.0.1) sha256=1ac87ec157fcfe7a460e821e0cd48ae1e6f5e3e082ab520f03f31a9259dbdc31 sprockets (4.2.1) sha256=951b13dd2f2fcae840a7184722689a803e0ff9d2702d902bd844b196da773f97 - sprockets-rails (3.4.2) sha256=36d6327757ccf7460a00d1d52b2d5ef0019a4670503046a129fa1fb1300931ad + sprockets-rails (3.5.0) sha256=9d26058fe90d0f47fdaac13c0059110d5f959c08c4f90e8dd4cb34b3d90f2003 statsd-instrument (3.7.0) sha256=071eb94be7af7f529da45528ab4e3d96976fcdc8f4afd198ef2057b6b7987491 stimulus-rails (1.3.3) sha256=4d1f9ab1d64e605f4c9cdd4cc530a9538b510606d32d02249d106256845c562c stringio (3.1.0) sha256=c1f6263ae03a15025e51194ab19b06b15e06adcaaedb7f5f6c06ab60f5d67718 From 3711e44d2ef0f607203fe7a34c8a927d61d5f306 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 02:29:16 +0000 Subject: [PATCH 59/60] Bump good_job from 3.29.2 to 3.29.3 (#4766) --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index cd91840f971..0e8cbed3983 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -254,7 +254,7 @@ GEM ffi (~> 1.0) globalid (1.2.1) activesupport (>= 6.1) - good_job (3.29.2) + good_job (3.29.3) activejob (>= 6.0.0) activerecord (>= 6.0.0) concurrent-ruby (>= 1.0.2) @@ -964,7 +964,7 @@ CHECKSUMS fugit (1.11.0) sha256=addc9cd3031611921d1dbac094de3a645bc8858828639fd035c9cedd3b460bb9 get_process_mem (0.2.7) sha256=4afd3c3641dd6a817c09806c7d6d509d8a9984512ac38dea8b917426bbf77eba globalid (1.2.1) sha256=70bf76711871f843dbba72beb8613229a49429d1866828476f9c9d6ccc327ce9 - good_job (3.29.2) sha256=a9e3854a103cf0b64334b248fdfb813cbf07d62a96e65b07134d4c2f4d48b994 + good_job (3.29.3) sha256=9ee44573af5195068d57078627c1e7a9b2bd415412f7efe13a228f04fe507d73 google-protobuf (4.27.0) sha256=5e679347abc4721a3346913b8f69640a4ee13e0105d605b1da226b25346cd88d gravtastic (3.2.6) sha256=ef98abcecf7c402b61cff1ae7c50a2c6d97dd22bac21ea9b421ce05bc03d734f groupdate (6.4.0) sha256=65940645bf2a48f9b2d10ab7a1d19bdc78f3c89559d8fce39cea3448a15aec54 From 47d6705351e04961076e208cdfe3898959571480 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 02:29:28 +0000 Subject: [PATCH 60/60] Bump tailwindcss-rails from 2.6.0 to 2.6.1 (#4770) --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 0e8cbed3983..2e063e7a03b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -694,7 +694,7 @@ GEM attr_required (>= 0.0.5) faraday (~> 2.0) faraday-follow_redirects - tailwindcss-rails (2.6.0) + tailwindcss-rails (2.6.1) railties (>= 7.0.0) terser (1.2.2) execjs (>= 0.3.0, < 3) @@ -1133,7 +1133,7 @@ CHECKSUMS strong_migrations (1.8.0) sha256=18de155ebcddf44e60e74f9a6c0b4bfd2d1e576dfe1c67f4aafc4ec5b0442f5d strscan (3.1.0) sha256=01b8a81d214fbf7b5308c6fb51b5972bbfc4a6aa1f166fd3618ba97e0fcd5555 swd (2.0.3) sha256=4cdbe2a4246c19f093fce22e967ec3ebdd4657d37673672e621bf0c7eb770655 - tailwindcss-rails (2.6.0) sha256=1450c61d0853552017932231e37ee96539f70ac9c9ae9fcd1514915336d5365a + tailwindcss-rails (2.6.1) sha256=60e66e243761402f9ce834132f59dd6c08b6fea5987e321bd9886dd0b0ce04ac terser (1.2.2) sha256=86ddfa0de7fa8f6c8fd34ad611596f787a77e21bed3db08b90e7c30942d20288 thor (1.3.1) sha256=fa7e3471d4f6a27138e3d9c9b0d4daac9c3d7383927667ae83e9ab42ae7401ef tilt (2.3.0) sha256=82dd903d61213c63679d28e404ee8e10d1b0fdf5270f1ad0898ec314cc3e745c