references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
108,460 Commits 457 Branches 316 Tags
dev
Commit Graph

63 Commits

Author SHA1 Message Date
Dombi Attila d006b8059d Merge branch 'dev' into merge-release/17.1-20260206041730 2026-02-06 14:27:00 +02:00
Jan Sandbrink 4d305df714 Allow to use API Tokens as Bearer tokens 
We generate those tokens with a prefix, so that we
can decide by looking at a token, whether it's an API Token
or a different kind of token, so that we can decide which
code path to choose for validating the token.

The usage of access tokens as Bearer token has the usability advantage,
that you can paste them as plaintext into tools that expect you
to specify the token as a header.

Also the Basic auth approach for our old tokens usually rather caused
issues, such as browsers prompting for credentials in surprising situations.
If we were to deprecate basic authentication one day, this change today could've
been the first step towards that.
 2026-02-05 08:07:04 +01:00
Oliver Günther b718dc0430 Get rid of find_by_plaintext_value! 2026-02-04 15:16:09 +01:00
Oliver Günther 492c900bae Use stable hashed token pepper, fallback to key base 2026-02-04 15:16:09 +01:00
Oliver Günther ec298dc143 Move destruction into the autologin token and session link 2025-09-24 13:46:09 +02:00
Oliver Günther 9f028b49dd Add user validation on token 2025-09-24 13:46:09 +02:00
Oliver Günther ff4f683561 Move try_to_autologin into CurrentUser concern 2025-09-24 13:46:09 +02:00
Oliver Günther bea773764d Better interface to ExpirableToken 2025-09-24 13:46:09 +02:00
Oliver Günther f4eb39f79f Ensure token_name is unique per token class, and has a proper error message 
The token_name was only defined for the API token, which meeting token
doesn't inherit from.

Token::Named wouldn't necessarily need to be inherited from, but only
that way will AR look up the ancestors for attribute and error names.
 2025-09-03 14:06:35 +02:00
Klaus Zanders 676651afd8 Remove many case statements and move ical token into meetings module 2025-08-18 13:42:56 +02:00
Klaus Zanders 33abd7c74e Add specs for controller 2025-08-18 13:42:42 +02:00
Klaus Zanders 33e83dafdc add a new token for iCal meeting exports 2025-08-18 13:42:33 +02:00
Alexander Brandon Coles dd8ead6456 Fix missing copyright notices in app/models 2025-07-22 18:26:13 +01:00
Alexander Brandon Coles d17da65477 Freeze string literals in app/models 
rubocop -A --only Style/FrozenStringLiteralComment,Layout/EmptyLineAfterMagicComment,Style/RedundantFreeze app/models
 2025-07-22 18:26:13 +01:00
Ivan Kuchin 4911b8a149 remove years from copyrights (except for COPYRIGHT file) 2024-07-31 15:02:49 +02:00
Andreas Pfohl 6dbfb1e437 [48619] Added create and delete service for Token::API 2024-07-03 09:38:19 +02:00
Andreas Pfohl 2d81c0e172 [48619] Fixed validation message display for new API token 2024-07-03 09:38:18 +02:00
Andreas Pfohl a1dffe650a [48619] Added validation to API token 2024-07-03 09:38:17 +02:00
Andreas Pfohl aa4213f166 [48619] Added naming of new API tokens 2024-07-03 09:38:16 +02:00
Andreas Pfohl d52a0264a9 [#48619] Users are able to create multiple API access tokens 
https://community.openproject.org/work_packages/48619
 2024-07-03 09:38:16 +02:00
ulferts 3b2121f733 Revert "Merge remote-tracking branch 'origin/release/13.4' into dev" 
This reverts commit 40b2bbeb09, reversing
changes made to b4c6cb17cc.
 2024-03-21 11:31:17 +01:00
Ivan Kuchin 7787e457a3 Revert "Merge branch 'dev' into release/13.4" 
This reverts commit a901541269, reversing
changes made to e573ca00b7.
 2024-03-20 20:19:08 +01:00
Ivan Kuchin 9e4934cd0a change quotes using rubocop --only Style/StringLiterals,Style/QuotedSymbols -a 2024-03-20 18:05:22 +01:00
Dombi Attila 6b72125819 Use Rails.application.secret_key_base 2024-02-01 14:22:07 +02:00
Dombi Attila 8ffa313bb8 Fix deprecation warnings 2024-02-01 14:22:06 +02:00
Dombi Attila 739223b7e2 Remove serializer deprecation warning. 2024-02-01 14:22:04 +02:00
Christophe Bliard c795874f7f Update copyright year for 2024 
command used: `rg -l 'Copyright \(C\) 2012-202\d the OpenProject' | xargs -n 100 sed -i -r 's/Copyright \(C\) 2012-202. the OpenProject/Copyright (C) 2012-2024 the OpenProject/'`
 2024-01-02 16:23:54 +01:00
Oliver Günther 01cbb3ef1a Fix activation of invited users during sharing 
https://community.openproject.org/work_packages/51262
 2023-12-07 14:23:05 +01:00
Oliver Günther 7bfec434a4 Show autologin tokens in the my/sessions view 2023-11-23 10:45:54 +01:00
Oliver Günther 885836184a Rework autologin cookie to not be unique 2023-11-22 16:36:07 +01:00
Jonas Jabari 71ab229392 implemented review feedback from @ulferts 2023-05-30 15:18:46 +02:00
Jonas Jabari 15a9fe3901 fixed rubocop issues 2023-05-22 16:27:03 +02:00
Jonas Jabari 6c2a9ca11b consistent usage of ICal instead of Ical 2023-05-08 10:29:03 +02:00
Jonas Jabari e1fa9eaf72 finalized prototypical implementation of named ical tokens for testing purposes 2023-05-04 13:05:22 +02:00
Jonas Jabari e146ed5b20 added query scope to ical tokens based on feedback from Marc and Niels, adjusted specs accordingly 2023-04-25 15:53:19 +02:00
Jonas Jabari f6f5b9078e changed method overwrite in ICalToken class as suggested by @ulferts 2023-03-30 23:06:36 +08:00
Jonas Jabari 19c5b2d755 implemented feedback from @ulferts around ical token management and token usage 2023-03-30 16:46:57 +08:00
Jonas Jabari 1abf957c78 fixed rubocop issues outside of the calendar module introduced while working on this PR 2023-03-17 16:01:29 +08:00
Jonas Jabari a21e6c6207 introducing a new ical token which may exist n times per user 2023-02-15 18:36:50 +08:00
Christophe Bliard 21a696ef9b Update copyright information for 2023 2022-12-30 15:51:26 +01:00
Oliver Günther 7b82097ef8 Adapt token creation with added foreign key constraint 2022-10-17 12:59:24 +02:00
Christophe Bliard 48a4f1b6ad lint with rubocop --autocorrect (safe cops only) 2022-06-02 10:40:10 +02:00
Christophe Bliard a33524ef6d remove ruby magic comment for utf-8 
ruby interprets source encoding as utf-8 since 2.0.0, making magic comment redundant and useless
 2022-03-10 19:36:58 +01:00
Christophe Bliard bc8d423ec2 update copyright information for 2022 2022-03-01 17:05:59 +01:00
ulferts 89cfee203f remove usage of require_dependency 
according to the rails 6 migration guide, it should no longer be necessary: https://guides.rubyonrails.org/upgrading_ruby_on_rails.html#require-dependency
 2022-01-07 14:46:21 +01:00
Oliver Günther ccfa29c728 Move license and copyright docs to root, fix names and references 2021-09-02 21:50:46 +02:00
Markus Kahl 8c8b8bbfa7 create backups via UI (#9136) 
* create backups via UI

* Fix import of modal service

* introduced backup token and addressed remaining comments

* allow disabling permissions

* improvements

- only make user wait to use backup token in if really necessary
- notify admins of new backup token
- disable 'include attachments' option in UI if unavailable
- documentation
- misc

* spec fixes

* fixed feature spec

* allow setting capybara host in every case

* removed unused style file

* addressed review feedback, added further feature specs

* polish (code climate)

* Avoid empty attachments

* Don't raise filesize validation for internal exports

Co-authored-by: Oliver Günther <mail@oliverguenther.de>
 2021-04-28 08:51:43 +01:00
ulferts 1bdd2ab9ae safe automatic fixes by rubocop (#8994) 2021-02-11 16:02:18 +01:00
ulferts 6140f4c7e9 update copyright to 2021 (#8925) 
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.

Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
 2021-01-13 17:47:45 +01:00
Oliver Günther 740b702b08 Merge remote-tracking branch 'origin/dev' into feature/31935/ee-activation 2020-04-09 15:02:12 +02:00