https://community.openproject.org/work_packages/55643
- Add new warden authentication stategy to handle jwt issued by configured OIDC.
- Modify exisiting doorkeeper_oauth stategy to ignore jwts.
- Fill in WWW-Autheticate header with auth failure information.
- Make keycloak docker dev setup use postgres as a database.
Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded.
Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013
Grape's validation runs after a `before` block so we should avoid using
raw params there and instead using `declared(params)` which returns only
the validated whitelisted params, much like a permitted params hash.
An anonymous_fallback is introduced and registered to be the last
strategy for warden. That strategy will always apply and it will always
return the anonymous user.
The better way would be to only apply the strategy if login is not
required. That way we would still be able to return a 403 when
credentials are missing but would no longer need to have 401 handlers
outside of warden. That duplicity caused the missing header in the first
place.
It would however require us to handle the realm in the strategy and by
that increase the coupling between the strategy and the application.
[ci skip]
* read operations for time_entries via api v3
Introduces the endpoints:
* GET /api/v3/time_entries
* GET /api/v3/time_entries/:id
* GET /api/v3/time_entries/activities/:id
The index action for time entries can be queried by the following
filters:
* project_id
* user_id
* work_package_id
The implementation is exposing the database structure mostly one to one
with the exception of some renaming and the hiding of the activities'
complexity, where only the activity used systemwide is referenced
regardless of whether a project specific override exists or not.
* allow custom values for time entries
[ci skip]
Only implements the `project` filter for now which can be used to differntiate between queries from specific projects and can also be used to specify that the client is only interested in global queries
This commit introduces cached project-scoped work packages schema.
Their caches are expired on a key based on
- the Project ID
- the Type ID
- the allowed custom fields for the given project
This commit only caches schema, not form endpoints.
- one of those missing endpoints
- adapted resource spec to be closer to other resource specs
- specified error behaviour (missing permissions)
-> change: not being allowed to see a query results in 404
The mechanism was extracted from the rails stack where the locale is
taken based on (in that order):
* The user's preferences
* The accept_language header
* The system settings
Only languages, that are enabled by the instance are valid. If one is
selected (e.g user preference), that is not enabled by the instance, a
fallback is taken.
Ivan Kuchin