references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-14 03:30:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
108,460 Commits 457 Branches 316 Tags
dev
Commit Graph

157 Commits

Author SHA1 Message Date
Klaus Zanders 2b394b9ba5 Merge pull request #21272 from opf/fix/password-change-bruteforce-protection 
Log failed logins when using password change
 2025-12-01 11:04:37 +01:00
Klaus Zanders 1fe1a15af0 Use usernames instead of IDs to identify users on external password change 2025-12-01 10:22:07 +01:00
Oliver Günther 7026df4771 Log failed logins when using password change 2025-12-01 10:06:43 +01:00
Pavel Balashou 2db9ef305c [#63912] Support multiple authentication provider user links 
https://community.openproject.org/work_packages/63912
 2025-06-03 10:13:00 +02:00
Jan Sandbrink 5792f3665b Add authentication_provider field to user factory 
This is intended to be a more natural and readable way of manipulating the
identity_url of a user. It also means that if we ever decide to change
the way how the identity_url is built or how providers are attached to
a user, it should be easier to switch the majority of tests relying on it
over to the new schema.
 2025-04-25 09:15:17 +02:00
Oliver Günther e3333a96f4 Add my page menu to global and redirect to root 
https://community.openproject.org/work_packages/61881
 2025-02-28 12:05:03 +01:00
Oliver Günther 47d62ba9df Fix renders after redirect 2024-10-11 08:43:01 +02:00
Oliver Günther 3b50663c34 Extract common functionality between account and omniauth controller 2024-09-20 10:24:01 +02:00
Oliver Günther 9586b06db3 Merge pull request #16331 from opf/chore/verify_partial_doubles 
Set verify_partial_doubles=true
 2024-08-06 10:54:18 +02:00
Oliver Günther 6d4b20304a Remove unnecessary stub 2024-08-06 10:29:28 +02:00
Oliver Günther 1df0c00c2a Adapt affected specs to opt-out of double verification 2024-08-05 19:31:30 +02:00
Ivan Kuchin 4911b8a149 remove years from copyrights (except for COPYRIGHT file) 2024-07-31 15:02:49 +02:00
Markus Kahl 86ff20eb46 disable direct login provider if value is empty 2024-06-12 15:14:02 +02:00
ulferts 3b2121f733 Revert "Merge remote-tracking branch 'origin/release/13.4' into dev" 
This reverts commit 40b2bbeb09, reversing
changes made to b4c6cb17cc.
 2024-03-21 11:31:17 +01:00
Ivan Kuchin 7787e457a3 Revert "Merge branch 'dev' into release/13.4" 
This reverts commit a901541269, reversing
changes made to e573ca00b7.
 2024-03-20 20:19:08 +01:00
Ivan Kuchin 9e4934cd0a change quotes using rubocop --only Style/StringLiterals,Style/QuotedSymbols -a 2024-03-20 18:05:22 +01:00
Oliver Günther 00c8c550dc Convert stubbed account_controller specs into requests 
The errors were not spotted as the controller spec was heavily stubbed
 2024-03-11 20:34:05 +01:00
Oliver Günther 1f112eb94d Adapt account controller so that we can find existing, but e.g, locked users 2024-02-06 16:08:51 +01:00
Christophe Bliard 8fa8584538 Run rubocop --autocorrect on all files 
Only the safe cops have run. rubocop version is 1.59.0.
 2024-01-05 15:27:09 +01:00
Christophe Bliard c795874f7f Update copyright year for 2024 
command used: `rg -l 'Copyright \(C\) 2012-202\d the OpenProject' | xargs -n 100 sed -i -r 's/Copyright \(C\) 2012-202. the OpenProject/Copyright (C) 2012-2024 the OpenProject/'`
 2024-01-02 16:23:54 +01:00
Aaron Contreras 3336951206 Add controller spec scenario for fixed use-case 
This spec would demonstrate the failing behavior if the user was
not activated automatically when the password is changed.
 2023-09-04 09:26:30 -05:00
Aaron Contreras af8331b817 Chore: Turn off rubocop warnings for required use cases 2023-09-04 09:26:30 -05:00
Aaron Contreras 5a0cd01966 Chore: Set up Message Spy on controller 2023-09-04 09:26:30 -05:00
Aaron Contreras 7b00fd4ae8 Chore: Fix shadowed local variable warning 2023-09-04 09:26:29 -05:00
Aaron Contreras ddb420b82e Chore: Use query matcher 2023-09-04 09:26:29 -05:00
Aaron Contreras 08e10c08d6 Chore: Access the controller instance with controller 2023-09-04 09:26:29 -05:00
Aaron Contreras b119046c6b Chore: Use around hook to avoid use of instance variable 2023-09-04 09:26:29 -05:00
Aaron Contreras 461f03aec5 Chore: Improve context nesting for GET #login 2023-09-04 09:26:28 -05:00
Aaron Contreras e934b20431 Chore: Use RSpec HTTP status matchers 2023-09-04 09:26:28 -05:00
Aaron Contreras 7b5cc89f9a Chore: Fix describe/context block warnings 2023-09-04 09:26:28 -05:00
Aaron Contreras 3e0d0740de Chore: Add frozen_string_literal magic comment 2023-09-04 09:26:27 -05:00
Aaron Contreras 8ceeb41de0 Chore: Fix constant definition in block warning 
Fixes:
```
Do not define constants this way within a block.
[Lint/ConstantDefinitionInBlock]
```

Classes (and even constants) defined within an RSpec block are still
defined globally.
 2023-09-04 09:26:27 -05:00
Oliver Günther e32d2d0058 Remove AuthSource base namespace, model 2023-07-27 08:16:43 +02:00
ulferts ddf7a0e807 Merge remote-tracking branch 'origin/release/12.5' into dev 2023-07-17 09:07:23 +02:00
Oliver Günther d0bda1d8fb Make internal login route easier, allowing POST /login without session 
The session flag got removed after the first redirect, breaking the login
 2023-07-12 11:58:57 +02:00
Oliver Günther 5dae3b8122 Add internal login route to documentation 2023-06-15 08:58:22 +02:00
Oliver Günther f3cfae7a01 Remove internal login flag after login action 2023-06-15 08:58:22 +02:00
Oliver Günther e128d83c0e Disable internal login if direct provider not enabled 2023-06-15 08:58:21 +02:00
Oliver Günther 0a69ce2878 Add internal login 2023-06-15 08:58:21 +02:00
Christophe Bliard 4c2a9d0aa8 Enable RSpec zero monkey patching mode 
The plan for RSpec 4.0 is to disable monkey patching.

See https://github.com/rspec/rspec-core/blob/main/features/configuration/zero_monkey_patching_mode.feature for details.
 2023-05-31 19:22:29 +02:00
Markus Kahl a368ab3784 docs and spec label fixes [ci skip] 2023-04-27 12:07:14 +02:00
Oliver Günther 9533ab52e7 Add internal login route to documentation 2023-04-26 15:31:05 +02:00
Oliver Günther 493a14b07c Remove internal login flag after login action 2023-04-26 15:08:05 +02:00
Oliver Günther 59fd5e91a7 Disable internal login if direct provider not enabled 2023-04-26 13:09:51 +02:00
Oliver Günther b03e14e329 Add internal login 2023-04-26 13:05:18 +02:00
Christophe Bliard 9e865b4f7b lint: Run rubocop safe autocorrect 
Command is `rubocop --safe --autocorrect app lib lib_static modules spec`
 2023-03-09 10:25:57 +01:00
Christophe Bliard aa23106c11 lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle 
command is

    rubocop -A --only RSpec/FactoryBot/ConsistentParenthesesStyle modules spec
 2023-03-07 15:04:32 +01:00
Christophe Bliard 85b3258a29 Autocorrect with some rubocop cops 
RSpec/Rails/InferredSpecType and Style/RedundantConstantBase

rubocop --autocorrect-all --only RSpec/Rails/InferredSpecType,Style/RedundantConstantBase spec modules/*/spec
 2023-01-13 14:28:59 +01:00
Christophe Bliard 21a696ef9b Update copyright information for 2023 2022-12-30 15:51:26 +01:00
Christophe Bliard 9c7d115bde Fix flickering tests and deprecation warnings 
In some examples of `spec/controllers/account_controller_spec.rb`,
`Setting.self_registration?` was not mocked. If such example is run first,
it would fail.

Same for `spec/features/auth/login_spec.rb` and `Settings.autologin?`.

Fix it by using with `with_settings` helper.

Fix deprecation warnings seen when using `Setting.xxx?` when the setting
xxx is not a boolean.
 2022-10-26 15:48:48 +02:00