00feb586fa
Rework authorization with clearer load_and_authorize_with_permission_in_project
2026-01-16 10:31:30 +01:00
8c5d182d7b
Add EnterpriseGuard to make it easier to add before_actions
2025-06-12 13:38:55 +02:00
0b87e7543f
Freeze string literals in specs
...
Rolling out frozen string literals further by freezing all
string literals in core specs.
2025-05-05 09:29:55 +02:00
5e5fa5f37e
Use new permission in schedule controller
2024-12-19 11:24:49 +01:00
b3b4fac1e0
Allow permission-based authorization
2024-12-19 11:11:02 +01:00
f4a9ae7226
Fix rubocop cop name
2024-10-18 14:25:47 +02:00
982ce8d25f
Fix failure message
2024-09-20 10:24:01 +02:00
aa6a066578
Better error messages
2024-09-20 10:24:01 +02:00
3b50663c34
Extract common functionality between account and omniauth controller
2024-09-20 10:24:01 +02:00
17dac48b24
Refactor: move allow to before block
...
And keep the Arrange Act Assert order.
2024-08-06 14:42:26 +02:00
9586b06db3
Merge pull request #16331 from opf/chore/verify_partial_doubles
...
Set verify_partial_doubles=true
2024-08-06 10:54:18 +02:00
cf609bd664
Move allow to before block
2024-08-06 10:30:17 +02:00
0e939d2204
Replace Time.zone.now with current
2024-08-06 10:29:42 +02:00
74fa859e5f
Pass correct nil
2024-08-05 19:31:30 +02:00
1df0c00c2a
Adapt affected specs to opt-out of double verification
2024-08-05 19:31:30 +02:00
4911b8a149
remove years from copyrights (except for COPYRIGHT file)
2024-07-31 15:02:49 +02:00
b10e6d718c
rubocop autocorrect
2024-06-24 19:01:59 +02:00
36b4e47d36
raise error in every env
2024-06-11 10:47:24 +02:00
fdbd6b6d5a
forcing to specify allowed actions when forfeiting authorization check
2024-06-11 10:29:22 +02:00
563229dc3e
rename method for clarity
2024-06-10 17:19:55 +02:00
7ba1c9a522
extend functionality to prepend_before_action and append_before_action
2024-06-10 17:17:41 +02:00
a3aa240823
enforce checking authorization by adding a before_action
2024-06-07 16:52:00 +02:00
cd4137e2cd
Add a dedicated time matcher and use it instead of be_within.of
2024-05-28 10:24:03 +02:00
c584cea685
Add a dedicated time matcher and use it instead of be_within.of
2024-05-28 09:15:14 +02:00
3b2121f733
Revert "Merge remote-tracking branch 'origin/release/13.4' into dev"
...
This reverts commit 40b2bbeb09b4c6cb17cc
2024-03-21 11:31:17 +01:00
7787e457a3
Revert "Merge branch 'dev' into release/13.4"
...
This reverts commit a901541269e573ca00b7
2024-03-20 20:19:08 +01:00
9e4934cd0a
change quotes using rubocop --only Style/StringLiterals,Style/QuotedSymbols -a
2024-03-20 18:05:22 +01:00
8a938b37c1
Adapt auth_source_sso with improved finding of users
2024-02-06 16:05:58 +01:00
9ab21b3328
Always redirect to back_url when not in account routes
...
https://community.openproject.org/work_packages/52151
2024-01-22 09:06:05 +01:00
8fa8584538
Run rubocop --autocorrect on all files
...
Only the safe cops have run. rubocop version is 1.59.0.
2024-01-05 15:27:09 +01:00
c795874f7f
Update copyright year for 2024
...
command used: `rg -l 'Copyright \(C\) 2012-202\d the OpenProject' | xargs -n 100 sed -i -r 's/Copyright \(C\) 2012-202. the OpenProject/Copyright (C) 2012-2024 the OpenProject/'`
2024-01-02 16:23:54 +01:00
7bfec434a4
Show autologin tokens in the my/sessions view
2023-11-23 10:45:54 +01:00
46f47f6c63
Remove DummyAuthSource
2023-07-27 08:16:43 +02:00
e32d2d0058
Remove AuthSource base namespace, model
2023-07-27 08:16:43 +02:00
4c2a9d0aa8
Enable RSpec zero monkey patching mode
...
The plan for RSpec 4.0 is to disable monkey patching.
See https://github.com/rspec/rspec-core/blob/main/features/configuration/zero_monkey_patching_mode.feature for details.
2023-05-31 19:22:29 +02:00
aa23106c11
lint: autocorrect RSpec/FactoryBot/ConsistentParenthesesStyle
...
command is
rubocop -A --only RSpec/FactoryBot/ConsistentParenthesesStyle modules spec
2023-03-07 15:04:32 +01:00
85b3258a29
Autocorrect with some rubocop cops
...
RSpec/Rails/InferredSpecType and Style/RedundantConstantBase
rubocop --autocorrect-all --only RSpec/Rails/InferredSpecType,Style/RedundantConstantBase spec modules/*/spec
2023-01-13 14:28:59 +01:00
4062356e45
Remove not only nil, but also blank values
...
Otherwise, we will overwrite possibly existing values
2023-01-11 09:40:55 +01:00
62d9959251
Allow registered users to become activated
2023-01-10 16:43:28 +01:00
d573706de1
Bypass self registration for omniauth users
...
https://community.openproject.org/wp/42390
2023-01-10 14:01:16 +01:00
21a696ef9b
Update copyright information for 2023
2022-12-30 15:51:26 +01:00
9c7d115bde
Fix flickering tests and deprecation warnings
...
In some examples of `spec/controllers/account_controller_spec.rb`,
`Setting.self_registration?` was not mocked. If such example is run first,
it would fail.
Same for `spec/features/auth/login_spec.rb` and `Settings.autologin?`.
Fix it by using with `with_settings` helper.
Fix deprecation warnings seen when using `Setting.xxx?` when the setting
xxx is not a boolean.
2022-10-26 15:48:48 +02:00
5acdcb178b
Add helper to disable 2FA stage redirects
...
Many specs depend on not redirecting to 2FA, so provide a helper to skip that stage
2022-10-10 21:18:03 +02:00
48a4f1b6ad
lint with rubocop --autocorrect (safe cops only)
2022-06-02 10:40:10 +02:00
bc8d423ec2
update copyright information for 2022
2022-03-01 17:05:59 +01:00
f08bea3467
Remove FactoryBot.* prefix where applicable
2022-01-25 08:19:06 +01:00
dd4ebb5bf7
Fix and add a missing email spec
2022-01-10 15:59:24 +01:00
04964f21e2
[40248] Remember the back_url when initiating auth_source_sso
...
When the user creates a new session through auth source sso, they are
being logged in through `logged_user=` which calls the login service and
redirects back afterwards. But there is no back_url set, resulting in a
my page redirect.
https://community.openproject.org/wp/40248
2021-12-06 20:05:16 +01:00
dea629ce70
[40240] Return the original authenticated user in case of optional sso
...
https://community.openproject.org/wp/40240
2021-12-06 16:50:54 +01:00
5ebb53897a
Add better logging of the SAML response object
2021-11-22 15:55:23 +01:00
Oliver Günther