From 065859b90cc5ef403b8f47bd5394b343e556cc4d Mon Sep 17 00:00:00 2001 From: Azul Date: Wed, 23 Mar 2016 21:48:52 +0100 Subject: upgrade: remove references to RestClient CouchRest > 1.2 does not use RestClient anymore. So we should not try to catch its errors. --- app/models/token.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/models') diff --git a/app/models/token.rb b/app/models/token.rb index b398fcb..8ac32b8 100644 --- a/app/models/token.rb +++ b/app/models/token.rb @@ -59,8 +59,8 @@ class Token < CouchRest::Model::Base # So let's make sure we don't crash if they disappeared def destroy_with_rescue destroy_without_rescue - rescue RestClient::ResourceNotFound # do nothing it's gone already - rescue RestClient::Conflict # do nothing - it's been updated - #7670 + rescue CouchRest::NotFound + rescue CouchRest::Conflict # do nothing - it's been updated - #7670 end alias_method_chain :destroy, :rescue -- cgit v1.2.3 From fc066a42ec5a3271b0d476ff2c5ab771f1ab726d Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 3 May 2016 10:24:11 -0300 Subject: fix failing unit and functional tests --- app/models/api_monitor_user.rb | 11 +++++++++++ app/models/api_user.rb | 13 +------------ 2 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 app/models/api_monitor_user.rb (limited to 'app/models') diff --git a/app/models/api_monitor_user.rb b/app/models/api_monitor_user.rb new file mode 100644 index 0000000..d0fe411 --- /dev/null +++ b/app/models/api_monitor_user.rb @@ -0,0 +1,11 @@ +# +# A user that has limited admin access, to be used +# for running monitor tests against a live production +# installation. +# +class ApiMonitorUser < ApiUser + def is_monitor? + true + end +end + diff --git a/app/models/api_user.rb b/app/models/api_user.rb index 2efe1cb..c70cccb 100644 --- a/app/models/api_user.rb +++ b/app/models/api_user.rb @@ -2,17 +2,6 @@ class ApiUser < AnonymousUser end -# -# A user that has limited admin access, to be used -# for running monitor tests against a live production -# installation. -# -class ApiMonitorUser < ApiUser - def is_monitor? - true - end -end - # # Not yet supported: # @@ -20,4 +9,4 @@ end # def is_admin? # true # end -#end \ No newline at end of file +#end -- cgit v1.2.3 From ad208ae3625e67c2551744df7906ebdda94d215e Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 23 May 2016 12:27:14 +0200 Subject: rename destroy_identity to release_handles This expresses the intent rather than the implementation. Also replace temp with query refactoring. --- app/models/account.rb | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'app/models') diff --git a/app/models/account.rb b/app/models/account.rb index 7310250..d722caa 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -69,15 +69,13 @@ class Account @user.refresh_identity end - def destroy(destroy_identity=false) + def destroy(release_handles=false) return unless @user if !@user.is_tmp? - if destroy_identity == false - @user.identities.each do |id| + @user.identities.each do |id| + if release_handles == false id.orphan! - end - else - @user.identities.each do |id| + else id.destroy end end -- cgit v1.2.3 From e2f19bcfb6dbce77746c2d61715340525b29a592 Mon Sep 17 00:00:00 2001 From: NavaL Date: Wed, 22 Jun 2016 19:17:15 +0200 Subject: [feature] expose is_admin in the user api So that whoever consumes the API can use this attribute to determine if admin functionalities should be made available to the current user. --- app/models/user.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/models') diff --git a/app/models/user.rb b/app/models/user.rb index cb093cf..e3246ad 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -75,7 +75,8 @@ class User < CouchRest::Model::Base :login => self.login, :ok => self.valid?, :id => self.id, - :enabled => self.enabled? + :enabled => self.enabled?, + :is_admin => self.is_admin? }.to_json(options) end -- cgit v1.2.3 From 638acc59a241e141cf0fc9ccbf4e3c5578b98f0c Mon Sep 17 00:00:00 2001 From: Azul Date: Mon, 4 Jul 2016 20:19:21 +0200 Subject: Fix db:migrate and similar tasks We saw errors from duplicate loading of LocalEmail and LoginFormatValidation. The latter resulted in a crash. In an attempt to ensure all subclasses of Couchrest::Model::Base are loaded Couchrest::Model::Utils::Migrate requires all files in app/models. We have an extension that does the same for the engines. During this process LoginFormatValidation and LocalEmail were autoloaded when 'identity' was required. Afterwards they were required again. It looks like rails' autoload mechanism does not play nicely with require. So to make sure they are not autoloaded first move the concerns and helper classes into the lib directory and require them explicitly. --- app/models/email.rb | 31 ---------------- app/models/identity.rb | 2 ++ app/models/local_email.rb | 66 ----------------------------------- app/models/login_format_validation.rb | 21 ----------- app/models/user.rb | 2 ++ 5 files changed, 4 insertions(+), 118 deletions(-) delete mode 100644 app/models/email.rb delete mode 100644 app/models/local_email.rb delete mode 100644 app/models/login_format_validation.rb (limited to 'app/models') diff --git a/app/models/email.rb b/app/models/email.rb deleted file mode 100644 index 4090275..0000000 --- a/app/models/email.rb +++ /dev/null @@ -1,31 +0,0 @@ -class Email < String - include ActiveModel::Validations - - validates :email, - :format => { - :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, #local part of email is case-sensitive, so allow uppercase letter. - :message => "needs to be a valid email address" - } - - # Make sure we can call Email.new(nil) and get an invalid email address - def initialize(s) - super(s.to_s) - end - - def to_partial_path - "emails/email" - end - - def to_param - to_s - end - - def email - self - end - - def handle - self.split('@').first - end - -end diff --git a/app/models/identity.rb b/app/models/identity.rb index f987e4e..92f8f7a 100644 --- a/app/models/identity.rb +++ b/app/models/identity.rb @@ -1,3 +1,5 @@ +require 'login_format_validation' +require 'local_email' # # Identity states: # diff --git a/app/models/local_email.rb b/app/models/local_email.rb deleted file mode 100644 index ded7baf..0000000 --- a/app/models/local_email.rb +++ /dev/null @@ -1,66 +0,0 @@ -class LocalEmail < Email - - BLACKLIST_FROM_RFC2142 = [ - 'postmaster', 'hostmaster', 'domainadmin', 'webmaster', 'www', - 'abuse', 'noc', 'security', 'usenet', 'news', 'uucp', - 'ftp', 'sales', 'marketing', 'support', 'info' - ] - - def self.domain - APP_CONFIG[:domain] - end - - validates :email, - :format => { - :with => /@#{domain}\Z/i, - :message => "needs to end in @#{domain}" - } - - validate :handle_allowed - - def initialize(s) - super - append_domain_if_needed - end - - def to_key - [handle] - end - - def domain - LocalEmail.domain - end - - protected - - def append_domain_if_needed - unless self.index('@') - self << '@' + domain - end - end - - def handle_allowed - errors.add(:handle, "is reserved.") if handle_reserved? - end - - def handle_reserved? - # *ARRAY in a case statement tests if ARRAY includes the handle. - case handle - when *APP_CONFIG[:handle_blacklist] - true - when *APP_CONFIG[:handle_whitelist] - false - when *BLACKLIST_FROM_RFC2142 - true - else - handle_in_passwd? - end - end - - def handle_in_passwd? - Etc.getpwnam(handle).present? - rescue ArgumentError - # handle was not found - return false - end -end diff --git a/app/models/login_format_validation.rb b/app/models/login_format_validation.rb deleted file mode 100644 index c1fcf70..0000000 --- a/app/models/login_format_validation.rb +++ /dev/null @@ -1,21 +0,0 @@ -module LoginFormatValidation - extend ActiveSupport::Concern - - #TODO: Probably will replace this. Playing with using it for aliases too, but won't want it connected to login field. - - included do - # Have multiple regular expression validations so we can get specific error messages: - validates :login, - :format => { :with => /\A.{2,}\z/, - :message => "Must have at least two characters"} - validates :login, - :format => { :with => /\A[a-z\d_\.-]+\z/, - :message => "Only lowercase letters, digits, . - and _ allowed."} - validates :login, - :format => { :with => /\A[a-z].*\z/, - :message => "Must begin with a lowercase letter"} - validates :login, - :format => { :with => /\A.*[a-z\d]\z/, - :message => "Must end with a letter or digit"} - end -end diff --git a/app/models/user.rb b/app/models/user.rb index cb093cf..206c0df 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,3 +1,5 @@ +require 'login_format_validation' + class User < CouchRest::Model::Base include LoginFormatValidation -- cgit v1.2.3 From 87e467530b686c41ae0b9a8fbf3ed571680bcb74 Mon Sep 17 00:00:00 2001 From: Azul Date: Tue, 12 Jul 2016 17:30:02 +0200 Subject: bugfix: require local email in user model --- app/models/user.rb | 1 + 1 file changed, 1 insertion(+) (limited to 'app/models') diff --git a/app/models/user.rb b/app/models/user.rb index 206c0df..704700b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,4 +1,5 @@ require 'login_format_validation' +require 'local_email' class User < CouchRest::Model::Base include LoginFormatValidation -- cgit v1.2.3 From ab1917c5fe0f03e7719863a5598ad575d9fef302 Mon Sep 17 00:00:00 2001 From: NavaL Date: Thu, 14 Jul 2016 15:06:20 +0200 Subject: [feature] restrict is_admin in the user api, to only allow querying for him/herself So that it we do not expose the is_admin property to anyone else including other admins. --- app/models/user.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'app/models') diff --git a/app/models/user.rb b/app/models/user.rb index 6541305..93830cc 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -74,13 +74,16 @@ class User < CouchRest::Model::Base end def to_json(options={}) + to_hash.to_json(options) + end + + def to_hash() { :login => self.login, :ok => self.valid?, :id => self.id, :enabled => self.enabled?, - :is_admin => self.is_admin? - }.to_json(options) + } end def salt -- cgit v1.2.3 From b4ff3b959d4dd6a7561ac3be063a43619c0bd89c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 12 Aug 2016 11:34:01 +0200 Subject: move temporary_user into lib - fix load issue We already did the same for other concerns. The way we load models for couchrest migrations does not work well with concerns in the model directory as they will be loaded twice. --- app/models/temporary_user.rb | 93 -------------------------------------------- app/models/user.rb | 1 + 2 files changed, 1 insertion(+), 93 deletions(-) delete mode 100644 app/models/temporary_user.rb (limited to 'app/models') diff --git a/app/models/temporary_user.rb b/app/models/temporary_user.rb deleted file mode 100644 index 2afae15..0000000 --- a/app/models/temporary_user.rb +++ /dev/null @@ -1,93 +0,0 @@ -# -# For users with login '*test_user*', we don't want to store these documents in -# the main users db. This is because we create and destroy a lot of test -# users. This weirdness of using a different db for some users breaks a lot of -# things, such as associations. However, this is OK for now since we don't need -# those for running the frequent nagios tests. -# -# This module is included in user.rb. This will only work if it is included -# after designs are defined, otherwise, the design definition will overwrite -# find_by_login(). -# - -module TemporaryUser - extend ActiveSupport::Concern - include CouchRest::Model::DatabaseMethod - - USER_DB = 'users' - TMP_USER_DB = 'tmp_users' - TMP_LOGIN = 'tmp_user' # created and deleted frequently - TEST_LOGIN = 'test_user' # created, rarely deleted - - included do - use_database_method :db_name - - # since the original find_by_login is dynamically created with - # instance_eval, it appears that we also need to use instance eval to - # override it. - instance_eval <<-EOS, __FILE__, __LINE__ + 1 - def find_by_login(*args) - if args.grep(/^#{TMP_LOGIN}/).any? - by_login.database(tmp_database).key(*args).first() - else - by_login.key(*args).first() - end - end - EOS - end - - module ClassMethods - def get(id, db = database) - super(id, db) || super(id, tmp_database) - end - alias :find :get - - # calls db_name(TMP_LOGIN), then creates a CouchRest::Database - # from the name - def tmp_database - choose_database(TMP_LOGIN) - end - - def db_name(login=nil) - if !login.nil? && login.include?(TMP_LOGIN) - TMP_USER_DB - else - USER_DB - end - end - - # create the tmp db if it doesn't exist. - # requires admin access. - def create_tmp_database! - design_doc.sync!(tmp_database.tap{|db|db.create!}) - end - - def is_tmp?(login) - !login.nil? && login =~ /^#{TMP_LOGIN}/ - end - - def is_test?(login) - !login.nil? && (login =~ /^#{TMP_LOGIN}/ || login =~ /^#{TEST_LOGIN}/) - end - end - - # - # this gets called each and every time a User object needs to - # access the database. - # - def db_name - self.class.db_name(self.login) - end - - # returns true if this User instance is stored in tmp db. - def is_tmp? - self.class.is_tmp?(self.login) - end - - # returns true if this user is used for testing purposes - # (either a temporary or long lived) - def is_test? - self.class.is_test?(self.login) - end - -end diff --git a/app/models/user.rb b/app/models/user.rb index 93830cc..1116e6c 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -1,5 +1,6 @@ require 'login_format_validation' require 'local_email' +require 'temporary_user' class User < CouchRest::Model::Base include LoginFormatValidation -- cgit v1.2.3 From 8fbe70729da1d308a118c930e8f938837484a61c Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 12 Aug 2016 17:26:51 +0200 Subject: [db] def database on users instead of use_database use_database affects all uses of prepare_database - so also the one in tmp_database. In order to avoid that we do not use_database but just overwrite the database method itself. --- app/models/user.rb | 2 -- 1 file changed, 2 deletions(-) (limited to 'app/models') diff --git a/app/models/user.rb b/app/models/user.rb index 1116e6c..9cebbca 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -5,8 +5,6 @@ require 'temporary_user' class User < CouchRest::Model::Base include LoginFormatValidation - use_database :users - property :login, String, :accessible => true property :password_verifier, String, :accessible => true property :password_salt, String, :accessible => true -- cgit v1.2.3 From e46f318077f061a82ac64c767e869ae12666119a Mon Sep 17 00:00:00 2001 From: Azul Date: Fri, 26 Aug 2016 10:35:02 +0200 Subject: [load] require login_format_validation in session We moved it into the lib folder so it's not in an autoload path anymore. So now it needs to be required before being used. This fixes a load order issue that would cause non-deterministic failures in CI --- app/models/session.rb | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/models') diff --git a/app/models/session.rb b/app/models/session.rb index 0d7e10e..21e4dc6 100644 --- a/app/models/session.rb +++ b/app/models/session.rb @@ -1,3 +1,5 @@ +require 'login_format_validation' + class Session < SRP::Session include ActiveModel::Validations include LoginFormatValidation -- cgit v1.2.3