Merge branch 'release/13.4' into docs/release-notes

opf · Mar 19, 2024 · 466384b · 466384b
2 parents 142d96a + 2f74daf
commit 466384b
Show file tree

Hide file tree

Showing 318 changed files with 1,703 additions and 1,363 deletions.
diff --git a/.github/workflows/test-core.yml b/.github/workflows/test-core.yml
@@ -23,7 +23,7 @@ jobs:
   all:
     name: Units + Features
     if: github.repository == 'opf/openproject'
-    runs-on: [self-hosted, aws, ubuntu22, x64, 2XL]
+    runs-on: runs-on,runner=32cpu-linux,family=m7i+m7a,run-id=${{ github.run_id }}
     timeout-minutes: 40
     env:
       DOCKER_BUILDKIT: 1
@@ -32,7 +32,7 @@ jobs:
     - uses: actions/checkout@v4
     - name: Cache DOCKER
       id: cache_docker
-      uses: actions/cache@v3
+      uses: runs-on/cache@v4
       with:
         path: cache/docker
         # Note: no restore keys since whenever the files below change, we want to rebuild the full image from scratch
@@ -41,28 +41,28 @@ jobs:
       if: steps.cache_docker.outputs.cache-hit == 'true'
       run: docker load -i cache/docker/image.tar
     - name: Cache GEM
-      uses: actions/cache@v3
+      uses: runs-on/cache@v4
       with:
         path: cache/bundle
         key: gem-${{ hashFiles('Gemfile.lock') }}
         restore-keys: |
           gem-
     - name: Cache NPM
-      uses: actions/cache@v3
+      uses: runs-on/cache@v4
       with:
         path: cache/node
         key: node-${{ hashFiles('package.json', 'frontend/package-lock.json') }}
         restore-keys: |
           node-
     - name: Cache ANGULAR
-      uses: actions/cache@v3
+      uses: runs-on/cache@v4
       with:
         path: cache/angular
         key: angular-${{ hashFiles('package.json', 'frontend/package-lock.json') }}
         restore-keys: |
           angular-
     - name: Cache TEST RUNTIME
-      uses: actions/cache@v3
+      uses: runs-on/cache@v4
       with:
         path: cache/runtime-logs
         key: runtime-logs-${{ github.head_ref || github.ref }}-${{ github.sha }}

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -244,20 +244,10 @@ def self.activate_user!(user, session)
   def self.try_authentication_and_create_user(login, password)
     return nil if OpenProject::Configuration.disable_password_login?
 
-    attrs = LdapAuthSource.authenticate(login, password)
-    return unless attrs
+    user = LdapAuthSource.authenticate(login, password)
 
-    call = Users::CreateService
-      .new(user: User.system)
-      .call(attrs)
-
-    user = call.result
-
-    call.on_failure do |result|
-      Rails.logger.error "Failed to auto-create user from auth-source: #{result.message}"
-
-      # TODO We have no way to pass back the contract errors in this place
-      user.errors.merge! call.errors
+    if user&.new_record?
+      Rails.logger.error "Failed to auto-create user from auth-source, as data is missing."
     end
 
     user

diff --git a/app/services/ldap/base_service.rb b/app/services/ldap/base_service.rb
@@ -61,6 +61,8 @@ def try_to_create(attrs)
       if call.success?
         Rails.logger.info { "[LDAP user sync] User '#{call.result.login}' created." }
       else
+        # Ensure contract errors are merged into the user
+        call.result.errors.merge! call.errors
         Rails.logger.error { "[LDAP user sync] User '#{attrs[:login]}' could not be created: #{call.message}" }
       end
 

diff --git a/app/views/account/_login.html.erb b/app/views/account/_login.html.erb
@@ -77,7 +77,7 @@ See COPYRIGHT and LICENSE files for more details.
           &nbsp;
         </label>
         <input type="submit" name="login" id="login-pulldown"
-          value="<%=t(:button_login)%>" class="button -highlight" tabindex="1" />
+          value="<%=t(:button_login)%>" class="button -highlight button_no-margin" tabindex="1" />
       </div>
     </div>
 

diff --git a/app/views/account/_password_login_form.html.erb b/app/views/account/_password_login_form.html.erb
@@ -55,23 +55,27 @@ See COPYRIGHT and LICENSE files for more details.
     </div>
   <% end %>
 
-  <%= submit_tag t(:button_login),
-                 name: :login,
-                 class: 'button -highlight',
-                 data: { disable_with: t(:label_loading) } %>
+  <div class="login-form--footer">
+    <%= submit_tag t(:button_login),
+                   name: :login,
+                   class: 'button -highlight button_no-margin',
+                   data: { disable_with: t(:label_loading) } %>
 
-  <div class="login-options-container">
-    <div class="login-links">
-      <% if Setting.lost_password? %>
-        <%= link_to t(:label_password_lost), { controller: '/account', action: 'lost_password' } %>
-        <br>
-      <% end %>
-      <% if Setting::SelfRegistration.enabled? %>
-        <%= link_to t(:label_register),
-          '',
-          title: t(:label_register),
-          class: 'registration-modal--activation-link' %>
-      <% end %>
+    <div class="login-options-container">
+      <div class="login-links">
+        <% if Setting.lost_password? %>
+          <%= link_to t(:label_password_lost),
+                      { controller: '/account', action: 'lost_password' },
+                      class: 'login-form--footer-link' %>
+          <br>
+        <% end %>
+        <% if Setting::SelfRegistration.enabled? %>
+          <%= link_to t(:label_register),
+                      '',
+                      title: t(:label_register),
+                      class: 'login-form--footer-link registration-modal--activation-link' %>
+        <% end %>
+      </div>
     </div>
   </div>
 <% end %>

diff --git a/bin/dirty-rubocop b/bin/dirty-rubocop
@@ -183,15 +183,15 @@ module RuboCop
       alias from_file_unpatched from_file
     end
 
-    def self.from_file(path, ruby_version)
+    def self.from_file(path, ruby_version, **)
       if DirtyCop.staged_changes_only?
         pathname = Pathname.new(path)
         git_root = Pathname.new(`git rev-parse --show-toplevel`.strip)
         git_relative_path = pathname.relative_path_from(git_root).to_s
         source = `git show :#{git_relative_path}`
-        new(source, ruby_version, path)
+        new(source, ruby_version, path, **)
       else
-        from_file_unpatched(path, ruby_version)
+        from_file_unpatched(path, ruby_version, **)
       end
     end
   end

diff --git a/config/credentials.yml b/config/credentials.yml
@@ -33,7 +33,7 @@
 
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
+# You can use `rails secret` to generate a secure secret key.
 
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.

diff --git a/config/initializers/rack-attack.rb b/config/initializers/rack-attack.rb
@@ -26,21 +26,21 @@
 # See COPYRIGHT and LICENSE files for more details.
 #++
 
-if OpenProject::Configuration.blacklisted_routes.any?
-  # Block logins from a bad user agent
-  Rack::Attack.blocklist('block forbidden routes') do |req|
-    regex = OpenProject::Configuration.blacklisted_routes.map! { |str| Regexp.new(str) }
-    regex.any? { |i| i =~ req.path }
-  end
-
-  Rack::Attack.blocklisted_response = lambda do |_env|
-    # All blacklisted routes would return a 404.
-    [404, {}, ['Not found']]
-  end
-end
-
 Rails.application.reloader.to_prepare do
   # In test mode, enable rules and rack-attack using "with_rack_attack:" metadata
   Rack::Attack.enabled = !Rails.env.test?
   OpenProject::RateLimiting.set_defaults!
+
+  if OpenProject::Configuration.blacklisted_routes.any?
+    # Block logins from a bad user agent
+    Rack::Attack.blocklist('block forbidden routes') do |req|
+      regex = OpenProject::Configuration.blacklisted_routes.map! { |str| Regexp.new(str) }
+      regex.any? { |i| i =~ req.path }
+    end
+
+    Rack::Attack.blocklisted_responder = lambda do |_env|
+      # All blacklisted routes would return a 404.
+      [404, {}, ['Not found']]
+    end
+  end
 end