Missing Digest #1541

2024-08-29 10:03:05 +02:00 · 2024-08-29 10:03:05 +02:00 · 06d818964c
commit 06d818964c
parent 8d9b06ae9d
8 changed files with 39 additions and 6 deletions
--- a/.rubocop.yml
+++ b/.rubocop.yml
@ -116,6 +116,7 @@ Rails/SkipsModelValidations:
    - db/migrate/20160215125801_approval_workflow_status.rb
    - db/migrate/20140519133201_trash_bin.rb
    - db/migrate/07_dmsf_1_4_4.rb
+    - db/migrate/20240829093801_rename_dmsf_digest_token.rb

 Rails/ThreeStateBooleanColumn:
  Exclude:
--- a/after_init.rb
+++ b/after_init.rb
@ -107,6 +107,8 @@ def dmsf_init
      pmap.permission :delete_project_watchers, { watchers: :destroy }
    end
  end
+  # DMSF WebDAV digest token
+  Token.add_action :dmsf_webdav_digest, max_instances: 1, validity_time: nil
 end

 if Redmine::Plugin.installed?('easy_extensions')
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@ -475,7 +475,7 @@ class DmsfController < ApplicationController
      raise StandardError, l(:notice_account_wrong_password) unless User.current.check_password?(params[:password])

      # We have to create a token first to prevent an autogenerated token's value
-      token = Token.create!(user_id: User.current.id, action: 'dmsf-webdav-digest')
+      token = Token.create!(user_id: User.current.id, action: 'dmsf_webdav_digest')
      token.value = ActiveSupport::Digest.hexdigest(
        "#{User.current.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{params[:password]}"
      )
--- a/db/migrate/20240829093801_rename_dmsf_digest_token.rb
+++ b/db/migrate/20240829093801_rename_dmsf_digest_token.rb
@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# Redmine plugin for Document Management System "Features"
+#
+# Karel Pičman <karel.picman@kontron.com>
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+# Rename DMSF digest token
+class RenameDmsfDigestToken < ActiveRecord::Migration[6.1]
+  def up
+    Token.where(action: 'dmsf-webdav-digest').update_all action: 'dmsf_webdav_digest'
+  end
+
+  def down
+    Token.where(action: 'dmsf_webdav_digest').update_all action: 'dmsf-webdav-digest'
+  end
+end
--- a/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb
+++ b/lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb
@ -36,8 +36,8 @@ module RedmineDmsf

          # Updates user's DMSF WebDAV digest
          if controller.params[:password].present?
-            token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest')
-            token ||= Token.create!(user_id: user.id, action: 'dmsf-webdav-digest')
+            token = Token.find_by(user_id: user.id, action: 'dmsf_webdav_digest')
+            token ||= Token.create!(user_id: user.id, action: 'dmsf_webdav_digest')
            token.value = ActiveSupport::Digest.hexdigest(
              "#{user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{controller.params[:password]}"
            )
--- a/lib/redmine_dmsf/webdav/dmsf_controller.rb
+++ b/lib/redmine_dmsf/webdav/dmsf_controller.rb
@ -76,7 +76,7 @@ module RedmineDmsf
            Rails.logger.error l(:notice_account_locked)
            raise Unauthorized
          end
-          token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest')
+          token = Token.find_by(user_id: user.id, action: 'dmsf_webdav_digest')
          if token.nil? && defined?(EasyExtensions)
            if user.easy_digest_token_expired?
              Rails.logger.error "Digest authentication: #{user} is locked"
--- a/test/functional/dmsf_controller_test.rb
+++ b/test/functional/dmsf_controller_test.rb
@ -665,7 +665,7 @@ class DmsfControllerTest < RedmineDmsf::Test::TestCase
    post '/dmsf/digest', params: { password: 'jsmith' }
    assert_response :redirect
    assert_redirected_to my_account_path
-    token = Token.find_by(user_id: @jsmith.id, action: 'dmsf-webdav-digest')
+    token = Token.find_by(user_id: @jsmith.id, action: 'dmsf_webdav_digest')
    assert token
    assert_equal ActiveSupport::Digest.hexdigest("jsmith:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"),
                 token.value
--- a/test/integration/webdav/dmsf_webdav_get_test.rb
+++ b/test/integration/webdav/dmsf_webdav_get_test.rb
@ -49,7 +49,7 @@ class DmsfWebdavGetTest < RedmineDmsf::Test::IntegrationTest
    digest = ActiveSupport::Digest.hexdigest(
      "#{@jsmith_user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"
    )
-    token ||= Token.create!(user_id: @jsmith_user.id, action: 'dmsf-webdav-digest')
+    token ||= Token.create!(user_id: @jsmith_user.id, action: 'dmsf_webdav_digest')
    token.value = digest
    assert token.save
    authorization = encode_credentials(username: 'jsmith', digest: digest, target: '/dmsf/webdav')