redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Digest & menu

Browse Source
This commit is contained in:
Karel Pičman 2024-06-27 17:11:36 +02:00
parent c79cdb42e1
commit 0be8d1c44d
10 changed files with 30 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.rubocop.yml
View File

@ -79,6 +79,10 @@ Naming/AccessorMethodName:
Exclude:
- lib/dav4rack/resource.rb
Naming/PredicateName:
Exclude:
- lib/redmine_dmsf/patches/attachable_patch.rb # Easy tests
Style/HashSyntax:
EnforcedShorthandSyntax: either

9
after_init.rb
View File

@ -47,14 +47,15 @@ def dmsf_init
parent: :new_object
end
# Main menu extension
unless ActiveRecord::Base.connection.data_source_exists?('settings') &&
Setting.plugin_redmine_dmsf['dmsf_global_menu_disabled']
Redmine::MenuManager.map :top_menu do |menu|
menu.push :dmsf, { controller: 'dmsf', action: 'index' },
caption: :menu_dmsf,
html: { class: 'icon-dmsf' },
if: proc { User.current.allowed_to?(:view_dmsf_folders, nil, global: true) }
end
if: proc {
User.current.allowed_to?(:view_dmsf_folders, nil, global: true) &&
ActiveRecord::Base.connection.data_source_exists?('settings') &&
Setting.plugin_redmine_dmsf['dmsf_global_menu_disabled'].blank?
}
end
Redmine::AccessControl.map do |map|

2
app/controllers/dmsf_controller.rb
View File

@ -476,7 +476,7 @@ class DmsfController < ApplicationController
# We have to create a token first to prevent an autogenerated token's value
token = Token.create!(user_id: User.current.id, action: 'dmsf-webdav-digest')
token.value = Digest::MD5.hexdigest(
token.value = ActiveSupport::Digest.hexdigest(
"#{User.current.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{params[:password]}"
)
token.save

3
app/views/dmsf_workflows/_main.html.erb
View File

@ -23,7 +23,8 @@
<% @workflows = DmsfWorkflow.status(@status).where(project_id: @project.id).sorted %>
<% @path = settings_project_path(@project, tab: 'dmsf_workflow') %>
<p>
<%= link_to l(:label_dmsf_workflow_new), new_dmsf_workflow_path(project_id: @project&.id), class: 'icon icon-add' %>
<%= link_to l(:label_dmsf_workflow_new), new_dmsf_workflow_path(project_id: @project&.id), class: 'icon icon-add',
data: { cy: "button__new--dmsf-workflow" } %>
</p>
<% else %>
<div class="contextual">

2
lib/redmine_dmsf/hooks/controllers/account_controller_hooks.rb
View File

@ -36,7 +36,7 @@ module RedmineDmsf
if controller.params[:password].present?
token = Token.find_by(user_id: user.id, action: 'dmsf-webdav-digest')
token ||= Token.create!(user_id: user.id, action: 'dmsf-webdav-digest')
token.value = Digest::MD5.hexdigest(
token.value = ActiveSupport::Digest.hexdigest(
"#{user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:#{controller.params[:password]}"
)
token.save

6
lib/redmine_dmsf/patches/attachable_patch.rb
View File

@ -23,13 +23,11 @@ module RedmineDmsf
# Attachable
module AttachablePatch
##################################################################################################################
# Overriden methods
# Overridden methods
def attachments?
def has_attachments?
super || (defined?(dmsf_files) && dmsf_files.any?) || (defined?(dmsf_links) && dmsf_links.any?)
end
alias has_attachments? attachments?
end
end
end

8
lib/redmine_dmsf/webdav/dmsf_controller.rb
View File

@ -43,7 +43,7 @@ module RedmineDmsf
response.status = status.code
if status.code == 401
time_stamp = Time.now.to_i
h_once = Digest::MD5.hexdigest("#{time_stamp}:#{SecureRandom.hex(32)}")
h_once = ActiveSupport::Digest.hexdigest("#{time_stamp}:#{SecureRandom.hex(32)}")
nonce = Base64.strict_encode64("#{time_stamp}#{h_once}")
response['WWW-Authenticate'] =
%(Digest realm="#{authentication_realm}", nonce="#{nonce}", algorithm="MD5", qop="auth")
@ -90,11 +90,11 @@ module RedmineDmsf
end
ha1 = token.value
end
ha2 = Digest::MD5.hexdigest("#{request.env['REQUEST_METHOD']}:#{uri}")
ha2 = ActiveSupport::Digest.hexdigest("#{request.env['REQUEST_METHOD']}:#{uri}")
required_response = if qop
Digest::MD5.hexdigest("#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}")
ActiveSupport::Digest.hexdigest("#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}")
else
Digest::MD5.hexdigest("#{ha1}:#{nonce}:#{ha2}")
ActiveSupport::Digest.hexdigest("#{ha1}:#{nonce}:#{ha2}")
end
if required_response == response
User.current = user

3
test/functional/dmsf_controller_test.rb
View File

@ -667,7 +667,8 @@ class DmsfControllerTest < RedmineDmsf::Test::TestCase
assert_redirected_to my_account_path
token = Token.find_by(user_id: @jsmith.id, action: 'dmsf-webdav-digest')
assert token
assert_equal Digest::MD5.hexdigest("jsmith:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"), token.value
assert_equal ActiveSupport::Digest.hexdigest("jsmith:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"),
token.value
end
def test_reset_digest_unauthorized

4
test/integration/webdav/dmsf_webdav_get_test.rb
View File

@ -46,7 +46,9 @@ class DmsfWebdavGetTest < RedmineDmsf::Test::IntegrationTest
assert_response :unauthorized
end
# Right digest
digest = Digest::MD5.hexdigest("#{@jsmith_user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith")
digest = ActiveSupport::Digest.hexdigest(
"#{@jsmith_user.login}:#{RedmineDmsf::Webdav::AUTHENTICATION_REALM}:jsmith"
)
token ||= Token.create!(user_id: @jsmith_user.id, action: 'dmsf-webdav-digest')
token.value = digest
assert token.save

4
test/integration_test.rb
View File

@ -136,10 +136,10 @@ module RedmineDmsf
uri = options[:uri] || path_info
credentials[uri] = uri
@request.env['ORIGINAL_FULLPATH'] = path_info
ha2 = Digest::MD5.hexdigest("GET:#{target}")
ha2 = ActiveSupport::Digest.hexdigest("GET:#{target}")
nonce = ActionController::HttpAuthentication::Digest.nonce(Rails.configuration.secret_key_base)
ha1 = options.delete(:digest)
credentials[:response] = Digest::MD5.hexdigest("#{ha1}:#{nonce}:#{ha2}")
credentials[:response] = ActiveSupport::Digest.hexdigest("#{ha1}:#{nonce}:#{ha2}")
"Digest #{credentials.sort_by { |x| x[0].to_s }.map { |v| "#{v[0]}=#{v[1]}" }.join(',')}"
end
end