From: Anton Khorev Date: Fri, 6 Sep 2024 03:04:25 +0000 (+0300) Subject: Merge branch 'pull/5115' X-Git-Tag: live~718 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/dcb0369788b70b262845c601cad0a874b427725a?hp=c816efc3862ddcdb8fa5e9f14a8b13ff98fdeae6 Merge branch 'pull/5115' --- diff --git a/Gemfile b/Gemfile index ac056cd83..27f295eb6 100644 --- a/Gemfile +++ b/Gemfile @@ -59,7 +59,6 @@ gem "dry-validation" gem "frozen_record" gem "http_accept_language", "~> 2.1.1" gem "i18n-js", "~> 3.9.2" -gem "oauth-plugin", ">= 0.5.1" gem "openstreetmap-deadlock_retry", ">= 1.3.1", :require => "deadlock_retry" gem "rack-cors" gem "rails-i18n", "~> 7.0.0" @@ -76,6 +75,7 @@ gem "addressable", "~> 2.8" gem "rack-uri_sanitizer" # Omniauth for authentication +gem "multi_json" gem "omniauth", "~> 2.0.2" gem "omniauth-facebook" gem "omniauth-github" diff --git a/Gemfile.lock b/Gemfile.lock index 764281285..afc6463b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -95,8 +95,8 @@ GEM autoprefixer-rails (10.4.19.0) execjs (~> 2) aws-eventstream (1.3.0) - aws-partitions (1.968.0) - aws-sdk-core (3.201.5) + aws-partitions (1.970.0) + aws-sdk-core (3.202.2) aws-eventstream (~> 1, >= 1.3.0) aws-partitions (~> 1, >= 1.651.0) aws-sigv4 (~> 1.9) @@ -261,7 +261,7 @@ GEM google-protobuf (3.25.4) hashdiff (1.1.1) hashie (5.0.0) - highline (3.1.0) + highline (3.1.1) reline htmlentities (4.3.4) http_accept_language (2.1.1) @@ -319,7 +319,7 @@ GEM listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.0) + logger (1.6.1) logstasher (2.1.5) activesupport (>= 5.2) request_store @@ -348,7 +348,7 @@ GEM mutex_m (0.2.0) net-http (0.4.1) uri - net-imap (0.4.14) + net-imap (0.4.15) date net-protocol net-pop (0.1.2) @@ -361,12 +361,12 @@ GEM nokogiri (1.16.7) mini_portile2 (~> 2.8.2) racc (~> 1.4) - oauth (0.4.7) - oauth-plugin (0.5.1) - multi_json - oauth (~> 0.4.4) - oauth2 (>= 0.5.0) - rack + oauth (1.1.0) + oauth-tty (~> 1.0, >= 1.0.1) + snaky_hash (~> 2.0) + version_gem (~> 1.1) + oauth-tty (1.0.5) + version_gem (~> 1.1, >= 1.1.1) oauth2 (2.0.9) faraday (>= 0.17.3, < 3.0) jwt (>= 1.0, < 3.0) @@ -384,7 +384,7 @@ GEM omniauth-github (2.0.1) omniauth (~> 2.0) omniauth-oauth2 (~> 1.8) - omniauth-google-oauth2 (1.1.2) + omniauth-google-oauth2 (1.1.3) jwt (>= 2.0) oauth2 (~> 2.0) omniauth (~> 2.0) @@ -503,24 +503,23 @@ GEM rouge (4.3.0) rtlcss (0.2.1) mini_racer (>= 0.6.3) - rubocop (1.65.1) + rubocop (1.66.0) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.4, < 3.0) - rexml (>= 3.2.5, < 4.0) - rubocop-ast (>= 1.31.1, < 2.0) + rubocop-ast (>= 1.32.1, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 3.0) - rubocop-ast (1.32.1) + rubocop-ast (1.32.2) parser (>= 3.3.1.0) rubocop-capybara (2.21.0) rubocop (~> 1.41) rubocop-factory_bot (2.26.1) rubocop (~> 1.61) - rubocop-minitest (0.35.1) + rubocop-minitest (0.36.0) rubocop (>= 1.61, < 2.0) rubocop-ast (>= 1.31.1, < 2.0) rubocop-performance (1.21.1) @@ -581,7 +580,7 @@ GEM unicode-display_width (>= 1.1.1, < 3) terser (1.2.3) execjs (>= 0.3.0, < 3) - thor (1.3.1) + thor (1.3.2) tilt (2.4.0) timeout (0.4.1) turbo-rails (2.0.6) @@ -608,7 +607,7 @@ GEM websocket-extensions (0.1.5) xpath (3.2.0) nokogiri (~> 1.8) - zeitwerk (2.6.17) + zeitwerk (2.6.18) PLATFORMS ruby @@ -672,8 +671,8 @@ DEPENDENCIES mini_racer (~> 0.9.0) minitest (~> 5.1) minitest-focus + multi_json multi_xml (~> 0.6.0) - oauth-plugin (>= 0.5.1) omniauth (~> 2.0.2) omniauth-facebook omniauth-github diff --git a/app/abilities/ability.rb b/app/abilities/ability.rb index f98b1b24a..c8d18b9aa 100644 --- a/app/abilities/ability.rb +++ b/app/abilities/ability.rb @@ -12,7 +12,6 @@ class Ability can [:index, :permalink, :edit, :help, :fixthemap, :offline, :export, :about, :communities, :preview, :copyright, :key, :id], :site can [:finish, :embed], :export can [:search, :search_latlon, :search_osm_nominatim, :search_osm_nominatim_reverse], :geocoder - can [:token, :request_token, :access_token, :test_request], :oauth if Settings.status != "database_offline" can [:index, :feed, :show], Changeset @@ -31,12 +30,10 @@ class Ability if user&.active? can :welcome, :site - can [:revoke, :authorize], :oauth can [:show], :deletion if Settings.status != "database_offline" can [:subscribe, :unsubscribe], Changeset - can [:index, :new, :create, :show, :edit, :update, :destroy], ClientApplication can [:index, :new, :create, :show, :edit, :update, :destroy], :oauth2_application can [:index, :destroy], :oauth2_authorized_application can [:new, :show, :create, :destroy], :oauth2_authorization diff --git a/app/abilities/api_capability.rb b/app/abilities/api_capability.rb index 44e676345..07345d254 100644 --- a/app/abilities/api_capability.rb +++ b/app/abilities/api_capability.rb @@ -5,11 +5,7 @@ class ApiCapability def initialize(token) if Settings.status != "database_offline" - user = if token.respond_to?(:resource_owner_id) - User.find(token.resource_owner_id) - elsif token.respond_to?(:user) - token.user - end + user = User.find(token.resource_owner_id) if user&.active? can [:create, :comment, :close, :reopen], Note if scope?(token, :write_notes) diff --git a/app/assets/javascripts/leaflet.map.js b/app/assets/javascripts/leaflet.map.js index d221ae208..a907de295 100644 --- a/app/assets/javascripts/leaflet.map.js +++ b/app/assets/javascripts/leaflet.map.js @@ -124,8 +124,7 @@ L.OSM.Map = L.Map.extend({ this.gpsLayer = new L.OSM.GPS({ pane: "overlayPane", - code: "G", - name: I18n.t("javascripts.map.base.gps") + code: "G" }); this.on("layeradd", function (event) { diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index d45dce66a..085d1bfea 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -16,8 +16,6 @@ class AccountsController < ApplicationController allow_social_login :only => [:edit, :update] def edit - @tokens = current_user.oauth_tokens.authorized - if errors = session.delete(:user_errors) errors.each do |attribute, error| current_user.errors.add(attribute, error) @@ -27,8 +25,6 @@ class AccountsController < ApplicationController end def update - @tokens = current_user.oauth_tokens.authorized - user_params = params.require(:user).permit(:display_name, :new_email, :pass_crypt, :pass_crypt_confirmation, :auth_provider) if params[:user][:auth_provider].blank? || diff --git a/app/controllers/api/notes_controller.rb b/app/controllers/api/notes_controller.rb index be36421d9..3352c1f69 100644 --- a/app/controllers/api/notes_controller.rb +++ b/app/controllers/api/notes_controller.rb @@ -385,7 +385,7 @@ module Api def add_comment(note, text, event, notify: true) attributes = { :visible => true, :event => event, :body => text } - if doorkeeper_token || current_token + if doorkeeper_token author = current_user if scope_enabled?(:write_notes) else author = current_user diff --git a/app/controllers/api/permissions_controller.rb b/app/controllers/api/permissions_controller.rb index 717bbfa6f..637aa36a0 100644 --- a/app/controllers/api/permissions_controller.rb +++ b/app/controllers/api/permissions_controller.rb @@ -9,15 +9,10 @@ module Api # External apps that use the api are able to query which permissions # they have. This currently returns a list of permissions granted to the current user: # * if authenticated via OAuth, this list will contain all permissions granted by the user to the access_token. - # * if authenticated via basic auth all permissions are granted, so the list will contain all permissions. # * unauthenticated users have no permissions, so the list will be empty. def show @permissions = if doorkeeper_token.present? doorkeeper_token.scopes.map { |s| :"allow_#{s}" } - elsif current_token.present? - ClientApplication.all_permissions.select { |p| current_token.read_attribute(p) } - elsif current_user - ClientApplication.all_permissions else [] end diff --git a/app/controllers/api_controller.rb b/app/controllers/api_controller.rb index ae1bc8755..5b264db97 100644 --- a/app/controllers/api_controller.rb +++ b/app/controllers/api_controller.rb @@ -47,19 +47,14 @@ class ApiController < ApplicationController end end - def authorize(realm = "Web Password", errormessage = "Couldn't authenticate you") + def authorize(errormessage = "Couldn't authenticate you") # make the current_user object from any auth sources we have setup_user_auth # handle authenticate pass/fail unless current_user # no auth, the user does not exist or the password was wrong - if Settings.basic_auth_support - response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" - render :plain => errormessage, :status => :unauthorized - else - render :plain => errormessage, :status => :forbidden - end + render :plain => errormessage, :status => :unauthorized false end @@ -69,26 +64,19 @@ class ApiController < ApplicationController # Use capabilities from the oauth token if it exists and is a valid access token if doorkeeper_token&.accessible? ApiAbility.new(nil).merge(ApiCapability.new(doorkeeper_token)) - elsif Authenticator.new(self, [:token]).allow? - ApiAbility.new(nil).merge(ApiCapability.new(current_token)) else ApiAbility.new(current_user) end end def deny_access(_exception) - if doorkeeper_token || current_token + if doorkeeper_token set_locale report_error t("oauth.permissions.missing"), :forbidden elsif current_user head :forbidden - elsif Settings.basic_auth_support - realm = "Web Password" - errormessage = "Couldn't authenticate you" - response.headers["WWW-Authenticate"] = "Basic realm=\"#{realm}\"" - render :plain => errormessage, :status => :unauthorized else - render :plain => errormessage, :status => :forbidden + head :unauthorized end end @@ -105,32 +93,7 @@ class ApiController < ApplicationController def setup_user_auth logger.info " setup_user_auth" # try and setup using OAuth - if doorkeeper_token&.accessible? - self.current_user = User.find(doorkeeper_token.resource_owner_id) - elsif Authenticator.new(self, [:token]).allow? - if Settings.oauth_10a_support - # self.current_user setup by OAuth - else - report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden - self.current_user = nil - end - else - username, passwd = auth_data # parse from headers - # authenticate per-scheme - self.current_user = if username.nil? - nil # no authentication provided - perhaps first connect (client should retry after 401) - else - User.authenticate(:username => username, :password => passwd) # basic auth - end - if username && current_user - if Settings.basic_auth_support - # log if we have authenticated using basic auth - logger.info "Authenticated as user #{current_user.id} using basic authentication" - else - report_error t("application.basic_auth_disabled", :link => t("application.auth_disabled_link")), :forbidden - end - end - end + self.current_user = User.find(doorkeeper_token.resource_owner_id) if doorkeeper_token&.accessible? # have we identified the user? if current_user diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c6223fb9d..4b36607bb 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -86,10 +86,6 @@ class ApplicationController < ActionController::Base @oauth_token = current_user.oauth_token(Settings.oauth_application) if current_user && Settings.key?(:oauth_application) end - def require_oauth_10a_support - report_error t("application.oauth_10a_disabled", :link => t("application.auth_disabled_link")), :forbidden unless Settings.oauth_10a_support - end - ## # require the user to have cookies enabled in their browser def require_cookies @@ -297,7 +293,7 @@ class ApplicationController < ActionController::Base end def deny_access(_exception) - if doorkeeper_token || current_token + if doorkeeper_token set_locale report_error t("oauth.permissions.missing"), :forbidden elsif current_user @@ -327,23 +323,6 @@ class ApplicationController < ActionController::Base end end - # extract authorisation credentials from headers, returns user = nil if none - def auth_data - if request.env.key? "X-HTTP_AUTHORIZATION" # where mod_rewrite might have put it - authdata = request.env["X-HTTP_AUTHORIZATION"].to_s.split - elsif request.env.key? "REDIRECT_X_HTTP_AUTHORIZATION" # mod_fcgi - authdata = request.env["REDIRECT_X_HTTP_AUTHORIZATION"].to_s.split - elsif request.env.key? "HTTP_AUTHORIZATION" # regular location - authdata = request.env["HTTP_AUTHORIZATION"].to_s.split - end - # only basic authentication supported - user, pass = Base64.decode64(authdata[1]).split(":", 2) if authdata && authdata[0] == "Basic" - [user, pass] - end - - # override to stop oauth plugin sending errors - def invalid_oauth_response; end - # clean any referer parameter def safe_referer(referer) begin @@ -366,7 +345,7 @@ class ApplicationController < ActionController::Base end def scope_enabled?(scope) - doorkeeper_token&.includes_scope?(scope) || current_token&.includes_scope?(scope) + doorkeeper_token&.includes_scope?(scope) end helper_method :scope_enabled? diff --git a/app/controllers/changesets_controller.rb b/app/controllers/changesets_controller.rb index ba04b9a17..2c50ff905 100644 --- a/app/controllers/changesets_controller.rb +++ b/app/controllers/changesets_controller.rb @@ -75,6 +75,7 @@ class ChangesetsController < ApplicationController end def show + @type = "changeset" @changeset = Changeset.find(params[:id]) case turbo_frame_request_id when "changeset_nodes" diff --git a/app/controllers/oauth_clients_controller.rb b/app/controllers/oauth_clients_controller.rb deleted file mode 100644 index 42b0921f1..000000000 --- a/app/controllers/oauth_clients_controller.rb +++ /dev/null @@ -1,75 +0,0 @@ -class OauthClientsController < ApplicationController - layout "site" - - before_action :authorize_web - before_action :set_locale - - authorize_resource :class => ClientApplication - - def index - @client_applications = current_user.client_applications - @tokens = current_user.oauth_tokens.authorized - end - - def show - @client_application = current_user.client_applications.find(params[:id]) - rescue ActiveRecord::RecordNotFound - @type = "client application" - render :action => "not_found", :status => :not_found - end - - def new - if Settings.oauth_10_registration - @client_application = ClientApplication.new - else - flash[:error] = t ".disabled" - redirect_to :action => "index" - end - end - - def edit - @client_application = current_user.client_applications.find(params[:id]) - rescue ActiveRecord::RecordNotFound - @type = "client application" - render :action => "not_found", :status => :not_found - end - - def create - @client_application = current_user.client_applications.build(application_params) - if @client_application.save - flash[:notice] = t ".flash" - redirect_to :action => "show", :id => @client_application.id - else - render :action => "new" - end - end - - def update - @client_application = current_user.client_applications.find(params[:id]) - if @client_application.update(application_params) - flash[:notice] = t ".flash" - redirect_to :action => "show", :id => @client_application.id - else - render :action => "edit" - end - rescue ActiveRecord::RecordNotFound - @type = "client application" - render :action => "not_found", :status => :not_found - end - - def destroy - @client_application = current_user.client_applications.find(params[:id]) - @client_application.destroy - flash[:notice] = t ".flash" - redirect_to :action => "index" - rescue ActiveRecord::RecordNotFound - @type = "client application" - render :action => "not_found", :status => :not_found - end - - private - - def application_params - params.require(:client_application).permit(:name, :url, :callback_url, :support_url, ClientApplication.all_permissions) - end -end diff --git a/app/controllers/oauth_controller.rb b/app/controllers/oauth_controller.rb deleted file mode 100644 index 62a68b533..000000000 --- a/app/controllers/oauth_controller.rb +++ /dev/null @@ -1,80 +0,0 @@ -class OauthController < ApplicationController - include OAuth::Controllers::ProviderController - - # The ProviderController will call login_required for any action that needs - # a login, but we want to check authorization on every action. - authorize_resource :class => false - - before_action :require_oauth_10a_support - - layout "site" - - allow_all_form_action :only => :oauth1_authorize - - def revoke - @token = current_user.oauth_tokens.find_by :token => params[:token] - if @token - @token.invalidate! - flash[:notice] = t(".flash", :application => @token.client_application.name) - end - redirect_to oauth_clients_url(:display_name => @token.user.display_name) - end - - protected - - def login_required - authorize_web - set_locale - end - - def user_authorizes_token? - any_auth = false - - @token.client_application.permissions.each do |pref| - if params[pref].to_i.nonzero? - @token.write_attribute(pref, true) - any_auth ||= true - else - @token.write_attribute(pref, false) - end - end - - any_auth - end - - def oauth1_authorize - if @token.invalidated? - @message = t "oauth.authorize_failure.invalid" - render :action => "authorize_failure" - elsif request.post? - if user_authorizes_token? - @token.authorize!(current_user) - callback_url = if @token.oauth10? - params[:oauth_callback] || @token.client_application.callback_url - else - @token.oob? ? @token.client_application.callback_url : @token.callback_url - end - @redirect_url = URI.parse(callback_url) if callback_url.present? - - if @redirect_url.to_s.blank? - render :action => "authorize_success" - else - @redirect_url.query = if @redirect_url.query.blank? - "oauth_token=#{@token.token}" - else - @redirect_url.query + - "&oauth_token=#{@token.token}" - end - - @redirect_url.query += "&oauth_verifier=#{@token.verifier}" unless @token.oauth10? - - redirect_to @redirect_url.to_s, :allow_other_host => true - end - else - @token.invalidate! - @message = t("oauth.authorize_failure.denied", :app_name => @token.client_application.name) - render :action => "authorize_failure" - end - end - end -end diff --git a/app/controllers/traces_controller.rb b/app/controllers/traces_controller.rb index 02b553d0a..d723bac5b 100644 --- a/app/controllers/traces_controller.rb +++ b/app/controllers/traces_controller.rb @@ -143,7 +143,7 @@ class TracesController < ApplicationController flash[:notice] = t ".updated" redirect_to :action => "show", :display_name => current_user.display_name else - @title = t ".title", :name => @trace.name + @title = t "traces.edit.title", :name => @trace.name render :action => "edit" end rescue ActiveRecord::RecordNotFound diff --git a/app/models/access_token.rb b/app/models/access_token.rb deleted file mode 100644 index d2c0dba1c..000000000 --- a/app/models/access_token.rb +++ /dev/null @@ -1,57 +0,0 @@ -# == Schema Information -# -# Table name: oauth_tokens -# -# id :integer not null, primary key -# user_id :integer -# type :string(20) -# client_application_id :integer -# token :string(50) -# secret :string(50) -# authorized_at :datetime -# invalidated_at :datetime -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# callback_url :string -# verifier :string(20) -# scope :string -# valid_to :datetime -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_oauth_tokens_on_token (token) UNIQUE -# index_oauth_tokens_on_user_id (user_id) -# -# Foreign Keys -# -# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) -# oauth_tokens_user_id_fkey (user_id => users.id) -# - -class AccessToken < OauthToken - belongs_to :user, :optional => true - belongs_to :client_application, :optional => true - - scope :valid, -> { where(:invalidated_at => nil) } - - validates :user, :secret, :presence => true - - before_create :set_authorized_at - - def includes_scope?(scope) - self[:"allow_#{scope}"] - end - - protected - - def set_authorized_at - self.authorized_at = Time.now.utc - end -end diff --git a/app/models/client_application.rb b/app/models/client_application.rb deleted file mode 100644 index d9d6b2df8..000000000 --- a/app/models/client_application.rb +++ /dev/null @@ -1,109 +0,0 @@ -# == Schema Information -# -# Table name: client_applications -# -# id :integer not null, primary key -# name :string -# url :string -# support_url :string -# callback_url :string -# key :string(50) -# secret :string(50) -# user_id :integer -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_client_applications_on_key (key) UNIQUE -# index_client_applications_on_user_id (user_id) -# -# Foreign Keys -# -# client_applications_user_id_fkey (user_id => users.id) -# - -class ClientApplication < ApplicationRecord - belongs_to :user, :optional => true - has_many :tokens, :class_name => "OauthToken", :dependent => :delete_all - has_many :access_tokens - has_many :oauth2_verifiers - has_many :oauth_tokens - - validates :key, :presence => true, :uniqueness => true - validates :name, :url, :secret, :presence => true - validates :url, :format => /\A#{URI::DEFAULT_PARSER.make_regexp(%w[http https])}\z/ - validates :support_url, :allow_blank => true, :format => /\A#{URI::DEFAULT_PARSER.make_regexp(%w[http https])}\z/ - validates :callback_url, :allow_blank => true, :format => /\A#{URI::DEFAULT_PARSER.make_regexp}\z/ - - before_validation :generate_keys, :on => :create - - attr_accessor :token_callback_url - - def self.find_token(token_key) - token = OauthToken.includes(:client_application).find_by(:token => token_key) - token if token&.authorized? - end - - def self.verify_request(request, options = {}, &block) - signature = OAuth::Signature.build(request, options, &block) - return false unless OauthNonce.remember(signature.request.nonce, signature.request.timestamp) - - signature.verify - rescue OAuth::Signature::UnknownSignatureMethod - false - end - - def self.all_permissions - Oauth.scopes.collect { |s| :"allow_#{s.name}" } - end - - def oauth_server - @oauth_server ||= OAuth::Server.new("https://#{Settings.server_url}") - end - - def credentials - @credentials ||= OAuth::Consumer.new(key, secret) - end - - def create_request_token(_params = {}) - params = { :client_application => self, :callback_url => token_callback_url } - permissions.each do |p| - params[p] = true - end - RequestToken.create(params) - end - - def access_token_for_user(user) - unless token = access_tokens.valid.find_by(:user_id => user) - params = { :user => user } - - permissions.each do |p| - params[p] = true - end - - token = access_tokens.create(params) - end - - token - end - - # the permissions that this client would like from the user - def permissions - ClientApplication.all_permissions.select { |p| self[p] } - end - - protected - - def generate_keys - self.key = OAuth::Helper.generate_key(40)[0, 40] - self.secret = OAuth::Helper.generate_key(40)[0, 40] - end -end diff --git a/app/models/node.rb b/app/models/node.rb index 825336d16..1bec9a33c 100644 --- a/app/models/node.rb +++ b/app/models/node.rb @@ -199,10 +199,6 @@ class Node < ApplicationRecord save_with_history! end - def tags_as_hash - tags - end - def tags @tags ||= node_tags.to_h { |t| [t.k, t.v] } end diff --git a/app/models/oauth2_token.rb b/app/models/oauth2_token.rb deleted file mode 100644 index 3435b25a3..000000000 --- a/app/models/oauth2_token.rb +++ /dev/null @@ -1,58 +0,0 @@ -# == Schema Information -# -# Table name: oauth_tokens -# -# id :integer not null, primary key -# user_id :integer -# type :string(20) -# client_application_id :integer -# token :string(50) -# secret :string(50) -# authorized_at :datetime -# invalidated_at :datetime -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# callback_url :string -# verifier :string(20) -# scope :string -# valid_to :datetime -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_oauth_tokens_on_token (token) UNIQUE -# index_oauth_tokens_on_user_id (user_id) -# -# Foreign Keys -# -# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) -# oauth_tokens_user_id_fkey (user_id => users.id) -# - -class Oauth2Token < AccessToken - attr_accessor :state - - def as_json(_options = {}) - d = { :access_token => token, :token_type => "bearer" } - d[:expires_in] = expires_in if expires_at - d - end - - def to_query - q = "access_token=#{token}&token_type=bearer" - q << "&state=#{CGI.escape(state)}" if @state - q << "&expires_in=#{expires_in}" if expires_at - q << "&scope=#{CGI.escape(scope)}" if scope - q - end - - def expires_in - expires_at.to_i - Time.now.to_i - end -end diff --git a/app/models/oauth2_verifier.rb b/app/models/oauth2_verifier.rb deleted file mode 100644 index 1613eabeb..000000000 --- a/app/models/oauth2_verifier.rb +++ /dev/null @@ -1,72 +0,0 @@ -# == Schema Information -# -# Table name: oauth_tokens -# -# id :integer not null, primary key -# user_id :integer -# type :string(20) -# client_application_id :integer -# token :string(50) -# secret :string(50) -# authorized_at :datetime -# invalidated_at :datetime -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# callback_url :string -# verifier :string(20) -# scope :string -# valid_to :datetime -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_oauth_tokens_on_token (token) UNIQUE -# index_oauth_tokens_on_user_id (user_id) -# -# Foreign Keys -# -# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) -# oauth_tokens_user_id_fkey (user_id => users.id) -# - -class Oauth2Verifier < OauthToken - validates :user, :presence => true, :associated => true - - attr_accessor :state - - def exchange!(_params = {}) - OauthToken.transaction do - token = Oauth2Token.create! :user => user, :client_application => client_application, :scope => scope - invalidate! - token - end - end - - def code - token - end - - def redirect_url - callback_url - end - - def to_query - q = "code=#{token}" - q << "&state=#{CGI.escape(state)}" if @state - q - end - - protected - - def generate_keys - self.token = OAuth::Helper.generate_key(20)[0, 20] - self.expires_at = 10.minutes.from_now - self.authorized_at = Time.now.utc - end -end diff --git a/app/models/oauth_nonce.rb b/app/models/oauth_nonce.rb deleted file mode 100644 index e08121cfc..000000000 --- a/app/models/oauth_nonce.rb +++ /dev/null @@ -1,31 +0,0 @@ -# == Schema Information -# -# Table name: oauth_nonces -# -# id :bigint(8) not null, primary key -# nonce :string -# timestamp :integer -# created_at :datetime -# updated_at :datetime -# -# Indexes -# -# index_oauth_nonces_on_nonce_and_timestamp (nonce,timestamp) UNIQUE -# - -# Simple store of nonces. The OAuth Spec requires that any given pair of nonce and timestamps are unique. -# Thus you can use the same nonce with a different timestamp and viceversa. -class OauthNonce < ApplicationRecord - validates :timestamp, :presence => true - validates :nonce, :presence => true, :uniqueness => { :scope => :timestamp } - - # Remembers a nonce and it's associated timestamp. It returns false if it has already been used - def self.remember(nonce, timestamp) - return false if Time.now.to_i - timestamp.to_i > 86400 - - oauth_nonce = OauthNonce.create(:nonce => nonce, :timestamp => timestamp.to_i) - return false if oauth_nonce.new_record? - - oauth_nonce - end -end diff --git a/app/models/oauth_token.rb b/app/models/oauth_token.rb deleted file mode 100644 index ae15dc658..000000000 --- a/app/models/oauth_token.rb +++ /dev/null @@ -1,72 +0,0 @@ -# == Schema Information -# -# Table name: oauth_tokens -# -# id :integer not null, primary key -# user_id :integer -# type :string(20) -# client_application_id :integer -# token :string(50) -# secret :string(50) -# authorized_at :datetime -# invalidated_at :datetime -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# callback_url :string -# verifier :string(20) -# scope :string -# valid_to :datetime -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_oauth_tokens_on_token (token) UNIQUE -# index_oauth_tokens_on_user_id (user_id) -# -# Foreign Keys -# -# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) -# oauth_tokens_user_id_fkey (user_id => users.id) -# - -class OauthToken < ApplicationRecord - belongs_to :client_application, :optional => true - belongs_to :user, :optional => true - - scope :authorized, -> { where("authorized_at IS NOT NULL and invalidated_at IS NULL") } - - validates :token, :presence => true, :uniqueness => true - validates :user, :associated => true - validates :client_application, :presence => true - - before_validation :generate_keys, :on => :create - - def invalidated? - invalidated_at != nil - end - - def invalidate! - update(:invalidated_at => Time.now.utc) - end - - def authorized? - !authorized_at.nil? && !invalidated? - end - - def to_query - "oauth_token=#{token}&oauth_token_secret=#{secret}" - end - - protected - - def generate_keys - self.token = OAuth::Helper.generate_key(40)[0, 40] - self.secret = OAuth::Helper.generate_key(40)[0, 40] - end -end diff --git a/app/models/old_node.rb b/app/models/old_node.rb index b323f0b4f..4585ed406 100644 --- a/app/models/old_node.rb +++ b/app/models/old_node.rb @@ -85,10 +85,6 @@ class OldNode < ApplicationRecord attr_writer :tags - def tags_as_hash - tags - end - # Pretend we're not in any ways def ways [] diff --git a/app/models/request_token.rb b/app/models/request_token.rb deleted file mode 100644 index ec38f7421..000000000 --- a/app/models/request_token.rb +++ /dev/null @@ -1,82 +0,0 @@ -# == Schema Information -# -# Table name: oauth_tokens -# -# id :integer not null, primary key -# user_id :integer -# type :string(20) -# client_application_id :integer -# token :string(50) -# secret :string(50) -# authorized_at :datetime -# invalidated_at :datetime -# created_at :datetime -# updated_at :datetime -# allow_read_prefs :boolean default(FALSE), not null -# allow_write_prefs :boolean default(FALSE), not null -# allow_write_diary :boolean default(FALSE), not null -# allow_write_api :boolean default(FALSE), not null -# allow_read_gpx :boolean default(FALSE), not null -# allow_write_gpx :boolean default(FALSE), not null -# callback_url :string -# verifier :string(20) -# scope :string -# valid_to :datetime -# allow_write_notes :boolean default(FALSE), not null -# -# Indexes -# -# index_oauth_tokens_on_token (token) UNIQUE -# index_oauth_tokens_on_user_id (user_id) -# -# Foreign Keys -# -# oauth_tokens_client_application_id_fkey (client_application_id => client_applications.id) -# oauth_tokens_user_id_fkey (user_id => users.id) -# - -class RequestToken < OauthToken - attr_accessor :provided_oauth_verifier - - def authorize!(user) - return false if authorized? - - self.user = user - self.authorized_at = Time.now.utc - self.verifier = OAuth::Helper.generate_key(20)[0, 20] unless oauth10? - save - end - - def exchange! - return false unless authorized? - return false unless oauth10? || verifier == provided_oauth_verifier - - RequestToken.transaction do - params = { :user => user, :client_application => client_application } - # copy the permissions from the authorised request token to the access token - client_application.permissions.each do |p| - params[p] = self[p] - end - - access_token = AccessToken.create(params) - invalidate! - access_token - end - end - - def to_query - if oauth10? - super - else - "#{super}&oauth_callback_confirmed=true" - end - end - - def oob? - callback_url.nil? || callback_url.casecmp?("oob") - end - - def oauth10? - Settings.key?(:oauth_10_support) && Settings.oauth_10_support && callback_url.blank? - end -end diff --git a/app/models/user.rb b/app/models/user.rb index 4241a9e56..ceeefd40f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -66,9 +66,6 @@ class User < ApplicationRecord has_many :note_comments, :foreign_key => :author_id, :inverse_of => :author has_many :notes, :through => :note_comments - has_many :client_applications - has_many :oauth_tokens, -> { order(:authorized_at => :desc).preload(:client_application) }, :class_name => "OauthToken", :inverse_of => :user - has_many :oauth2_applications, :class_name => Doorkeeper.config.application_model.name, :as => :owner has_many :access_grants, :class_name => Doorkeeper.config.access_grant_model.name, :foreign_key => :resource_owner_id has_many :access_tokens, :class_name => Doorkeeper.config.access_token_model.name, :foreign_key => :resource_owner_id @@ -332,7 +329,6 @@ class User < ApplicationRecord ## # revoke any authentication tokens def revoke_authentication_tokens - oauth_tokens.authorized.each(&:invalidate!) access_tokens.not_expired.each(&:revoke) end @@ -377,12 +373,6 @@ class User < ApplicationRecord suspend! if may_suspend? && spam_score > Settings.spam_threshold end - ## - # return an oauth 1 access token for a specified application - def access_token(application_key) - ClientApplication.find_by(:key => application_key).access_token_for_user(self) - end - ## # return an oauth 2 access token for a specified application def oauth_token(application_id) diff --git a/app/views/application/_settings_menu.html.erb b/app/views/application/_settings_menu.html.erb index 8477a11a0..14f1c2927 100644 --- a/app/views/application/_settings_menu.html.erb +++ b/app/views/application/_settings_menu.html.erb @@ -5,9 +5,6 @@
  • <%= link_to t(".account_settings"), edit_account_path, :class => "nav-link #{'active' if %w[accounts deletions].include?(controller_name)}" %>
    • -
  • - <%= link_to t(".oauth1_settings"), oauth_clients_path(current_user), :class => "nav-link #{'active' if controller_name == 'oauth_clients'}" %> -
  • <%= link_to t(".oauth2_applications"), oauth_applications_path, :class => "nav-link #{'active' if controller_name == 'oauth2_applications'}" %>
    • diff --git a/app/views/messages/_heading.html.erb b/app/views/messages/_heading.html.erb index 90995ed88..c3b479202 100644 --- a/app/views/messages/_heading.html.erb +++ b/app/views/messages/_heading.html.erb @@ -3,14 +3,14 @@ <% content_for :heading do %>

    <%= t("users.show.my messages") %>