Commit be0f284
Changed files (19)
app
controllers
config
lib
tasks
app/controllers/concerns/authenticatable.rb
@@ -25,6 +25,7 @@ module Authenticatable
def authenticate_mfa!
return unless Current.user?
+
mfa = Current.user.mfa
redirect_to new_mfa_path unless mfa.valid_session?(session[:mfa])
end
app/controllers/my/mfas_controller.rb
@@ -8,6 +8,7 @@ module My
def new
return redirect_to edit_my_mfa_path if current_user.mfa.setup?
+
current_user.mfa.build_secret
end
app/controllers/scim/controller.rb
@@ -54,6 +54,7 @@ module Scim
def ensure_correct_content_type!
return if acceptable_content_type?
+
status = :unsupported_media_type
render 'unsupported_media_type', status: status, formats: :scim
end
app/controllers/oauths_controller.rb
@@ -3,6 +3,7 @@
class OauthsController < ApplicationController
def show
return render_error(:not_found) unless params[:response_type] == 'code'
+
@client = Client.find_by!(uuid: params[:client_id])
end
app/controllers/responses_controller.rb
@@ -5,6 +5,7 @@ class ResponsesController < ApplicationController
if session[:saml].present?
saml = Saml::Kit::Document.to_saml_document(session[:saml][:xml])
return render_error(:forbidden, model: saml) if saml.invalid?
+
post_back(saml, session[:saml][:params][:RelayState])
else
redirect_to my_dashboard_path
app/controllers/sessions_controller.rb
@@ -18,6 +18,7 @@ class SessionsController < ApplicationController
)
@saml = binding.deserialize(saml_params)
return render_error(:forbidden, model: @saml) if @saml.invalid?
+
session[:saml] = { params: saml_params.to_h, xml: @saml.to_xml }
redirect_to response_path if current_user?
rescue StandardError => error
@@ -41,11 +42,13 @@ class SessionsController < ApplicationController
saml = binding.deserialize(saml_params)
raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
raise 'Unknown NameId' unless current_user.uuid == saml.name_id
+
session[:saml] = { params: saml_params.to_h, xml: saml.to_xml }
redirect_to response_path
elsif saml_params[:SAMLResponse].present?
saml = binding.deserialize(saml_params)
raise ActiveRecord::RecordInvalid.new(saml) if saml.invalid?
+
reset_session
redirect_to new_session_path
else
app/controllers/tokens_controller.rb
@@ -7,6 +7,7 @@ class TokensController < ApplicationController
@access_token, @refresh_token = tokens_for(params[:grant_type])
return bad_request if @access_token.nil?
+
render formats: :json
rescue StandardError => error
Rails.logger.error(error)
@@ -31,6 +32,7 @@ class TokensController < ApplicationController
Client.find_by(uuid: client_id)&.authenticate(client_secret)
end
return if current_client
+
render "invalid_client", formats: :json, status: :unauthorized
end
@@ -59,6 +61,7 @@ class TokensController < ApplicationController
Base64.urlsafe_decode64(raw)
)
return if assertion.invalid?
+
user = if assertion.name_id_format == Saml::Kit::Namespaces::PERSISTENT
User.find_by!(uuid: assertion.name_id)
else
app/models/mfa.rb
@@ -37,6 +37,7 @@ class Mfa
def valid_session?(session)
return true unless setup?
+
session && session[:issued_at].present?
end
app/models/user_session.rb
@@ -15,6 +15,7 @@ class UserSession < ApplicationRecord
def self.authenticate(key)
return if key.blank?
+
active.find_by(key: key)
end
config/jekyll.yml
@@ -0,0 +1,41 @@
+# Welcome to Jekyll!
+#
+# This config file is meant for settings that affect your whole blog, values
+# which you are expected to set up once and rarely edit after that. If you find
+# yourself editing this file very often, consider using Jekyll's data files
+# feature for the data you need to update frequently.
+#
+# For technical reasons, this file is *NOT* reloaded automatically when you use
+# 'bundle exec jekyll serve'. If you change this file, please restart the server process.
+
+# Site settings
+# These are used to personalize your new site. If you look in the HTML files,
+# you will see them accessed via {{ site.title }}, {{ site.email }}, and so on.
+# You can create any custom variable you would like, and they will be accessible
+# in the templates via {{ site.myvariable }}.
+title: Proof
+email: mokha@example.com
+description: >- # this means to ignore newlines until "baseurl:"
+ API documentation for Proof.
+baseurl: "doc" # the subpath of your site, e.g. /blog
+url: "" # the base hostname & protocol for your site, e.g. http://example.com
+twitter_username: jekyllrb
+github_username: jekyll
+source: 'doc'
+destination: 'public/doc'
+
+# Build settings
+markdown: kramdown
+theme: minima
+
+# Exclude from processing.
+# The following items will not be processed, by default. Create a custom list
+# to override the default setting.
+# exclude:
+# - Gemfile
+# - Gemfile.lock
+# - node_modules
+# - vendor/bundle/
+# - vendor/cache/
+# - vendor/gems/
+# - vendor/ruby/
doc/_posts/2018-09-24-welcome-to-jekyll.markdown
@@ -0,0 +1,25 @@
+---
+layout: post
+title: "Welcome to Jekyll!"
+date: 2018-09-24 14:58:59 -0600
+categories: jekyll update
+---
+You’ll find this post in your `_posts` directory. Go ahead and edit it and re-build the site to see your changes. You can rebuild the site in many different ways, but the most common way is to run `jekyll serve`, which launches a web server and auto-regenerates your site when a file is updated.
+
+To add new posts, simply add a file in the `_posts` directory that follows the convention `YYYY-MM-DD-name-of-post.ext` and includes the necessary front matter. Take a look at the source for this post to get an idea about how it works.
+
+Jekyll also offers powerful support for code snippets:
+
+{% highlight ruby %}
+def print_hi(name)
+ puts "Hi, #{name}"
+end
+print_hi('Tom')
+#=> prints 'Hi, Tom' to STDOUT.
+{% endhighlight %}
+
+Check out the [Jekyll docs][jekyll-docs] for more info on how to get the most out of Jekyll. File all bugs/feature requests at [Jekyll’s GitHub repo][jekyll-gh]. If you have questions, you can ask them on [Jekyll Talk][jekyll-talk].
+
+[jekyll-docs]: https://jekyllrb.com/docs/home
+[jekyll-gh]: https://github.com/jekyll/jekyll
+[jekyll-talk]: https://talk.jekyllrb.com/
doc/.gitignore
@@ -0,0 +1,3 @@
+_site
+.sass-cache
+.jekyll-metadata
doc/about.md
@@ -0,0 +1,18 @@
+---
+layout: page
+title: About
+permalink: /about/
+---
+
+This is the base Jekyll theme. You can find out more info about customizing your Jekyll theme, as well as basic Jekyll usage documentation at [jekyllrb.com](https://jekyllrb.com/)
+
+You can find the source code for Minima at GitHub:
+[jekyll][jekyll-organization] /
+[minima](https://github.com/jekyll/minima)
+
+You can find the source code for Jekyll at GitHub:
+[jekyll][jekyll-organization] /
+[jekyll](https://github.com/jekyll/jekyll)
+
+
+[jekyll-organization]: https://github.com/jekyll
doc/index.md
@@ -0,0 +1,6 @@
+---
+# Feel free to add content and custom Front Matter to this file.
+# To modify the layout, see https://jekyllrb.com/docs/themes/#overriding-theme-defaults
+
+layout: home
+---
lib/tasks/doc.rake
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+namespace :doc do
+ desc "Build static pages"
+ task :build do
+ sh "jekyll b --config config/jekyll.yml"
+ end
+
+ desc "Watch and rebuild static pages"
+ task :watch do
+ sh "jekyll b --config config/jekyll.yml --watch"
+ end
+
+ desc "Clean up after Jekyll"
+ task :clean do
+ sh "jekyll clean --config config/jekyll.yml"
+ sh "mkdir public/doc && touch public/doc/.keep"
+ end
+end
.gitignore
@@ -39,3 +39,5 @@ package-lock.json
vendor/cache
pkg
BUILD
+.sass-cache
+public/doc
Gemfile
@@ -29,7 +29,9 @@ gem 'webpacker', '~> 3.5'
group :development do
gem 'brakeman', '~> 4.3'
gem 'bundler-audit', '~> 0.6'
+ gem 'jekyll', '~> 3.8'
gem 'listen', '>= 3.0.5', '< 3.2'
+ gem "minima", "~> 2.0" # This is the default theme for new Jekyll sites. You may change this to anything you like.
gem 'rubocop', '~> 0.58'
gem 'web-console', '>= 3.3.0'
end
Gemfile.lock
@@ -56,7 +56,7 @@ GEM
activerecord (>= 4.0, < 5.3)
bcrypt (3.1.12)
bindex (0.5.0)
- bootsnap (1.3.1)
+ bootsnap (1.3.2)
msgpack (~> 1.0)
brakeman (4.3.1)
builder (3.2.3)
@@ -64,7 +64,7 @@ GEM
bundler (~> 1.2)
thor (~> 0.18)
byebug (10.0.2)
- capybara (3.6.0)
+ capybara (3.8.1)
addressable
mini_mime (>= 0.1.3)
nokogiri (~> 1.8)
@@ -76,20 +76,25 @@ GEM
launchy
childprocess (0.9.0)
ffi (~> 1.0, >= 1.0.11)
+ colorator (1.1.0)
concurrent-ruby (1.0.5)
crack (0.4.3)
safe_yaml (~> 1.0.0)
crass (1.0.4)
diff-lcs (1.3)
dotenv (2.5.0)
+ em-websocket (0.5.1)
+ eventmachine (>= 0.12.9)
+ http_parser.rb (~> 0.6.0)
email_validator (1.6.0)
activemodel
erubi (1.7.1)
+ eventmachine (1.2.7)
execjs (2.7.0)
- factory_bot (4.11.0)
+ factory_bot (4.11.1)
activesupport (>= 3.0.0)
- factory_bot_rails (4.11.0)
- factory_bot (~> 4.11.0)
+ factory_bot_rails (4.11.1)
+ factory_bot (~> 4.11.1)
railties (>= 3.0.0)
ffaker (2.10.0)
ffi (1.9.25)
@@ -99,13 +104,15 @@ GEM
flipper (~> 0.16.0)
foreman (0.85.0)
thor (~> 0.19.1)
+ forwardable-extended (2.6.0)
globalid (0.4.1)
activesupport (>= 4.2.0)
hashdiff (0.3.7)
highline (2.0.0)
- i18n (1.1.0)
+ http_parser.rb (0.6.0)
+ i18n (0.9.5)
concurrent-ruby (~> 1.0)
- i18n-tasks (0.9.24)
+ i18n-tasks (0.9.25)
activesupport (>= 4.0.2)
ast (>= 2.1.0)
erubi
@@ -118,9 +125,32 @@ GEM
jbuilder (2.7.0)
activesupport (>= 4.2.0)
multi_json (>= 1.2)
+ jekyll (3.8.4)
+ addressable (~> 2.4)
+ colorator (~> 1.0)
+ em-websocket (~> 0.5)
+ i18n (~> 0.7)
+ jekyll-sass-converter (~> 1.0)
+ jekyll-watch (~> 2.0)
+ kramdown (~> 1.14)
+ liquid (~> 4.0)
+ mercenary (~> 0.3.3)
+ pathutil (~> 0.9)
+ rouge (>= 1.7, < 4)
+ safe_yaml (~> 1.0)
+ jekyll-feed (0.11.0)
+ jekyll (~> 3.3)
+ jekyll-sass-converter (1.5.2)
+ sass (~> 3.4)
+ jekyll-seo-tag (2.5.0)
+ jekyll (~> 3.3)
+ jekyll-watch (2.0.0)
+ listen (~> 3.0)
jwt (2.1.0)
+ kramdown (1.17.0)
launchy (2.4.3)
addressable (~> 2.3)
+ liquid (4.0.0)
listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7)
@@ -131,12 +161,17 @@ GEM
nokogiri (>= 1.5.9)
mail (2.7.0)
mini_mime (>= 0.1.1)
- marcel (0.3.2)
+ marcel (0.3.3)
mimemagic (~> 0.3.2)
+ mercenary (0.3.6)
method_source (0.9.0)
mimemagic (0.3.2)
mini_mime (1.0.1)
mini_portile2 (2.3.0)
+ minima (2.5.0)
+ jekyll (~> 3.5)
+ jekyll-feed (~> 0.9)
+ jekyll-seo-tag (~> 2.1)
minitest (5.11.3)
msgpack (1.2.4)
multi_json (1.13.1)
@@ -147,12 +182,14 @@ GEM
parallel (1.12.1)
parser (2.5.1.2)
ast (~> 2.4.0)
- pg (1.1.2)
+ pathutil (0.16.1)
+ forwardable-extended (~> 2.6)
+ pg (1.1.3)
powerpack (0.1.2)
public_suffix (3.0.3)
puma (3.12.0)
rack (2.0.5)
- rack-proxy (0.6.4)
+ rack-proxy (0.6.5)
rack
rack-test (1.1.0)
rack (>= 1.0, < 3)
@@ -191,6 +228,7 @@ GEM
rb-inotify (0.9.10)
ffi (>= 0.5.0, < 2)
rotp (3.3.1)
+ rouge (3.2.1)
rspec-core (3.8.0)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.1)
@@ -208,7 +246,7 @@ GEM
rspec-mocks (~> 3.8.0)
rspec-support (~> 3.8.0)
rspec-support (3.8.0)
- rubocop (0.58.2)
+ rubocop (0.59.2)
jaro_winkler (~> 1.5.1)
parallel (~> 1.10)
parser (>= 2.5, != 2.5.1.1)
@@ -224,6 +262,11 @@ GEM
activemodel (>= 4.2.0)
net-hippie (~> 0.1.8)
xml-kit (>= 0.1.13, <= 1.0.0)
+ sass (3.6.0)
+ sass-listen (~> 4.0.0)
+ sass-listen (4.0.0)
+ rb-fsevent (~> 0.9, >= 0.9.4)
+ rb-inotify (~> 0.9, >= 0.9.7)
scim-shady (0.2.1)
activesupport (>= 4.2.0)
selenium-webdriver (3.14.0)
@@ -248,10 +291,10 @@ GEM
turbolinks-source (5.2.0)
tzinfo (1.2.5)
thread_safe (~> 0.1)
- uglifier (4.1.18)
+ uglifier (4.1.19)
execjs (>= 0.3.0, < 3)
unicode-display_width (1.4.0)
- web-console (3.6.2)
+ web-console (3.7.0)
actionview (>= 5.0)
activemodel (>= 5.0)
bindex (>= 0.4.0)
@@ -300,9 +343,11 @@ DEPENDENCIES
foreman (~> 0.85)
i18n-tasks (~> 0.9.24)
jbuilder (~> 2.5)
+ jekyll (~> 3.8)
jwt (~> 2.1)
listen (>= 3.0.5, < 3.2)
local_time (~> 2.1)
+ minima (~> 2.0)
pg
puma (~> 3.11)
rails (~> 5.2.0)