Commit Graph

47 Commits

Author SHA1 Message Date
42688ed1c9 Prefer authentication token for session if present 2022-10-05 21:34:19 +02:00
16c00ec136 Add support for signed URLs used by the render_file function 2022-09-23 21:35:22 +02:00
5881795d5f Memorize config options instead of reading them from file over and over again 2022-09-23 21:35:22 +02:00
936c11e31f Refactor authentication token for new study-group-based authorization 2022-09-22 19:24:26 +02:00
9c9f45ff77 Redefine user roles with their role in a study group 2022-09-22 19:24:26 +02:00
f1aa004284 Use controller method for 404 responses 2022-09-14 01:01:14 +02:00
b0130b8fae Remove overwrite for X-Frame-Options
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
b6837e9539 Refactor validity of token authentication 2022-09-02 16:56:19 +02:00
cc3fc72cf9 slight changes to application controller to be more readable 2022-08-05 08:05:07 +02:00
baf70a0c06 Sanitize locale input.
Closes CODEOCEAN-9E
2022-07-15 13:35:18 +02:00
2ce9c4258a Remove New Relic 2022-04-29 22:53:36 +02:00
e7d35af418 Resolve Pundit deprecation warning 2022-04-20 18:28:44 +02:00
d08707f62e Fix switch_locale to return the block result 2021-06-28 16:08:24 +02:00
1b71163a77 Refactor locale with around method 2021-06-25 17:36:56 +02:00
5243808d54 Apply automatic rubocop fixes 2021-05-17 19:40:38 +02:00
da0a682ffb Apply manual rubocop fixes 2021-05-14 22:03:06 +02:00
6cbecb5b39 Apply automatic rubocop fixes 2021-05-14 22:03:06 +02:00
78230f0d97 Add message for expired session 2021-04-22 11:32:12 +02:00
fbf9010823 Ensure Mnemosyne trace is always attached 2021-03-19 20:00:41 +01:00
06fe37d6cf Check for Mnemosyne trace before appending meta information 2021-03-17 14:34:05 +01:00
486808eae0 Add mnemosyne tracing for render_csrf_error 2021-03-10 18:53:20 +01:00
82555d88b7 Add mnemosyne tracing for session 2021-03-10 18:00:37 +01:00
a174d75a47 Debug CSRF issues temporarily 2021-03-10 13:51:29 +01:00
b10e23dd16 Upgrade to newest Sentry 2021-03-04 14:02:16 +01:00
939f36816d Update Raven user context 2020-11-25 01:13:12 +01:00
eedbf6a815 Return nil if no user is signed in 2020-10-28 14:52:04 +01:00
5646316394 Set context for raven 2020-01-29 01:39:14 +01:00
f7030e3506 Refactor redirect if user is not authorized 2019-01-31 13:06:28 +01:00
d45dc04a3e Limit redirect to host 2019-01-15 17:36:32 +01:00
1a26d67c82 Merge branch 'master' into add_roles_via_LTI
# Conflicts:
#	app/views/application/_breadcrumbs.html.slim
#	app/views/application/welcome.html.slim
#	app/views/exercise_collections/show.html.slim
#	app/views/external_users/index.html.slim
#	app/views/layouts/application.html.slim
#	app/views/proxy_exercises/index.html.slim
#	app/views/user_exercise_feedbacks/index.html.slim
#	app/views/user_mailer/send_thank_you_note.slim
2018-12-14 00:53:06 +01:00
d3f67ab4c7 Rethink permissions in CodeOcean for usage in schools and adopt views 2018-12-12 14:09:19 +01:00
a0d8b30ef2 Implement support for some basic embed options for work sheets via LTI
This commit also fixes an issue with the flash messages being positioned too high and displayed for too long
2018-12-11 14:29:36 +01:00
832b48ba62 Refactor /insights to throw a Pundit exception if no current_user is set 2018-11-28 15:44:45 +01:00
c4f9c2fc85 Prevent redirection if possible
This will just show the flash message on prevent the browser from changing the location. Works great with Turbolinks!
2018-11-22 19:00:01 +01:00
9666683bd7 Fix error, submission, hints and help views 2018-11-06 16:46:01 +01:00
a77a006e8d Update CSRF chain to prepend checks and resolve comments from PR
Signed-off-by: Sebastian Serth <Sebastian.Serth@student.hpi.de>
2018-11-06 16:46:01 +01:00
8d1c846fae changes to newrelic 2017-09-20 13:29:26 +02:00
5002f9bbce allow iframe requests 2017-04-11 12:19:41 +02:00
325ea25849 Replaced session[:lti_parameters] with proper LtiParameter object.
Removed all tests that would be failing

TODO: decision if all LtiParameter objects for a certain user/consumer will be deleted when the user/consumer is deleted from the session, or only the LtiParameter object for the current exercise of the user/consumer.

TODO: replace removed tests with proper tests
2016-12-30 09:45:39 +01:00
6f1d8b2d38 Marked more locations that might require to be changed when we switch from session to LtiParameters Object 2016-12-27 07:48:59 +01:00
f4c01879bf preparations to replace session with lti_parameters object 2016-12-27 00:13:41 +01:00
c39fd9d6ce Revert stuff 2015-04-28 16:48:52 +02:00
23ddfaca11 current_user nil not false 2015-04-28 16:12:43 +02:00
707c40a65b some more logging for missing @current_user 2015-04-27 10:52:23 +02:00
4eef3d70d5 minor refactoring of flash messages 2015-03-23 16:42:57 +01:00
5bfe03c426 set application locale from custom LTI launch parameter 2015-02-23 11:33:43 +01:00
4cbf9970b1 transferred Code Ocean from original repository to GitHub 2015-01-22 10:01:32 +01:00