Commit Graph

767 Commits

Author SHA1 Message Date
87771b905a Fix rubocop offenses 2023-01-11 23:57:29 +01:00
6a942ccf50 Capture exception for Scoring
Previously, an exception was caused by the tubesock gem but not sent to Sentry. This caused errors not to bubble up correctly but rather kill the current thread, leaving the user with a generic "WebSocket connection not established" message.

Probably, this should be removed when updating the WebSocket implementation.
2022-12-23 13:04:34 +01:00
7cd61acbce I18n: Automatically choose locale through HTTP header 2022-12-20 10:26:32 +01:00
8a6e0a8366 Catch empty files_json during conversion 2022-12-19 16:11:35 +01:00
17356c3045 Allow redirect to main CodeOcean host
When a file cannot be retrieved any longer, we send a redirect to the previous locations. As we usually enable a different render host, Rails sees this redirect as a redirect to another host (from the render host to the main CodeOcean host).
2022-12-19 16:06:47 +01:00
bec235c8d6 Fix XML parsing with invalid LTI response
An invalid XML response may be returned if the LTI provider is unavailable and cannot handle our request. We decided against logging in Sentry as this affects a third party functionality we cannot fix ourselves.
Fixes CODEOCEAN-G2
2022-12-07 23:00:21 +01:00
bc5baed05e Use exec_query for custom SQL execution
Also align how we use query Postgres from controllers.

The change is mainly due to regular (but not reproducible) issues with the `intervalstyle` defaulting to `postgres` (instead of `iso8601`) and thereby causing issues. We're just experimenting to see whether this change resolves the issue.
2022-12-06 22:41:00 +01:00
9977e1614b Allow external redirect for render host and LTI
We only use the `launch_presentation_return_url` provided to the @provider, in order to prevent using an open redirect.
2022-12-05 22:38:13 +01:00
b7a3fd4586 Refactor exercise statistics to use convert times in Ruby 2022-12-05 21:59:34 +01:00
90b30e2bf7 Upgrade to Rails 7.0 and apply new framework defaults
* Remove `send_stream` method pulled in before upgrading Rails
* Remove spring, it is no longer included by default for new apps
* Remove deprecated options from environments
* Remove old asset paths and workarounds no longer needed
* Remove unnecessary `OAUTH_10_SUPPORT` const, LTI still uses OAuth 1.0
* Dump schema with new defaults (and specify precision for timestamps where needed)
2022-12-04 15:21:59 +01:00
574e99eddd Fix rubocop offenses - Requires Ruby 3.1+ 2022-11-25 11:10:06 +01:00
dfbf06274c Specify class for html_escape 2022-11-24 17:16:18 +01:00
ab688e09c0 Execute SQL statement in ping controller 2022-11-21 14:52:11 +01:00
25707478ea Require user for Community Solution
Fixes CODEOCEAN-F7
2022-11-21 10:48:08 +01:00
b6cecf53aa Pundit: Skip authorization in case of errors
Fixes CODEOCEAN-F3
2022-11-17 21:37:45 +01:00
b2af4e0663 Check submission and exercise files when filtering downloads 2022-11-17 20:47:33 +01:00
591f776f69 Close WebSocket connection normally
With Tubesock, we need to send a close frame ourselves. Otherwise, some browsers might display a warning.
2022-11-16 23:16:49 +01:00
0950e626ba Convert message data to string before slicing
Fixes CODEOCEAN-F1
2022-11-16 19:53:19 +01:00
55d7fb2f9a Download file: Return after rendering NotAuthorized Error
Fixes CODEOCEAN-ET
2022-11-14 18:21:35 +01:00
d50e6d30e9 List Files: Catch more Runner::Errors 2022-11-14 13:51:04 +01:00
60f8d9809b Catch error in LiveStreams Controller to avoid concurrency issue 2022-11-10 12:00:56 +01:00
de024d9360 Set Content-Type to fixed value for send_runner_file 2022-11-04 16:52:49 +01:00
4f0b8c3c42 Reduce usage of @current_user (use helper instead) 2022-11-02 12:27:38 +01:00
58548555a5 Shell: Add file system browser to retrieve arbitrary files 2022-10-29 18:49:18 +02:00
60078701f5 Editor: Allow file retrieval after code run 2022-10-29 18:49:18 +02:00
eefe3faa13 Re-apply default group when external user signs out 2022-10-27 17:06:04 +02:00
f45fad71dd Add early return support for authentication 2022-10-27 16:14:18 +02:00
dd1f4b0ac8 Merge pull request #939 from openHPI/refactor_proforma_import_export
Refactor Proforma Import/Export
2022-10-26 17:58:48 +02:00
c75f52f2c8 Fix Rubocop offenses 2022-10-24 12:28:50 +02:00
df384ebf0d Disallow protected upload paths for non-native files
Fixes CODEOCEAN-E0
2022-10-06 00:11:27 +02:00
61e3cfcac5 Handle deleted files in CodeOcean::FilesController
Fixes CODEOCEAN-E2
2022-10-06 00:10:52 +02:00
f7515362a1 Set Content-Type to fixed value for all download actions 2022-10-05 21:46:17 +02:00
42688ed1c9 Prefer authentication token for session if present 2022-10-05 21:34:19 +02:00
2d95a737f6 Assume failed code execution if no status was received 2022-10-04 16:08:10 +02:00
b8b7cd99bd SubmissionsController: Allow JS to be "rendered"
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
2022-10-04 16:06:59 +02:00
ca13ea03c8 SubmissionsController: Send Content-Length if possible 2022-10-04 16:06:59 +02:00
c3daa51c8c SubmissionsController: Remove outdated ActionController::Live mixin
The mixin was previously used for Server-Sent-Events, which were removed from CodeOcean a long time ago.
After the mixin is removed, we can also fix the cookie send mechanism (this was erroneous with the mixin).
2022-10-04 16:06:58 +02:00
f53c6cb3ee Shell: Add toggle to execute command as root 2022-10-04 16:06:58 +02:00
3263d4f838 Respect subpath for (render_)protected_upload_path 2022-09-28 11:06:15 +02:00
f73917313d Add reminder about path validation for protected download and render 2022-09-25 01:12:48 +02:00
eb188dcd71 Add privilegedExecution flag to database and Poseidon Strategy 2022-09-24 22:32:41 +02:00
b866221353 rename route 2022-09-24 21:08:18 +02:00
16c00ec136 Add support for signed URLs used by the render_file function 2022-09-23 21:35:22 +02:00
5881795d5f Memorize config options instead of reading them from file over and over again 2022-09-23 21:35:22 +02:00
0e7c38657f Allow teachers to access internal users and manage them in their study groups 2022-09-22 19:24:26 +02:00
ac3dc8d30f Allow platform admins and internal users to switch their current study group 2022-09-22 19:24:26 +02:00
4d2fe22daf Allow assignment of study groups for internal users 2022-09-22 19:24:26 +02:00
02c65af034 Update scope query for new teacher definition 2022-09-22 19:24:26 +02:00
936c11e31f Refactor authentication token for new study-group-based authorization 2022-09-22 19:24:26 +02:00
9c9f45ff77 Redefine user roles with their role in a study group 2022-09-22 19:24:26 +02:00