codeocean

Author	SHA1	Message	Date
Sebastian Serth	04504973ba	Adjust Sentry's user context	2023-02-03 00:16:52 +01:00
Sebastian Serth	7cd61acbce	I18n: Automatically choose locale through HTTP header	2022-12-20 10:26:32 +01:00
Sebastian Serth	9977e1614b	Allow external redirect for render host and LTI We only use the `launch_presentation_return_url` provided to the @provider, in order to prevent using an open redirect.	2022-12-05 22:38:13 +01:00
Sebastian Serth	574e99eddd	Fix rubocop offenses - Requires Ruby 3.1+	2022-11-25 11:10:06 +01:00
Sebastian Serth	f45fad71dd	Add early return support for authentication	2022-10-27 16:14:18 +02:00
Sebastian Serth	42688ed1c9	Prefer authentication token for session if present	2022-10-05 21:34:19 +02:00
Sebastian Serth	16c00ec136	Add support for signed URLs used by the render_file function	2022-09-23 21:35:22 +02:00
Sebastian Serth	5881795d5f	Memorize config options instead of reading them from file over and over again	2022-09-23 21:35:22 +02:00
Sebastian Serth	936c11e31f	Refactor authentication token for new study-group-based authorization	2022-09-22 19:24:26 +02:00
Sebastian Serth	9c9f45ff77	Redefine user roles with their role in a study group	2022-09-22 19:24:26 +02:00
Sebastian Serth	f1aa004284	Use controller method for 404 responses	2022-09-14 01:01:14 +02:00
Sebastian Serth	b0130b8fae	Remove overwrite for X-Frame-Options * With current third-party-cookies being blocked by modern browsers, CodeOcean won't work in an iFrame anyway.	2022-09-06 11:21:37 +02:00
Janis Vaneylen	b6837e9539	Refactor validity of token authentication	2022-09-02 16:56:19 +02:00
Janis4411	cc3fc72cf9	slight changes to application controller to be more readable	2022-08-05 08:05:07 +02:00
Sebastian Serth	baf70a0c06	Sanitize locale input. Closes CODEOCEAN-9E	2022-07-15 13:35:18 +02:00
Sebastian Serth	2ce9c4258a	Remove New Relic	2022-04-29 22:53:36 +02:00
Sebastian Serth	e7d35af418	Resolve Pundit deprecation warning	2022-04-20 18:28:44 +02:00
Sebastian Serth	d08707f62e	Fix switch_locale to return the block result	2021-06-28 16:08:24 +02:00
Sebastian Serth	1b71163a77	Refactor locale with around method	2021-06-25 17:36:56 +02:00
Sebastian Serth	5243808d54	Apply automatic rubocop fixes	2021-05-17 19:40:38 +02:00
Sebastian Serth	da0a682ffb	Apply manual rubocop fixes	2021-05-14 22:03:06 +02:00
Sebastian Serth	6cbecb5b39	Apply automatic rubocop fixes	2021-05-14 22:03:06 +02:00
Sebastian Serth	78230f0d97	Add message for expired session	2021-04-22 11:32:12 +02:00
Sebastian Serth	fbf9010823	Ensure Mnemosyne trace is always attached	2021-03-19 20:00:41 +01:00
Sebastian Serth	06fe37d6cf	Check for Mnemosyne trace before appending meta information	2021-03-17 14:34:05 +01:00
Sebastian Serth	486808eae0	Add mnemosyne tracing for render_csrf_error	2021-03-10 18:53:20 +01:00
Sebastian Serth	82555d88b7	Add mnemosyne tracing for session	2021-03-10 18:00:37 +01:00
Sebastian Serth	a174d75a47	Debug CSRF issues temporarily	2021-03-10 13:51:29 +01:00
Sebastian Serth	b10e23dd16	Upgrade to newest Sentry	2021-03-04 14:02:16 +01:00
Sebastian Serth	939f36816d	Update Raven user context	2020-11-25 01:13:12 +01:00
Sebastian Serth	eedbf6a815	Return nil if no user is signed in	2020-10-28 14:52:04 +01:00
Sebastian Serth	5646316394	Set context for raven	2020-01-29 01:39:14 +01:00
Sebastian Serth	f7030e3506	Refactor redirect if user is not authorized	2019-01-31 13:06:28 +01:00
Sebastian Serth	d45dc04a3e	Limit redirect to host	2019-01-15 17:36:32 +01:00
Sebastian Serth	1a26d67c82	Merge branch 'master' into add_roles_via_LTI # Conflicts: # app/views/application/_breadcrumbs.html.slim # app/views/application/welcome.html.slim # app/views/exercise_collections/show.html.slim # app/views/external_users/index.html.slim # app/views/layouts/application.html.slim # app/views/proxy_exercises/index.html.slim # app/views/user_exercise_feedbacks/index.html.slim # app/views/user_mailer/send_thank_you_note.slim	2018-12-14 00:53:06 +01:00
Sebastian Serth	d3f67ab4c7	Rethink permissions in CodeOcean for usage in schools and adopt views	2018-12-12 14:09:19 +01:00
Sebastian Serth	a0d8b30ef2	Implement support for some basic embed options for work sheets via LTI This commit also fixes an issue with the flash messages being positioned too high and displayed for too long	2018-12-11 14:29:36 +01:00
Sebastian Serth	832b48ba62	Refactor /insights to throw a Pundit exception if no current_user is set	2018-11-28 15:44:45 +01:00
Sebastian Serth	c4f9c2fc85	Prevent redirection if possible This will just show the flash message on prevent the browser from changing the location. Works great with Turbolinks!	2018-11-22 19:00:01 +01:00
Sebastian Serth	9666683bd7	Fix error, submission, hints and help views	2018-11-06 16:46:01 +01:00
Sebastian Serth	a77a006e8d	Update CSRF chain to prepend checks and resolve comments from PR Signed-off-by: Sebastian Serth <Sebastian.Serth@student.hpi.de>	2018-11-06 16:46:01 +01:00
Ralf Teusner	8d1c846fae	changes to newrelic	2017-09-20 13:29:26 +02:00
Niklas Kiefer	5002f9bbce	allow iframe requests	2017-04-11 12:19:41 +02:00
Tom Staubitz	325ea25849	Replaced session[:lti_parameters] with proper LtiParameter object. Removed all tests that would be failing TODO: decision if all LtiParameter objects for a certain user/consumer will be deleted when the user/consumer is deleted from the session, or only the LtiParameter object for the current exercise of the user/consumer. TODO: replace removed tests with proper tests	2016-12-30 09:45:39 +01:00
Tom Staubitz	6f1d8b2d38	Marked more locations that might require to be changed when we switch from session to LtiParameters Object	2016-12-27 07:48:59 +01:00
Tom Staubitz	f4c01879bf	preparations to replace session with lti_parameters object	2016-12-27 00:13:41 +01:00
Jan Renz	c39fd9d6ce	Revert stuff	2015-04-28 16:48:52 +02:00
Jan Renz	23ddfaca11	current_user nil not false	2015-04-28 16:12:43 +02:00
Ralf Teusner	707c40a65b	some more logging for missing @current_user	2015-04-27 10:52:23 +02:00
Hauke Klement	4eef3d70d5	minor refactoring of flash messages	2015-03-23 16:42:57 +01:00

1 2

52 Commits