bec235c8d6
Fix XML parsing with invalid LTI response
...
An invalid XML response may be returned if the LTI provider is unavailable and cannot handle our request. We decided against logging in Sentry as this affects a third party functionality we cannot fix ourselves.
Fixes CODEOCEAN-G2
2022-12-07 23:00:21 +01:00
bc5baed05e
Use exec_query for custom SQL execution
...
Also align how we use query Postgres from controllers.
The change is mainly due to regular (but not reproducible) issues with the `intervalstyle` defaulting to `postgres` (instead of `iso8601`) and thereby causing issues. We're just experimenting to see whether this change resolves the issue.
2022-12-06 22:41:00 +01:00
9977e1614b
Allow external redirect for render host and LTI
...
We only use the `launch_presentation_return_url` provided to the @provider, in order to prevent using an open redirect.
2022-12-05 22:38:13 +01:00
b7a3fd4586
Refactor exercise statistics to use convert times in Ruby
2022-12-05 21:59:34 +01:00
90b30e2bf7
Upgrade to Rails 7.0 and apply new framework defaults
...
* Remove `send_stream` method pulled in before upgrading Rails
* Remove spring, it is no longer included by default for new apps
* Remove deprecated options from environments
* Remove old asset paths and workarounds no longer needed
* Remove unnecessary `OAUTH_10_SUPPORT` const, LTI still uses OAuth 1.0
* Dump schema with new defaults (and specify precision for timestamps where needed)
2022-12-04 15:21:59 +01:00
574e99eddd
Fix rubocop offenses - Requires Ruby 3.1+
2022-11-25 11:10:06 +01:00
dfbf06274c
Specify class for html_escape
2022-11-24 17:16:18 +01:00
ab688e09c0
Execute SQL statement in ping controller
2022-11-21 14:52:11 +01:00
25707478ea
Require user for Community Solution
...
Fixes CODEOCEAN-F7
2022-11-21 10:48:08 +01:00
b6cecf53aa
Pundit: Skip authorization in case of errors
...
Fixes CODEOCEAN-F3
2022-11-17 21:37:45 +01:00
b2af4e0663
Check submission and exercise files when filtering downloads
2022-11-17 20:47:33 +01:00
591f776f69
Close WebSocket connection normally
...
With Tubesock, we need to send a close frame ourselves. Otherwise, some browsers might display a warning.
2022-11-16 23:16:49 +01:00
0950e626ba
Convert message data to string before slicing
...
Fixes CODEOCEAN-F1
2022-11-16 19:53:19 +01:00
55d7fb2f9a
Download file: Return after rendering NotAuthorized Error
...
Fixes CODEOCEAN-ET
2022-11-14 18:21:35 +01:00
d50e6d30e9
List Files: Catch more Runner::Errors
2022-11-14 13:51:04 +01:00
60f8d9809b
Catch error in LiveStreams Controller to avoid concurrency issue
2022-11-10 12:00:56 +01:00
de024d9360
Set Content-Type to fixed value for send_runner_file
2022-11-04 16:52:49 +01:00
4f0b8c3c42
Reduce usage of @current_user (use helper instead)
2022-11-02 12:27:38 +01:00
58548555a5
Shell: Add file system browser to retrieve arbitrary files
2022-10-29 18:49:18 +02:00
60078701f5
Editor: Allow file retrieval after code run
2022-10-29 18:49:18 +02:00
eefe3faa13
Re-apply default group when external user signs out
2022-10-27 17:06:04 +02:00
f45fad71dd
Add early return support for authentication
2022-10-27 16:14:18 +02:00
dd1f4b0ac8
Merge pull request #939 from openHPI/refactor_proforma_import_export
...
Refactor Proforma Import/Export
2022-10-26 17:58:48 +02:00
c75f52f2c8
Fix Rubocop offenses
2022-10-24 12:28:50 +02:00
df384ebf0d
Disallow protected upload paths for non-native files
...
Fixes CODEOCEAN-E0
2022-10-06 00:11:27 +02:00
61e3cfcac5
Handle deleted files in CodeOcean::FilesController
...
Fixes CODEOCEAN-E2
2022-10-06 00:10:52 +02:00
f7515362a1
Set Content-Type to fixed value for all download actions
2022-10-05 21:46:17 +02:00
42688ed1c9
Prefer authentication token for session if present
2022-10-05 21:34:19 +02:00
2d95a737f6
Assume failed code execution if no status was received
2022-10-04 16:08:10 +02:00
b8b7cd99bd
SubmissionsController: Allow JS to be "rendered"
...
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
2022-10-04 16:06:59 +02:00
ca13ea03c8
SubmissionsController: Send Content-Length if possible
2022-10-04 16:06:59 +02:00
c3daa51c8c
SubmissionsController: Remove outdated ActionController::Live mixin
...
The mixin was previously used for Server-Sent-Events, which were removed from CodeOcean a long time ago.
After the mixin is removed, we can also fix the cookie send mechanism (this was erroneous with the mixin).
2022-10-04 16:06:58 +02:00
f53c6cb3ee
Shell: Add toggle to execute command as root
2022-10-04 16:06:58 +02:00
3263d4f838
Respect subpath for (render_)protected_upload_path
2022-09-28 11:06:15 +02:00
f73917313d
Add reminder about path validation for protected download and render
2022-09-25 01:12:48 +02:00
eb188dcd71
Add privilegedExecution flag to database and Poseidon Strategy
2022-09-24 22:32:41 +02:00
b866221353
rename route
2022-09-24 21:08:18 +02:00
16c00ec136
Add support for signed URLs used by the render_file function
2022-09-23 21:35:22 +02:00
5881795d5f
Memorize config options instead of reading them from file over and over again
2022-09-23 21:35:22 +02:00
0e7c38657f
Allow teachers to access internal users and manage them in their study groups
2022-09-22 19:24:26 +02:00
ac3dc8d30f
Allow platform admins and internal users to switch their current study group
2022-09-22 19:24:26 +02:00
4d2fe22daf
Allow assignment of study groups for internal users
2022-09-22 19:24:26 +02:00
02c65af034
Update scope query for new teacher definition
2022-09-22 19:24:26 +02:00
936c11e31f
Refactor authentication token for new study-group-based authorization
2022-09-22 19:24:26 +02:00
9c9f45ff77
Redefine user roles with their role in a study group
2022-09-22 19:24:26 +02:00
fa6527b4ed
Refactor exercises_controller.rb to reduce code duplication
2022-09-22 19:24:26 +02:00
03cc71ccbc
Update ExecutionEnvironment statistics and sync message
2022-09-14 12:19:59 +02:00
f1aa004284
Use controller method for 404 responses
2022-09-14 01:01:14 +02:00
dba3aac800
Merge branch 'master' into refactor_proforma_import_export
2022-09-13 22:47:50 +02:00
b0130b8fae
Remove overwrite for X-Frame-Options
...
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
