Skip to content
Permalink
Browse files

Backport information on security badge

  • Loading branch information...
oliverguenther committed Feb 17, 2019
2 parents c630437 + 1927836 commit 328d0cc44c9ba3aaae484468bfd3300778882fa2
Showing with 5,073 additions and 9 deletions.
  1. +1 −0 app/assets/stylesheets/content/_index.sass
  2. +6 −0 app/assets/stylesheets/content/_security_badge.sass
  3. +4 −0 app/helpers/security_badge_helper.rb
  4. +8 −3 app/views/admin/info.html.erb
  5. +9 −4 app/views/homescreen/blocks/_administration.html.erb
  6. +7 −1 app/views/settings/_general.html.erb
  7. +125 −0 config/locales/crowdin/af.yml
  8. +125 −0 config/locales/crowdin/ar.yml
  9. +125 −0 config/locales/crowdin/az.yml
  10. +125 −0 config/locales/crowdin/bg.yml
  11. +125 −0 config/locales/crowdin/ca.yml
  12. +125 −0 config/locales/crowdin/cs.yml
  13. +125 −0 config/locales/crowdin/da.yml
  14. +125 −0 config/locales/crowdin/de.yml
  15. +125 −0 config/locales/crowdin/el.yml
  16. +125 −0 config/locales/crowdin/es.yml
  17. +125 −0 config/locales/crowdin/et.yml
  18. +125 −0 config/locales/crowdin/fa.yml
  19. +125 −0 config/locales/crowdin/fi.yml
  20. +125 −0 config/locales/crowdin/fil.yml
  21. +125 −0 config/locales/crowdin/fr.yml
  22. +125 −0 config/locales/crowdin/he.yml
  23. +125 −0 config/locales/crowdin/hi.yml
  24. +125 −0 config/locales/crowdin/hr.yml
  25. +125 −0 config/locales/crowdin/hu.yml
  26. +125 −0 config/locales/crowdin/id.yml
  27. +126 −0 config/locales/crowdin/it.yml
  28. +125 −0 config/locales/crowdin/ja.yml
  29. +125 −0 config/locales/crowdin/ko.yml
  30. +125 −0 config/locales/crowdin/lt.yml
  31. +125 −0 config/locales/crowdin/lv.yml
  32. +126 −0 config/locales/crowdin/nl.yml
  33. +125 −0 config/locales/crowdin/no.yml
  34. +125 −0 config/locales/crowdin/pl.yml
  35. +125 −0 config/locales/crowdin/pt-BR.yml
  36. +125 −0 config/locales/crowdin/pt.yml
  37. +125 −0 config/locales/crowdin/ro.yml
  38. +125 −0 config/locales/crowdin/ru.yml
  39. +125 −0 config/locales/crowdin/sk.yml
  40. +125 −0 config/locales/crowdin/sv-SE.yml
  41. +125 −0 config/locales/crowdin/th.yml
  42. +125 −0 config/locales/crowdin/tr.yml
  43. +125 −0 config/locales/crowdin/uk.yml
  44. +125 −0 config/locales/crowdin/vi.yml
  45. +125 −0 config/locales/crowdin/zh-TW.yml
  46. +125 −0 config/locales/crowdin/zh.yml
  47. +7 −1 config/locales/en.yml
  48. +15 −0 docs/configuration/configuration.md
  49. +3 −0 lib/open_project/configuration.rb
  50. +11 −0 lib/open_project/static/links.rb
@@ -69,6 +69,7 @@
@import content/hide_until_initialized
@import content/hidden
@import content/search
@import content/security_badge
@import content/contextual
@import content/tooltip
@import content/version
@@ -0,0 +1,6 @@
.security-badge--container
height: 28px

.security-badge--help-icon
position: relative
top: -8px
@@ -41,4 +41,8 @@ def security_badge_url(args = {})
uri.query = info.to_query
uri.to_s
end

def display_security_badge_graphic?
OpenProject::Configuration.security_badge_displayed? && Setting.security_badge_displayed?
end
end
@@ -48,13 +48,18 @@ See docs/COPYRIGHT.rdoc for more details.
<span><strong><%= OpenProject::Info.versioned_name %></strong> (<%= @db_adapter_name %>)</span>
</div>
</div>
<% if Setting.security_badge_displayed? %>
<% if display_security_badge_graphic? %>
<div class="attributes-key-value--key"></div>
<div class="attributes-key-value--value-container">
<div class="attributes-key-value--value -text">
<%= content_tag :span do %>
<div class="security-badge--container">
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml" %>
<% end %>
<%= link_to '',
::OpenProject::Static::Links[:security_badge_documentation][:href],
title: t(:label_what_is_this),
class: 'security-badge--help-icon icon-context icon-help1',
target: '_blank' %>
</div>
</div>
</div>
<% end %>
@@ -47,9 +47,14 @@
<%= link_to t(:label_custom_style), custom_style_path,
title: t(:label_custom_style) %>
</li>
<%= content_tag :li do %>
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml", style: "vertical-align:top;" %>
<% end if Setting.security_badge_displayed? %>

<%= call_hook(:homescreen_administration_links) %>
</ul>

<%= content_tag :div, class: 'security-badge--container' do %>
<%= content_tag :object, nil, data: security_badge_url, type: "image/svg+xml" %>
<%= link_to '',
::OpenProject::Static::Links[:security_badge_documentation][:href],
title: t(:label_what_is_this),
class: 'security-badge--help-icon icon-context icon-help1',
target: '_blank' %>
<% end if display_security_badge_graphic? %>
@@ -57,12 +57,18 @@ See docs/COPYRIGHT.rdoc for more details.
<%= setting_text_field :file_max_size_displayed, size: 6, unit: t(:"number.human.storage_units.units.kb"), container_class: '-xslim' %>
</div>
<div class="form--field"><%= setting_text_field :diff_max_lines_displayed, size: 6, container_class: '-xslim' %></div>

<% if OpenProject::Configuration.security_badge_displayed? %>
<div class="form--field">
<%= setting_check_box :security_badge_displayed %>
<span class="form--field-instructions">
<%= t(:text_notice_security_badge_displayed_html, information_panel_label: t(:label_information), information_panel_path: info_admin_index_path) %>
<%= t(:text_notice_security_badge_displayed_html,
information_panel_label: t(:label_information),
more_info_url: ::OpenProject::Static::Links[:security_badge_documentation][:href],
information_panel_path: info_admin_index_path) %>
</span>
</div>
<% end %>
<%= call_hook(:view_settings_general_form) %>
<fieldset class="form--fieldset">
<legend class="form--fieldset-legend"><%= t(:setting_welcome_text) %></legend>
@@ -2751,3 +2751,128 @@ af:
writing_read_only_attributes: Jy mag nie 'n leesalleen kenmerk skryf nie.
resources:
schema: Skema
doorkeeper:
pre_authorization:
status: Pre-authorization
errors:
messages:
invalid_request: The request is missing a required parameter, includes an
unsupported parameter value, or is otherwise malformed.
invalid_redirect_uri: The requested redirect uri is malformed or doesn't match
client redirect URI.
unauthorized_client: The client is not authorized to perform this request
using this method.
access_denied: The resource owner or authorization server denied the request.
invalid_scope: The requested scope is invalid, unknown, or malformed.
invalid_code_challenge_method: The code challenge method must be plain or
S256.
server_error: The authorization server encountered an unexpected condition
which prevented it from fulfilling the request.
temporarily_unavailable: The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance of the server.
credential_flow_not_configured: Resource Owner Password Credentials flow failed
due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.
resource_owner_authenticator_not_configured: Resource Owner find failed due
to Doorkeeper.configure.resource_owner_authenticator being unconfigured.
admin_authenticator_not_configured: Access to admin panel is forbidden due
to Doorkeeper.configure.admin_authenticator being unconfigured.
unsupported_response_type: The authorization server does not support this
response type.
invalid_client: Client authentication failed due to unknown client, no client
authentication included, or unsupported authentication method.
invalid_grant: The provided authorization grant is invalid, expired, revoked,
does not match the redirection URI used in the authorization request, or
was issued to another client.
unsupported_grant_type: The authorization grant type is not supported by the
authorization server.
invalid_token:
revoked: The access token was revoked
expired: The access token expired
unknown: The access token is invalid
unsupported_browser:
title: Your browser is outdated and unsupported.
message: You may run into errors and degraded experience on this page.
update_message: Please update your browser.
close_warning: Ignore this warning.
oauth:
application:
singular: OAuth application
plural: OAuth applications
named: OAuth application '%{name}'
new: New OAuth application
default_scopes: "(Default scopes)"
instructions:
name: The name of your application. This will be displayed to other users
upon authorization.
redirect_uri_html: 'The allowed URLs authorized users can be redirected to.
One entry per line. <br/> If you''re registering a desktop application,
use the following URL.
'
confidential: Check if the application will be used where the client secret
can be kept confidential. Native mobile apps and Single Page Apps are assumed
non-confidential.
client_credential_user_id: Optional user ID to impersonate when clients use
this application. Leave empty to allow public access only
register_intro: If you are developing an OAuth API client application for
OpenProject, you can register it using this form for all users to use.
default_scopes: ''
client_id: Client ID
client_secret_notice: 'This is the only time we can print the client secret, please
note it down and keep it secure. It should be treated as a password and cannot
be retrieved by OpenProject at a later time.
'
authorization_dialog:
authorize: Authorize
cancel: Cancel and deny authorization.
prompt_html: Authorize <strong>%{application_name}</strong> to use your account
<em>%{login}</em>?
title: Authorize %{application_name}
wants_to_access_html: 'This application requests access to your OpenProject
account. <br/> <strong>It has requested the following permissions:</strong>
'
scopes:
api_v3: Full API access
api_v3_text: Application will receive full read & write access to the OpenProject
API to perform actions on your behalf.
grants:
created_date: Approved on
scopes: Permissions
successful_application_revocation: Revocation of application %{application_name}
successful.
none_given: No OAuth applications have been granted access to your user account.
x_active_tokens:
one: one active token
other: "%{count} active token"
flows:
authorization_code: Authorization code flow
client_credentials: Client credentials flow
client_credentials: User used for Client credentials
client_credentials_impersonation_set_to: Client credentials user set to
client_credentials_impersonation_warning: 'Note: Clients using the ''Client credentials''
flow in this application will have the rights of this user'
client_credentials_impersonation_html: 'By default, OpenProject provides OAuth
2.0 authorization via %{authorization_code_flow_link}. You can optionally enable
%{client_credentials_flow_link}, but you must provide a user on whose behalf
requests will be performed.
'
authorization_error: An authorization error has occurred.
revoke_my_application_confirmation: Do you really want to remove this application?
This will revoke %{token_count} active for it.
my_registered_applications: Registered OAuth applications
button_remove_widget: Verwyder legstuk
label_and_its_subprojects: "%{value} en sy subprojekte"
label_my_page_block: My bladsyblok
label_responsible_for_work_packages: Work packages I am accountable for
label_search_titles_only: Search titles only
label_visible_elements: Visible elements
setting_security_badge_displayed: Display security badge
text_notice_security_badge_displayed_html: >
Note: if enabled, this will display a badge with your installation status in the <a href="%{information_panel_path}">%{information_panel_label}</a> administration panel,
and on the home page. It is displayed to administrators only.
<br/>
The badge will check your current OpenProject version against the official OpenProject release database to alert you of any updates or known vulnerabilities.
For more information on what the check provides, what data is needed to provide available updates, and how to disable this check, please visit <a href="%{more_info_url}">the configuration documentation</a>.
@@ -2814,3 +2814,128 @@ ar:
writing_read_only_attributes: لا يجب أن تكتب على سمة للقراءة فقط.
resources:
schema: مخطّط
doorkeeper:
pre_authorization:
status: Pre-authorization
errors:
messages:
invalid_request: The request is missing a required parameter, includes an
unsupported parameter value, or is otherwise malformed.
invalid_redirect_uri: The requested redirect uri is malformed or doesn't match
client redirect URI.
unauthorized_client: The client is not authorized to perform this request
using this method.
access_denied: The resource owner or authorization server denied the request.
invalid_scope: The requested scope is invalid, unknown, or malformed.
invalid_code_challenge_method: The code challenge method must be plain or
S256.
server_error: The authorization server encountered an unexpected condition
which prevented it from fulfilling the request.
temporarily_unavailable: The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance of the server.
credential_flow_not_configured: Resource Owner Password Credentials flow failed
due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.
resource_owner_authenticator_not_configured: Resource Owner find failed due
to Doorkeeper.configure.resource_owner_authenticator being unconfigured.
admin_authenticator_not_configured: Access to admin panel is forbidden due
to Doorkeeper.configure.admin_authenticator being unconfigured.
unsupported_response_type: The authorization server does not support this
response type.
invalid_client: Client authentication failed due to unknown client, no client
authentication included, or unsupported authentication method.
invalid_grant: The provided authorization grant is invalid, expired, revoked,
does not match the redirection URI used in the authorization request, or
was issued to another client.
unsupported_grant_type: The authorization grant type is not supported by the
authorization server.
invalid_token:
revoked: The access token was revoked
expired: The access token expired
unknown: The access token is invalid
unsupported_browser:
title: Your browser is outdated and unsupported.
message: You may run into errors and degraded experience on this page.
update_message: Please update your browser.
close_warning: Ignore this warning.
oauth:
application:
singular: OAuth application
plural: OAuth applications
named: OAuth application '%{name}'
new: New OAuth application
default_scopes: "(Default scopes)"
instructions:
name: The name of your application. This will be displayed to other users
upon authorization.
redirect_uri_html: 'The allowed URLs authorized users can be redirected to.
One entry per line. <br/> If you''re registering a desktop application,
use the following URL.
'
confidential: Check if the application will be used where the client secret
can be kept confidential. Native mobile apps and Single Page Apps are assumed
non-confidential.
client_credential_user_id: Optional user ID to impersonate when clients use
this application. Leave empty to allow public access only
register_intro: If you are developing an OAuth API client application for
OpenProject, you can register it using this form for all users to use.
default_scopes: ''
client_id: Client ID
client_secret_notice: 'This is the only time we can print the client secret, please
note it down and keep it secure. It should be treated as a password and cannot
be retrieved by OpenProject at a later time.
'
authorization_dialog:
authorize: Authorize
cancel: Cancel and deny authorization.
prompt_html: Authorize <strong>%{application_name}</strong> to use your account
<em>%{login}</em>?
title: Authorize %{application_name}
wants_to_access_html: 'This application requests access to your OpenProject
account. <br/> <strong>It has requested the following permissions:</strong>
'
scopes:
api_v3: Full API access
api_v3_text: Application will receive full read & write access to the OpenProject
API to perform actions on your behalf.
grants:
created_date: Approved on
scopes: Permissions
successful_application_revocation: Revocation of application %{application_name}
successful.
none_given: No OAuth applications have been granted access to your user account.
x_active_tokens:
one: one active token
other: "%{count} active token"
flows:
authorization_code: Authorization code flow
client_credentials: Client credentials flow
client_credentials: User used for Client credentials
client_credentials_impersonation_set_to: Client credentials user set to
client_credentials_impersonation_warning: 'Note: Clients using the ''Client credentials''
flow in this application will have the rights of this user'
client_credentials_impersonation_html: 'By default, OpenProject provides OAuth
2.0 authorization via %{authorization_code_flow_link}. You can optionally enable
%{client_credentials_flow_link}, but you must provide a user on whose behalf
requests will be performed.
'
authorization_error: An authorization error has occurred.
revoke_my_application_confirmation: Do you really want to remove this application?
This will revoke %{token_count} active for it.
my_registered_applications: Registered OAuth applications
button_remove_widget: إزالة الأداة
label_and_its_subprojects: "%{value} والمشاريع الفرعية الخاصة به"
label_my_page_block: حظر الصفحة الخاصة بي
label_responsible_for_work_packages: Work packages I am accountable for
label_search_titles_only: البحث في العناوين فقط
label_visible_elements: العناصر المرئية
setting_security_badge_displayed: Display security badge
text_notice_security_badge_displayed_html: >
Note: if enabled, this will display a badge with your installation status in the <a href="%{information_panel_path}">%{information_panel_label}</a> administration panel,
and on the home page. It is displayed to administrators only.
<br/>
The badge will check your current OpenProject version against the official OpenProject release database to alert you of any updates or known vulnerabilities.
For more information on what the check provides, what data is needed to provide available updates, and how to disable this check, please visit <a href="%{more_info_url}">the configuration documentation</a>.
Oops, something went wrong.

0 comments on commit 328d0cc

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.