From 5f6c9ed05d589e64295661fa4d05d49140cd3be8 Mon Sep 17 00:00:00 2001 From: Liane Hampe Date: Sun, 6 Mar 2022 14:35:47 +0100 Subject: [PATCH 1/2] Fixed generating api key even if api not enabeld When the api is not enabled there should be no api key requested for the current user. Moreover, Redmine MyControllerTest#test_reset_api_key_without_existing_key would fail since it does not expect the current user to have an api key by default. Added a warning for the admin if api is disabled since the plugin needs the api for saving diagrams as attachment. --- .../hooks/_api_not_enabled_warning.html.erb | 1 + config/locales/da.yml | 1 + config/locales/de.yml | 1 + config/locales/en.yml | 1 + config/locales/it.yml | 2 +- config/locales/ja.yml | 1 + config/locales/ko.yml | 1 + config/locales/ru.yml | 1 + config/locales/zh-TW.yml | 1 + config/locales/zh.yml | 1 + lib/redmine_drawio/hooks/view_hooks.rb | 15 ++++++- test/integration/view_hooks_test.rb | 40 +++++++++++++++++++ 12 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 app/views/redmine_drawio/hooks/_api_not_enabled_warning.html.erb create mode 100644 test/integration/view_hooks_test.rb diff --git a/app/views/redmine_drawio/hooks/_api_not_enabled_warning.html.erb b/app/views/redmine_drawio/hooks/_api_not_enabled_warning.html.erb new file mode 100644 index 00000000..5beb7664 --- /dev/null +++ b/app/views/redmine_drawio/hooks/_api_not_enabled_warning.html.erb @@ -0,0 +1 @@ +<% flash[:warning] = l(:drawio_warning_api_needs_to_be_enabled) %> \ No newline at end of file diff --git a/config/locales/da.yml b/config/locales/da.yml index 275866ed..cf3e67a3 100644 --- a/config/locales/da.yml +++ b/config/locales/da.yml @@ -18,3 +18,4 @@ da: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/de.yml b/config/locales/de.yml index ff01491a..9ada97cb 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -18,3 +18,4 @@ de: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: Um drawio Diagramme speichern zu können, muss die REST API unter Administration -> Konfiguration -> API aktiviert werden. diff --git a/config/locales/en.yml b/config/locales/en.yml index 38c64e19..f29b06a3 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -18,3 +18,4 @@ en: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/it.yml b/config/locales/it.yml index 5d7ed6f5..89498f90 100644 --- a/config/locales/it.yml +++ b/config/locales/it.yml @@ -18,4 +18,4 @@ it: drawio_dlg_page: "Pagina iniziale" drawio_dlg_hiligh: "Colore degli hyperlink" drawio_dlg_zoom: "Controlli zoom" - + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/ja.yml b/config/locales/ja.yml index 2650a667..fb457e78 100644 --- a/config/locales/ja.yml +++ b/config/locales/ja.yml @@ -18,3 +18,4 @@ ja: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/ko.yml b/config/locales/ko.yml index 5393e9a4..f8b755b1 100644 --- a/config/locales/ko.yml +++ b/config/locales/ko.yml @@ -18,3 +18,4 @@ ko: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/ru.yml b/config/locales/ru.yml index c6f934b4..fc0a5543 100644 --- a/config/locales/ru.yml +++ b/config/locales/ru.yml @@ -18,3 +18,4 @@ ru: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/zh-TW.yml b/config/locales/zh-TW.yml index 63c8aad4..06ef71fc 100644 --- a/config/locales/zh-TW.yml +++ b/config/locales/zh-TW.yml @@ -16,3 +16,4 @@ zh-TW: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 836947ad..0138b0ee 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -18,3 +18,4 @@ zh: drawio_dlg_page: "Initial page" drawio_dlg_hiligh: "Hyperlinks color" drawio_dlg_zoom: "Zoom controls" + drawio_warning_api_needs_to_be_enabled: For saving drawio diagrams you need to enable the REST API in Administration -> Configuration -> API. diff --git a/lib/redmine_drawio/hooks/view_hooks.rb b/lib/redmine_drawio/hooks/view_hooks.rb index 7b1f5eb0..05c29787 100644 --- a/lib/redmine_drawio/hooks/view_hooks.rb +++ b/lib/redmine_drawio/hooks/view_hooks.rb @@ -4,6 +4,14 @@ module RedmineDrawio + class ViewLayoutsBaseBodyTop < Redmine::Hook::ViewListener + def view_layouts_base_body_top(context = {}) + return unless User.current.admin? && !Setting.rest_api_enabled? + + context[:controller].send(:render_to_string, { partial: 'redmine_drawio/hooks/api_not_enabled_warning' }) + end + end + class ViewLayoutsBaseHtmlHeadHook < Redmine::Hook::ViewListener # This method will add the necessary CSS and JS scripts to the page header. @@ -63,7 +71,7 @@ def view_layouts_base_html_head(context={}) var Drawio = { settings: { redmineUrl: '#{redmine_url}', - hashCode : '#{Base64.encode64(User.current.api_key).gsub(/\n/, '').reverse!}', + hashCode : '#{hash_code}', drawioUrl : '#{drawio_url}', DMSF : #{dmsf_enabled? context}, isEasyRedmine: #{easyredmine?} @@ -132,6 +140,11 @@ def mathjax_url url end + def hash_code + return '' unless Setting.sys_api_enabled? + + Base64.encode64(User.current.api_key).gsub(/\n/, '').reverse! + end end end diff --git a/test/integration/view_hooks_test.rb b/test/integration/view_hooks_test.rb new file mode 100644 index 00000000..504afec7 --- /dev/null +++ b/test/integration/view_hooks_test.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +# Copyright (C) 2022 Liane Hampe , xmera. + +require File.expand_path('test_helper', File.dirname(__dir__)) +require File.expand_path('authenticate_user', File.dirname(__dir__)) +require File.expand_path('load_fixtures', File.dirname(__dir__)) +require File.expand_path('with_drawio_settings', File.dirname(__dir__)) + +class ViewHooksTest < ActionDispatch::IntegrationTest + include Redmine::I18n + include RedmineDrawio::AuthenticateUser + include RedmineDrawio::LoadFixtures + include RedmineDrawio::WithDrawioSettings + + fixtures :users, :email_addresses, :roles + + def teardown + Setting.rest_api_enabled = nil + end + + test 'render warning_api_needs_to_be_enabled when api is disabled' do + render_view_hooks + assert_select '#flash_warning', text: l(:drawio_warning_api_needs_to_be_enabled) + end + + test 'do not render warning_api_needs_to_be_enabled when api is enabled' do + render_view_hooks(rest_api_enabled: '1') + assert_select '#flash_warning', 0 + end + + private + + def render_view_hooks(rest_api_enabled: '0') + Setting.rest_api_enabled = rest_api_enabled + log_user('admin', 'admin') + get '/' + assert_response :success + end +end From 77d436a66a1c6ac52a6098a9bec89d55f1bb8f84 Mon Sep 17 00:00:00 2001 From: Liane Hampe Date: Sun, 6 Mar 2022 16:50:28 +0100 Subject: [PATCH 2/2] Fixed check for api enabled ViewLayoutsBaseHtmlHeadHook#hash_code uses a wrong api enabled check which would not return true if rest api is enabled. --- lib/redmine_drawio/hooks/view_hooks.rb | 2 +- test/integration/view_hooks_test.rb | 27 ++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/redmine_drawio/hooks/view_hooks.rb b/lib/redmine_drawio/hooks/view_hooks.rb index 05c29787..a14c51ca 100644 --- a/lib/redmine_drawio/hooks/view_hooks.rb +++ b/lib/redmine_drawio/hooks/view_hooks.rb @@ -141,7 +141,7 @@ def mathjax_url end def hash_code - return '' unless Setting.sys_api_enabled? + return '' unless Setting.rest_api_enabled? Base64.encode64(User.current.api_key).gsub(/\n/, '').reverse! end diff --git a/test/integration/view_hooks_test.rb b/test/integration/view_hooks_test.rb index 504afec7..2a639613 100644 --- a/test/integration/view_hooks_test.rb +++ b/test/integration/view_hooks_test.rb @@ -15,25 +15,44 @@ class ViewHooksTest < ActionDispatch::IntegrationTest fixtures :users, :email_addresses, :roles + def setup + @hook = RedmineDrawio::ViewLayoutsBaseHtmlHeadHook.instance + end + def teardown Setting.rest_api_enabled = nil end test 'render warning_api_needs_to_be_enabled when api is disabled' do - render_view_hooks + render_view_hooks(user: 'admin', password: 'admin') assert_select '#flash_warning', text: l(:drawio_warning_api_needs_to_be_enabled) end test 'do not render warning_api_needs_to_be_enabled when api is enabled' do - render_view_hooks(rest_api_enabled: '1') + render_view_hooks(user: 'admin', password: 'admin', rest_api_enabled: '1') + assert_select '#flash_warning', 0 + end + + test 'do not render warning_api_needs_to_be_enabled for non admin user' do + render_view_hooks(user: 'jsmith', password: 'jsmith', rest_api_enabled: '1') assert_select '#flash_warning', 0 end + test 'do not render hash code when api is disabled' do + render_view_hooks(user: 'admin', password: 'admin') + assert @hook.send(:hash_code).blank? + end + + test 'render hash code when api is enabled' do + render_view_hooks(user: 'admin', password: 'admin', rest_api_enabled: '1') + assert @hook.send(:hash_code).present? + end + private - def render_view_hooks(rest_api_enabled: '0') + def render_view_hooks(user:, password:, rest_api_enabled: '0') Setting.rest_api_enabled = rest_api_enabled - log_user('admin', 'admin') + log_user(user, password) get '/' assert_response :success end