From 293f577b9366004fee502bab7b83d1114a3ffd34 Mon Sep 17 00:00:00 2001
From: aboutdavid <62346025+aboutdavid@users.noreply.github.com>
Date: Wed, 13 Mar 2024 16:41:47 -0400
Subject: [PATCH 1/3] Fix spacing in domain and application review
---
app/views/admin/developers_review.html.erb | 1 +
app/views/admin/review.html.erb | 1 +
2 files changed, 2 insertions(+)
diff --git a/app/views/admin/developers_review.html.erb b/app/views/admin/developers_review.html.erb
index 23215c2..ad3a1ee 100644
--- a/app/views/admin/developers_review.html.erb
+++ b/app/views/admin/developers_review.html.erb
@@ -19,6 +19,7 @@
<h2>No more apps to review</h2>
</div>
</td-cards>
+ <br><br>
<div class="no-text">REJECT</div>
<div class="yes-text">APPROVE</div>
</ion-pane>
diff --git a/app/views/admin/review.html.erb b/app/views/admin/review.html.erb
index b3bb928..194c6b8 100644
--- a/app/views/admin/review.html.erb
+++ b/app/views/admin/review.html.erb
@@ -17,6 +17,7 @@
<h2>No more domains to review</h2>
</div>
</td-cards>
+ <br><br>
<div class="no-text">REJECT</div>
<div class="yes-text">APPROVE</div>
</ion-pane>
From 52c27dbc17e2ec261efb3a44809abbdc629ff7d2 Mon Sep 17 00:00:00 2001
From: aboutdavid <62346025+aboutdavid@users.noreply.github.com>
Date: Thu, 14 Mar 2024 08:30:08 -0400
Subject: [PATCH 2/3] Force all developer applications to use HTTPS
---
.../developers/applications_controller.rb | 36 +++++---
.../developers/applications/index.html.erb | 5 ++
.../developers/applications/request.html.erb | 82 ++++++++-----------
3 files changed, 63 insertions(+), 60 deletions(-)
diff --git a/app/controllers/developers/applications_controller.rb b/app/controllers/developers/applications_controller.rb
index c417506..fc747d5 100644
--- a/app/controllers/developers/applications_controller.rb
+++ b/app/controllers/developers/applications_controller.rb
@@ -1,20 +1,18 @@
class Developers::ApplicationsController < ApplicationController
- nested_layouts "layouts/admin"
+ nested_layouts 'layouts/admin'
before_action do
@developers = true
end
- before_action except: [:index, :request, :provision, :create] do
+ before_action except: %i[index request provision create] do
if (current_application.provisional? || current_application.owner_id != current_user.id) && !current_user.admin?
- render plain: "403 Forbidden or Provisional Domain", status: 403
+ render plain: '403 Forbidden or Provisional Domain', status: 403
end
end
before_action only: [:create] do
- if !current_user.admin?
- render plain: "403 Forbidden", status: 403
- end
+ render plain: '403 Forbidden', status: 403 unless current_user.admin?
end
def index
@@ -44,10 +42,16 @@ def destroy_scope
scopes = @application.scopes.to_a
scopes.delete(params[:scope])
@application.update!(scopes: Doorkeeper::OAuth::Scopes.from_array(scopes))
- redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Destroyed scope #{params[:scope]}")
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]),
+ notice: "Destroyed scope #{params[:scope]}")
end
def add_redirect_uri
+ uri = URI.parse(params[:redirect_uri])
+ if uri.scheme != 'https'
+ redirect_back(fallback_location: developers_applications_path, notice: 'URIs must use HTTPS')
+ return
+ end
@application = current_application
uris = @application.redirect_uri.split("\r\n")
uris.push(params[:redirect_uri])
@@ -56,7 +60,7 @@ def add_redirect_uri
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotUnique => e
flash.notice = e.message
else
- flash.notice = "Added Redirect URI"
+ flash.notice = 'Added Redirect URI'
ensure
redirect_back(fallback_location: developers_applications_path(id: params[:id]))
end
@@ -67,14 +71,14 @@ def destroy_redirect_uri
uris = @application.redirect_uri.split("\r\n")
uris.delete(params[:redirect_uri])
@application.update!(redirect_uri: uris.join("\r\n"))
- redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Destroyed Redirect URI")
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: 'Destroyed Redirect URI')
end
def update
@application = current_application
@application.update!(name: params[:name]) if params[:name]
@application.update!(confidential: params[:confidential].to_i.zero?) if params[:confidential]
- redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Updated application")
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: 'Updated application')
end
def destroy
@@ -83,14 +87,22 @@ def destroy
end
def create
- @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri], confidential: true)
+ @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri],
+ confidential: true)
@application.owner = current_user
@application.save!
redirect_to developers_application_path(id: @application.id)
end
def provision
- @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri], plan: params[:plan], confidential: true, provisional: true)
+ uri = URI.parse(params[:redirect_uri])
+ if uri.scheme != 'https'
+ redirect_back(fallback_location: developers_applications_path, notice: 'URIs must use HTTPS')
+ return
+ end
+
+ @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri],
+ plan: params[:plan], confidential: true, provisional: true)
@application.owner = current_user
@application.save!
redirect_to developers_path
diff --git a/app/views/developers/applications/index.html.erb b/app/views/developers/applications/index.html.erb
index 02c06c4..d98d553 100644
--- a/app/views/developers/applications/index.html.erb
+++ b/app/views/developers/applications/index.html.erb
@@ -3,7 +3,12 @@
<% end %>
<div class="flex flex-col items-center gap-8" style="scroll-behavior: smooth;">
+<% flash.each do |type, msg| %>
+ <div class="flash flash-<%= type %>">
+ <%= msg %>
+ </div>
+<% end %>
<a href="/"><h2 class="text-yellow p-none m-none">← Back to Obl.ong</h2></a>
<h1 class="text-center text-yellow text-4 lg:text-5 xl:text-6 font-heading">Manage your applications</h1>
diff --git a/app/views/developers/applications/request.html.erb b/app/views/developers/applications/request.html.erb
index 3c2c0da..4470ef1 100644
--- a/app/views/developers/applications/request.html.erb
+++ b/app/views/developers/applications/request.html.erb
@@ -1,54 +1,40 @@
<h1 class="font-heading text-3 lg:text-4 xl:text-5">Request an application</h1>
<br><br>
-
+<% flash.each do |type, msg| %>
+ <div class="flash flash-<%= type %>">
+ <%= msg %>
+ </div>
+<% end %>
<%= form_with url: provision_developers_applications_path do |form| %>
- <%= form.label :name, "What is the name of the app?" %><br>
- <br>
- <%= form.text_field :name, placeholder: "Dynamic" %>
- <br><br><br>
- <%= form.label :redirect_uri, "Add a Redirect URI" %><br>
- <p>This is where we'll redirect after the user authorizes your app</p>
- <br>
- <%= form.text_field :redirect_uri, placeholder: "https://oidcdebugger.com/debug" %>
- <br><br><br>
- <%= form.label :plan, "What are you planning on using it for?" %><br>
- <p>Don't worry, it doesn't need to be anything important or serious (it can be if you want though!)</p><br>
- <%= form.text_area :plan, placeholder: "I'm going to make a Dynamic DNS app" %>
- <br><br><br>
- <%= form.label :coc, "Do you agree to our Code of Conduct?" %><br>
- <p>We want to make sure our domains aren't used for bad purposes. Please read our Code of Conduct and Acceptable Use Policy: <a href="https://github.com/obl-ong/code-of-conduct">https://github.com/obl-ong/code-of-conduct</a></p>
- <br>
- <%= form.check_box :coc, required: true %>
- <br><br>
-
- <%= form.submit "Request" %>
+ <%= form.label :name, "What is the name of the app?" %><br>
+ <br>
+ <%= form.text_field :name, placeholder: "Dynamic" %>
+ <br><br><br>
+ <%= form.label :redirect_uri, "Add a Redirect URI" %><br>
+ <p>This is where we'll redirect after the user authorizes your app</p>
+ <br>
+ <%= form.text_field :redirect_uri, placeholder: "https://oidcdebugger.com/debug" %>
+ <br><br><br>
+ <%= form.label :plan, "What are you planning on using it for?" %><br>
+ <p>Don't worry, it doesn't need to be anything important or serious (it can be
+ if you want though!)</p><br>
+ <%= form.text_area :plan, placeholder: "I'm going to make a Dynamic DNS app" %>
+ <br><br><br>
+ <%= form.label :coc, "Do you agree to our Code of Conduct?" %><br>
+ <p>We want to make sure our domains aren't used for bad purposes. Please read
+ our Code of Conduct and Acceptable Use Policy:
+ <a href="https://github.com/obl-ong/code-of-conduct">https://github.com/obl-ong/code-of-conduct</a></p>
+ <br>
+ <%= form.check_box :coc, required: true %>
+ <br><br>
+
+ <%= form.submit "Request" %>
<% end %>
-
<%= style_tag nonce: true do %>
- form {
- max-width: 50vw;
- }
-
- .domain {
- font-size: 2rem;
- }
-
- label {
- font-size: 2rem;
- font-weight: 600;
- }
-
- textarea {
- background-color: #f5f5f51a !important;
- border: 1.5px solid var(--cultured) !important;
- border-radius: 5px !important;
- color: #fff;
- min-width: 450px;
- min-height: 10rem;
- }
-
- a {
- color: var(--winter-sky);
- }
-<% end %>
\ No newline at end of file
+ form { max-width: 50vw; } .domain { font-size: 2rem; } label { font-size:
+ 2rem; font-weight: 600; } textarea { background-color: #f5f5f51a !important;
+ border: 1.5px solid var(--cultured) !important; border-radius: 5px
+ !important; color: #fff; min-width: 450px; min-height: 10rem; } a { color:
+ var(--winter-sky); }
+<% end %>
From 24263210c24e7aed656273227b71c75b63ac975d Mon Sep 17 00:00:00 2001
From: aboutdavid <62346025+aboutdavid@users.noreply.github.com>
Date: Thu, 14 Mar 2024 14:12:05 -0400
Subject: [PATCH 3/3] Fixed weird linter mistakes
---
.../developers/applications_controller.rb | 34 ++++----
.../developers/applications/index.html.erb | 5 --
.../developers/applications/request.html.erb | 82 +++++++++++--------
3 files changed, 64 insertions(+), 57 deletions(-)
diff --git a/app/controllers/developers/applications_controller.rb b/app/controllers/developers/applications_controller.rb
index fc747d5..4c864c8 100644
--- a/app/controllers/developers/applications_controller.rb
+++ b/app/controllers/developers/applications_controller.rb
@@ -1,18 +1,20 @@
class Developers::ApplicationsController < ApplicationController
- nested_layouts 'layouts/admin'
+ nested_layouts "layouts/admin"
before_action do
@developers = true
end
- before_action except: %i[index request provision create] do
+ before_action except: [:index, :request, :provision, :create] do
if (current_application.provisional? || current_application.owner_id != current_user.id) && !current_user.admin?
- render plain: '403 Forbidden or Provisional Domain', status: 403
+ render plain: "403 Forbidden or Provisional Domain", status: 403
end
end
before_action only: [:create] do
- render plain: '403 Forbidden', status: 403 unless current_user.admin?
+ if !current_user.admin?
+ render plain: "403 Forbidden", status: 403
+ end
end
def index
@@ -42,14 +44,13 @@ def destroy_scope
scopes = @application.scopes.to_a
scopes.delete(params[:scope])
@application.update!(scopes: Doorkeeper::OAuth::Scopes.from_array(scopes))
- redirect_back(fallback_location: developers_applications_path(id: params[:id]),
- notice: "Destroyed scope #{params[:scope]}")
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Destroyed scope #{params[:scope]}")
end
def add_redirect_uri
uri = URI.parse(params[:redirect_uri])
- if uri.scheme != 'https'
- redirect_back(fallback_location: developers_applications_path, notice: 'URIs must use HTTPS')
+ if uri.scheme != "https"
+ redirect_back(fallback_location: developers_applications_path, notice: "URIs must use HTTPS")
return
end
@application = current_application
@@ -60,7 +61,7 @@ def add_redirect_uri
rescue ActiveRecord::RecordInvalid, ActiveRecord::RecordNotUnique => e
flash.notice = e.message
else
- flash.notice = 'Added Redirect URI'
+ flash.notice = "Added Redirect URI"
ensure
redirect_back(fallback_location: developers_applications_path(id: params[:id]))
end
@@ -71,14 +72,14 @@ def destroy_redirect_uri
uris = @application.redirect_uri.split("\r\n")
uris.delete(params[:redirect_uri])
@application.update!(redirect_uri: uris.join("\r\n"))
- redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: 'Destroyed Redirect URI')
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Destroyed Redirect URI")
end
def update
@application = current_application
@application.update!(name: params[:name]) if params[:name]
@application.update!(confidential: params[:confidential].to_i.zero?) if params[:confidential]
- redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: 'Updated application')
+ redirect_back(fallback_location: developers_applications_path(id: params[:id]), notice: "Updated application")
end
def destroy
@@ -87,8 +88,7 @@ def destroy
end
def create
- @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri],
- confidential: true)
+ @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri], confidential: true)
@application.owner = current_user
@application.save!
redirect_to developers_application_path(id: @application.id)
@@ -96,13 +96,11 @@ def create
def provision
uri = URI.parse(params[:redirect_uri])
- if uri.scheme != 'https'
- redirect_back(fallback_location: developers_applications_path, notice: 'URIs must use HTTPS')
+ if uri.scheme != "https"
+ redirect_back(fallback_location: developers_applications_path, notice: "URIs must use HTTPS")
return
end
-
- @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri],
- plan: params[:plan], confidential: true, provisional: true)
+ @application = Doorkeeper::Application.new(name: params[:name], redirect_uri: params[:redirect_uri], plan: params[:plan], confidential: true, provisional: true)
@application.owner = current_user
@application.save!
redirect_to developers_path
diff --git a/app/views/developers/applications/index.html.erb b/app/views/developers/applications/index.html.erb
index d98d553..02c06c4 100644
--- a/app/views/developers/applications/index.html.erb
+++ b/app/views/developers/applications/index.html.erb
@@ -3,12 +3,7 @@
<% end %>
<div class="flex flex-col items-center gap-8" style="scroll-behavior: smooth;">
-<% flash.each do |type, msg| %>
- <div class="flash flash-<%= type %>">
- <%= msg %>
- </div>
-<% end %>
<a href="/"><h2 class="text-yellow p-none m-none">← Back to Obl.ong</h2></a>
<h1 class="text-center text-yellow text-4 lg:text-5 xl:text-6 font-heading">Manage your applications</h1>
diff --git a/app/views/developers/applications/request.html.erb b/app/views/developers/applications/request.html.erb
index 4470ef1..3c2c0da 100644
--- a/app/views/developers/applications/request.html.erb
+++ b/app/views/developers/applications/request.html.erb
@@ -1,40 +1,54 @@
<h1 class="font-heading text-3 lg:text-4 xl:text-5">Request an application</h1>
<br><br>
-<% flash.each do |type, msg| %>
- <div class="flash flash-<%= type %>">
- <%= msg %>
- </div>
-<% end %>
+
<%= form_with url: provision_developers_applications_path do |form| %>
- <%= form.label :name, "What is the name of the app?" %><br>
- <br>
- <%= form.text_field :name, placeholder: "Dynamic" %>
- <br><br><br>
- <%= form.label :redirect_uri, "Add a Redirect URI" %><br>
- <p>This is where we'll redirect after the user authorizes your app</p>
- <br>
- <%= form.text_field :redirect_uri, placeholder: "https://oidcdebugger.com/debug" %>
- <br><br><br>
- <%= form.label :plan, "What are you planning on using it for?" %><br>
- <p>Don't worry, it doesn't need to be anything important or serious (it can be
- if you want though!)</p><br>
- <%= form.text_area :plan, placeholder: "I'm going to make a Dynamic DNS app" %>
- <br><br><br>
- <%= form.label :coc, "Do you agree to our Code of Conduct?" %><br>
- <p>We want to make sure our domains aren't used for bad purposes. Please read
- our Code of Conduct and Acceptable Use Policy:
- <a href="https://github.com/obl-ong/code-of-conduct">https://github.com/obl-ong/code-of-conduct</a></p>
- <br>
- <%= form.check_box :coc, required: true %>
- <br><br>
-
- <%= form.submit "Request" %>
+ <%= form.label :name, "What is the name of the app?" %><br>
+ <br>
+ <%= form.text_field :name, placeholder: "Dynamic" %>
+ <br><br><br>
+ <%= form.label :redirect_uri, "Add a Redirect URI" %><br>
+ <p>This is where we'll redirect after the user authorizes your app</p>
+ <br>
+ <%= form.text_field :redirect_uri, placeholder: "https://oidcdebugger.com/debug" %>
+ <br><br><br>
+ <%= form.label :plan, "What are you planning on using it for?" %><br>
+ <p>Don't worry, it doesn't need to be anything important or serious (it can be if you want though!)</p><br>
+ <%= form.text_area :plan, placeholder: "I'm going to make a Dynamic DNS app" %>
+ <br><br><br>
+ <%= form.label :coc, "Do you agree to our Code of Conduct?" %><br>
+ <p>We want to make sure our domains aren't used for bad purposes. Please read our Code of Conduct and Acceptable Use Policy: <a href="https://github.com/obl-ong/code-of-conduct">https://github.com/obl-ong/code-of-conduct</a></p>
+ <br>
+ <%= form.check_box :coc, required: true %>
+ <br><br>
+
+ <%= form.submit "Request" %>
<% end %>
+
<%= style_tag nonce: true do %>
- form { max-width: 50vw; } .domain { font-size: 2rem; } label { font-size:
- 2rem; font-weight: 600; } textarea { background-color: #f5f5f51a !important;
- border: 1.5px solid var(--cultured) !important; border-radius: 5px
- !important; color: #fff; min-width: 450px; min-height: 10rem; } a { color:
- var(--winter-sky); }
-<% end %>
+ form {
+ max-width: 50vw;
+ }
+
+ .domain {
+ font-size: 2rem;
+ }
+
+ label {
+ font-size: 2rem;
+ font-weight: 600;
+ }
+
+ textarea {
+ background-color: #f5f5f51a !important;
+ border: 1.5px solid var(--cultured) !important;
+ border-radius: 5px !important;
+ color: #fff;
+ min-width: 450px;
+ min-height: 10rem;
+ }
+
+ a {
+ color: var(--winter-sky);
+ }
+<% end %>
\ No newline at end of file