RubyGems - audiences - Versions diffs - 1.3.0 → 1.3.1 - Mend

audiences 1.3.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/app/controllers/audiences/contexts_controller.rb +1 -1
data/app/controllers/audiences/scim_proxy_controller.rb +1 -1
data/app/models/audiences/context_users.rb +2 -2
data/app/models/audiences/criterion_users.rb +2 -2
data/app/models/audiences/external_user.rb +7 -0
data/docs/CHANGELOG.md +5 -0
data/lib/audiences/scim/resource.rb +4 -0
data/lib/audiences/version.rb +1 -1
data/lib/audiences.rb +3 -2
metadata +3 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f83dd42249d90e09a66c7f11b5adb821e7f0fbc3add8089f075fe2668e79d35
-  data.tar.gz: 351a6676df1a297b691842e06fc18b721d3581a9bdd0ea6101bce2ed81cee06e
+  metadata.gz: 319c6d5a55900512c509f3e27ac9e03489734e0a618c31414cb7cd57981fc916
+  data.tar.gz: 2a117b18cd56209481ead18fafccb7ba9b57b673b5cdfa5c0f03152184704e25
 SHA512:
-  metadata.gz: f90802d28319f4cbc95a8be9f9f2e68115ac7142ab6fcbf4c9be0437a14a2e57b6d58632e1befeb37b19ba1b2ce9de1d6f8fc2d9b674b120ee51d240e47140dd
-  data.tar.gz: d70f080cdad97a5bdfc31b701d7659a300dbeeef3c380371b1d91c7198a30c4ff9899c5106a0eb2af972e8b6d53e77ab718fb962c6f8734c960375394ffa60c6
+  metadata.gz: d08f9b199ae6ca61caeaff91606bb4a9cf21a171f17486a2919631a7b791ad37995a9645527199704d6ec8eb24ca4a1fba8543829dbd97f47c73174c9ba766f5
+  data.tar.gz: b1d6cc6305467c94bddb4abab023e451de05e2d9177f19c0a358da81429c6930c8381a6066afa6703f1826f4f6e0cb2bd5afed94a0cbba97c3816325b540e29b

data/app/controllers/audiences/contexts_controller.rb CHANGED Viewed

@@ -44,7 +44,7 @@ module Audiences
       params.permit(
         :match_all,
         criteria: [groups: {}],
-        extra_users: Audiences.config.resources[:Users].attributes
+        extra_users: %i[externalId]
       ).to_h.symbolize_keys
     end
   end

data/app/controllers/audiences/scim_proxy_controller.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Audiences
   class ScimProxyController < ApplicationController
     def get
       resources = Audiences::Scim.resource(params[:scim_path].to_sym)
-                                 .query(filter: params[:filter])
+                                 .query(filter: params[:filter], startIndex: params[:startIndex], count: params[:count])
       render json: resources, except: %w[schemas meta]
     end

data/app/models/audiences/context_users.rb CHANGED Viewed

@@ -20,8 +20,8 @@ module Audiences
   private
     def all_users
-      users = Scim.resource(:Users).query
-      ExternalUser.wrap(users.all)
+      users = Scim.resource(:Users).all
+      ExternalUser.wrap(users)
     end
     def matching_users

data/app/models/audiences/criterion_users.rb CHANGED Viewed

@@ -21,8 +21,8 @@ module Audiences
     def groups_users(group_ids)
       filter = group_ids.map { "groups.value eq #{_1}" }.join(" OR ")
-      users = Audiences::Scim.resource(:Users).query(filter: filter)
-      ExternalUser.wrap(users.all)
+      users = Audiences::Scim.resource(:Users).all(filter: filter)
+      ExternalUser.wrap(users)
     end
   end
 end

data/app/models/audiences/external_user.rb CHANGED Viewed

@@ -10,6 +10,13 @@ module Audiences
                             inverse_of: false
     end
+    def self.fetch(external_ids)
+      return [] unless external_ids.any?
+      filter = Array(external_ids).map { "externalId eq #{_1}" }.join(" OR ")
+      Audiences::Scim.resource(:Users).all(filter: filter)
+    end
     def self.wrap(resources)
       return [] unless resources&.any?

data/docs/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # Unreleased
+# Version 1.3.1 (2024-10-11)
+- Forward pagination parameters to SCIM on proxy [#397](https://github.com/powerhome/audiences/pull/397)
+- Fix security flaw when setting extra users [#398](https://github.com/powerhome/audiences/pull/398)
 # Version 1.3.0 (2024-09-03)
 - Filter out inactive users by default [#382](https://github.com/powerhome/audiences/pull/382)

data/lib/audiences/scim/resource.rb CHANGED Viewed

@@ -20,6 +20,10 @@ module Audiences
                                         **@options, **options)
       end
+      def all(...)
+        query(...).all
+      end
       def scim_attributes
         @attributes.reduce([]) do |attrs, attr|
           case attr

data/lib/audiences/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Audiences
-  VERSION = "1.3.0"
+  VERSION = "1.3.1"
 end

data/lib/audiences.rb CHANGED Viewed

@@ -23,11 +23,12 @@ module_function
   # @param params [Hash] the updated params
   # @return Audience::Context
   #
-  def update(key, criteria: [], **attrs)
+  def update(key, criteria: [], extra_users: [], match_all: false)
     Audiences::Context.load(key) do |context|
       context.update!(
+        match_all: match_all,
         criteria: ::Audiences::Criterion.map(criteria),
-        **attrs
+        extra_users: ::Audiences::ExternalUser.fetch(extra_users.pluck("externalId"))
       )
       context.refresh_users!
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: audiences
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Carlos Palhares
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-03 00:00:00.000000000 Z
+date: 2024-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -93,7 +93,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Audiences system