RubyGems - audiences - Versions diffs - 1.3.0 → 1.3.1 - Mend

audiences 1.3.0 → 1.3.1

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f83dd42249d90e09a66c7f11b5adb821e7f0fbc3add8089f075fe2668e79d35
-  data.tar.gz: 351a6676df1a297b691842e06fc18b721d3581a9bdd0ea6101bce2ed81cee06e
+  metadata.gz: 319c6d5a55900512c509f3e27ac9e03489734e0a618c31414cb7cd57981fc916
+  data.tar.gz: 2a117b18cd56209481ead18fafccb7ba9b57b673b5cdfa5c0f03152184704e25
 SHA512:
-  metadata.gz: f90802d28319f4cbc95a8be9f9f2e68115ac7142ab6fcbf4c9be0437a14a2e57b6d58632e1befeb37b19ba1b2ce9de1d6f8fc2d9b674b120ee51d240e47140dd
-  data.tar.gz: d70f080cdad97a5bdfc31b701d7659a300dbeeef3c380371b1d91c7198a30c4ff9899c5106a0eb2af972e8b6d53e77ab718fb962c6f8734c960375394ffa60c6
+  metadata.gz: d08f9b199ae6ca61caeaff91606bb4a9cf21a171f17486a2919631a7b791ad37995a9645527199704d6ec8eb24ca4a1fba8543829dbd97f47c73174c9ba766f5
+  data.tar.gz: b1d6cc6305467c94bddb4abab023e451de05e2d9177f19c0a358da81429c6930c8381a6066afa6703f1826f4f6e0cb2bd5afed94a0cbba97c3816325b540e29b

@@ -44,7 +44,7 @@ module Audiences
       params.permit(
         :match_all,
         criteria: [groups: {}],
-        extra_users: Audiences.config.resources[:Users].attributes
+        extra_users: %i[externalId]
       ).to_h.symbolize_keys
     end
   end

@@ -4,7 +4,7 @@ module Audiences
   class ScimProxyController < ApplicationController
     def get
       resources = Audiences::Scim.resource(params[:scim_path].to_sym)
-                                 .query(filter: params[:filter])
+                                 .query(filter: params[:filter], startIndex: params[:startIndex], count: params[:count])
       render json: resources, except: %w[schemas meta]
     end

data/app/models/audiences/context_users.rb CHANGED Viewed

@@ -20,8 +20,8 @@ module Audiences
   private
     def all_users
-      users = Scim.resource(:Users).query
-      ExternalUser.wrap(users.all)
+      users = Scim.resource(:Users).all
+      ExternalUser.wrap(users)
     end
     def matching_users

data/app/models/audiences/criterion_users.rb CHANGED Viewed

@@ -21,8 +21,8 @@ module Audiences
     def groups_users(group_ids)
       filter = group_ids.map { "groups.value eq #{_1}" }.join(" OR ")
-      users = Audiences::Scim.resource(:Users).query(filter: filter)
-      ExternalUser.wrap(users.all)
+      users = Audiences::Scim.resource(:Users).all(filter: filter)
+      ExternalUser.wrap(users)
     end
   end
 end

data/app/models/audiences/external_user.rb CHANGED Viewed

@@ -10,6 +10,13 @@ module Audiences
                             inverse_of: false
     end
+    def self.fetch(external_ids)
+      return [] unless external_ids.any?
+      filter = Array(external_ids).map { "externalId eq #{_1}" }.join(" OR ")
+      Audiences::Scim.resource(:Users).all(filter: filter)
+    end
     def self.wrap(resources)
       return [] unless resources&.any?

data/docs/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # Unreleased
+# Version 1.3.1 (2024-10-11)
+- Forward pagination parameters to SCIM on proxy [#397](https://github.com/powerhome/audiences/pull/397)
+- Fix security flaw when setting extra users [#398](https://github.com/powerhome/audiences/pull/398)
 # Version 1.3.0 (2024-09-03)
 - Filter out inactive users by default [#382](https://github.com/powerhome/audiences/pull/382)

data/lib/audiences/scim/resource.rb CHANGED Viewed

@@ -20,6 +20,10 @@ module Audiences
                                         **@options, **options)
       end
+      def all(...)
+        query(...).all
+      end
       def scim_attributes
         @attributes.reduce([]) do |attrs, attr|
           case attr

data/lib/audiences/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Audiences
-  VERSION = "1.3.0"
+  VERSION = "1.3.1"
 end

data/lib/audiences.rb CHANGED Viewed

@@ -23,11 +23,12 @@ module_function
   # @param params [Hash] the updated params
   # @return Audience::Context
   #
-  def update(key, criteria: [], **attrs)
+  def update(key, criteria: [], extra_users: [], match_all: false)
     Audiences::Context.load(key) do |context|
       context.update!(
+        match_all: match_all,
         criteria: ::Audiences::Criterion.map(criteria),
-        **attrs
+        extra_users: ::Audiences::ExternalUser.fetch(extra_users.pluck("externalId"))
       )
       context.refresh_users!
     end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: audiences
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors:
 - Carlos Palhares
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-03 00:00:00.000000000 Z
+date: 2024-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -93,7 +93,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.11
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Audiences system