coalescing_panda 5.0.4 → 5.0.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb +1 -1
- data/db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb +1 -1
- data/db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb +1 -1
- data/db/migrate/20140904223159_create_coalescing_panda_sessions.rb +1 -1
- data/db/migrate/20141119225319_create_coalescing_panda_terms.rb +1 -1
- data/db/migrate/20141119225721_create_coalescing_panda_courses.rb +1 -1
- data/db/migrate/20141120151432_create_coalescing_panda_sections.rb +1 -1
- data/db/migrate/20141120151940_create_coalescing_panda_assignments.rb +1 -1
- data/db/migrate/20141120152458_create_coalescing_panda_users.rb +1 -1
- data/db/migrate/20141120152546_create_coalescing_panda_submissions.rb +1 -1
- data/db/migrate/20141120153135_create_coalescing_panda_enrollments.rb +1 -1
- data/db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb +1 -1
- data/db/migrate/20141124160857_create_delayed_jobs.rb +1 -1
- data/db/migrate/20141208221740_add_submission_types_to_assignments.rb +1 -1
- data/db/migrate/20150106175418_add_group_category_id_to_assignment.rb +1 -1
- data/db/migrate/20150106180131_add_published_to_assignments.rb +1 -1
- data/db/migrate/20150107205405_create_coalescing_panda_groups.rb +1 -1
- data/db/migrate/20150107205413_create_coalescing_panda_group_memberships.rb +1 -1
- data/db/migrate/20150210180516_add_context_to_canvas_batch.rb +1 -1
- data/db/migrate/20150506183335_create_coalescing_panda_assignment_groups.rb +1 -1
- data/db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb +1 -1
- data/db/migrate/20150526144713_add_account_to_canvas_batches.rb +1 -1
- data/db/migrate/20150602205257_add_option_to_canvas_batches.rb +1 -1
- data/db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb +1 -1
- data/db/migrate/20150709192717_add_leader_id_to_groups.rb +1 -1
- data/db/migrate/20150714205405_create_coalescing_panda_group_categories.rb +1 -1
- data/db/migrate/20150811140030_add_fields_to_users.rb +1 -1
- data/db/migrate/20151209155923_add_refresh_settings_to_canvas_api_auth.rb +1 -1
- data/db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb +1 -1
- data/db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb +1 -1
- data/lib/coalescing_panda/engine.rb +8 -42
- data/lib/coalescing_panda/misc_helper.rb +13 -0
- data/lib/coalescing_panda/secure_headers.rb +84 -0
- data/lib/coalescing_panda/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 92bed66c0757318a64fada41a45e598216c1daefdd7b43c8adf0a58c9d5259af
|
|
4
|
+
data.tar.gz: d99684f401684ffdcb93ae63fe7ea49ba6ae4303db2e68ac43709e934b31ebeb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d1289c6a483a650b1e54a669ad2968cd1d3935e4ef3a67de130775cacfeab78a810ab7a736edb7b5a63b1960633f98fb8d813ceb0e3b6dd1e59d50448fa9697
|
|
7
|
+
data.tar.gz: a8b9d22ffc7262a1385e156915e382ef43bc0d3e68d9077032676c92b9e9dd466084289c143079e977ee20d82e7259a05496ed452798aaf3ae3306f9efe006b7
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateDelayedJobs <
|
|
1
|
+
class CreateDelayedJobs < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def self.up
|
|
3
3
|
create_table :delayed_jobs, :force => true do |table|
|
|
4
4
|
table.integer :priority, :default => 0, :null => false # Allows some jobs to jump to the front of the queue
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddGroupCategoryIdToAssignment <
|
|
1
|
+
class AddGroupCategoryIdToAssignment < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_assignments, :group_category_id, :integer
|
|
4
4
|
add_column :coalescing_panda_assignments, :grade_group_students_individually, :boolean
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddContextToCanvasBatch <
|
|
1
|
+
class AddContextToCanvasBatch < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_canvas_batches, :context_id, :integer
|
|
4
4
|
add_column :coalescing_panda_canvas_batches, :context_type, :string
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateCoalescingPandaAssignmentGroups <
|
|
1
|
+
class CreateCoalescingPandaAssignmentGroups < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
create_table :coalescing_panda_assignment_groups do |t|
|
|
4
4
|
t.belongs_to :coalescing_panda_course, null: false
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddLeaderIdToGroups <
|
|
1
|
+
class AddLeaderIdToGroups < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_groups, :leader_id, :integer
|
|
4
4
|
add_foreign_key :coalescing_panda_groups, :coalescing_panda_users, column: :leader_id, primary_key: "id"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateCoalescingPandaGroupCategories <
|
|
1
|
+
class CreateCoalescingPandaGroupCategories < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
create_table :coalescing_panda_group_categories do |t|
|
|
4
4
|
t.belongs_to :context, polymorphic: true
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddRefreshSettingsToCanvasApiAuth <
|
|
1
|
+
class AddRefreshSettingsToCanvasApiAuth < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_canvas_api_auths, :refresh_token, :string
|
|
4
4
|
add_column :coalescing_panda_canvas_api_auths, :expires_at, :datetime
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'secure_headers'
|
|
2
|
+
require_relative './secure_headers'
|
|
2
3
|
|
|
3
4
|
module CoalescingPanda
|
|
4
5
|
class Engine < ::Rails::Engine
|
|
@@ -42,56 +43,21 @@ module CoalescingPanda
|
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
initializer :secure_headers do |app|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
if Rails.env.development?
|
|
49
|
-
# Allow webpack-dev-server to work
|
|
50
|
-
connect_src << "http://localhost:3035"
|
|
51
|
-
connect_src << "ws://localhost:3035"
|
|
52
|
-
|
|
53
|
-
# Allow stuff like rack-mini-profiler to work in development:
|
|
54
|
-
# https://github.com/MiniProfiler/rack-mini-profiler/issues/327
|
|
55
|
-
# DON'T ENABLE THIS FOR PRODUCTION!
|
|
56
|
-
script_src << "'unsafe-eval'"
|
|
57
|
-
elsif CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
|
|
58
|
-
# For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
|
|
59
|
-
script_src << "'unsafe-eval'"
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
SecureHeaders::Configuration.default do |config|
|
|
63
|
-
# The default cookie headers aren't compatible with PandaPal cookies currently
|
|
64
|
-
config.cookies = { samesite: { none: true } }
|
|
65
|
-
|
|
66
|
-
if Rails.env.production?
|
|
67
|
-
config.cookies[:secure] = true
|
|
46
|
+
begin
|
|
47
|
+
::SecureHeaders::Configuration.default do |config|
|
|
48
|
+
CoalescingPanda::SecureHeaders.apply_defaults(config)
|
|
68
49
|
end
|
|
69
|
-
|
|
70
|
-
#
|
|
71
|
-
config.x_frame_options = "ALLOWALL"
|
|
72
|
-
|
|
73
|
-
config.x_content_type_options = "nosniff"
|
|
74
|
-
config.x_xss_protection = "1; mode=block"
|
|
75
|
-
config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
|
|
76
|
-
|
|
77
|
-
config.csp = {
|
|
78
|
-
default_src: %w('self'),
|
|
79
|
-
script_src: script_src,
|
|
80
|
-
# Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
|
|
81
|
-
style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
|
|
82
|
-
font_src: %w('self' data: https://fonts.gstatic.com),
|
|
83
|
-
connect_src: connect_src,
|
|
84
|
-
}
|
|
50
|
+
rescue ::SecureHeaders::Configuration::AlreadyConfiguredError
|
|
51
|
+
# The App already applied settings
|
|
85
52
|
end
|
|
86
53
|
|
|
87
|
-
SecureHeaders::Configuration.override(:safari_override) do |config|
|
|
54
|
+
::SecureHeaders::Configuration.override(:safari_override) do |config|
|
|
88
55
|
config.cookies = SecureHeaders::OPT_OUT
|
|
89
56
|
end
|
|
90
57
|
|
|
91
|
-
SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
|
|
58
|
+
::SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
|
|
92
59
|
config.csp[:script_src] << "'unsafe-inline'"
|
|
93
60
|
end
|
|
94
61
|
end
|
|
95
|
-
|
|
96
62
|
end
|
|
97
63
|
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
module CoalescingPanda
|
|
2
|
+
module MiscHelper
|
|
3
|
+
MigrationClass = Rails.version < '5.0' ? ActiveRecord::Migration : ActiveRecord::Migration[4.2]
|
|
4
|
+
|
|
5
|
+
def self.to_boolean(v)
|
|
6
|
+
if Rails.version < '5.0'
|
|
7
|
+
ActiveRecord::Type::Boolean.new.type_cast_from_user("0")
|
|
8
|
+
else
|
|
9
|
+
ActiveRecord::Type::Boolean.new.deserialize('0')
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
module CoalescingPanda
|
|
2
|
+
module SecureHeaders
|
|
3
|
+
def self.apply_defaults(config)
|
|
4
|
+
@config = config
|
|
5
|
+
# The default cookie headers aren't compatable with CoalescingPanda cookies currenntly
|
|
6
|
+
config.cookies = { samesite: { none: true } }
|
|
7
|
+
|
|
8
|
+
if Rails.env.production?
|
|
9
|
+
config.cookies[:secure] = true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# Need to allow LTI iframes
|
|
13
|
+
config.x_frame_options = "ALLOWALL"
|
|
14
|
+
|
|
15
|
+
config.x_content_type_options = "nosniff"
|
|
16
|
+
config.x_xss_protection = "1; mode=block"
|
|
17
|
+
config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
|
|
18
|
+
|
|
19
|
+
config.csp ||= {}
|
|
20
|
+
|
|
21
|
+
csp_entry(:default_src, %w['self'])
|
|
22
|
+
csp_entry(:connect_src, %w['self'])
|
|
23
|
+
csp_entry(:script_src, %w['self'])
|
|
24
|
+
|
|
25
|
+
if Rails.env.development?
|
|
26
|
+
# Allow webpack-dev-server to work
|
|
27
|
+
csp_entry(:connect_src, "http://localhost:3035")
|
|
28
|
+
csp_entry(:connect_src, "ws://localhost:3035")
|
|
29
|
+
|
|
30
|
+
# Allow stuff like rack-mini-profiler to work in development:
|
|
31
|
+
# https://github.com/MiniProfiler/rack-mini-profiler/issues/327
|
|
32
|
+
# DON'T ENABLE THIS FOR PRODUCTION!
|
|
33
|
+
csp_entry(:script_src, "'unsafe-eval'")
|
|
34
|
+
|
|
35
|
+
# Detect and permit Scout APM in Dev
|
|
36
|
+
if MiscHelper.to_boolean(ENV['SCOUT_DEV_TRACE'])
|
|
37
|
+
csp_entry(:default_src, 'https://scoutapm.com')
|
|
38
|
+
csp_entry(:default_src, 'https://apm.scoutapp.com')
|
|
39
|
+
|
|
40
|
+
csp_entry(:script_src, "'unsafe-inline'")
|
|
41
|
+
csp_entry(:script_src, 'https://scoutapm.com')
|
|
42
|
+
csp_entry(:script_src, 'https://apm.scoutapp.com')
|
|
43
|
+
|
|
44
|
+
csp_entry(:connect_src, 'https://apm.scoutapp.com')
|
|
45
|
+
|
|
46
|
+
csp_entry(:style_src, 'https://scoutapm.com')
|
|
47
|
+
csp_entry(:style_src, 'https://apm.scoutapp.com')
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
if CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
|
|
52
|
+
# For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
|
|
53
|
+
csp_entry(:script_src, "'unsafe-eval'")
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Detect and permit Sentry
|
|
57
|
+
if defined?(Raven) && Raven.configuration.server.present?
|
|
58
|
+
csp_entry(:connect_src, Raven.configuration.server)
|
|
59
|
+
|
|
60
|
+
# Report CSP Violations to Sentry
|
|
61
|
+
unless config.csp[:report_uri].present?
|
|
62
|
+
cfg = Raven.configuration
|
|
63
|
+
config.csp[:report_uri] = ["#{cfg.scheme}://#{cfg.host}/api/#{cfg.project_id}/security/?sentry_key=#{cfg.public_key}"] unless config.csp[:report_uri].present?
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
# Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
|
|
68
|
+
csp_entry(:style_src, %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com))
|
|
69
|
+
csp_entry(:font_src, %w('self' data: https://fonts.gstatic.com))
|
|
70
|
+
|
|
71
|
+
@config = nil
|
|
72
|
+
|
|
73
|
+
config
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
private
|
|
77
|
+
|
|
78
|
+
def self.csp_entry(key, *values)
|
|
79
|
+
values = values.flatten
|
|
80
|
+
@config.csp[key] ||= []
|
|
81
|
+
@config.csp[key] |= values
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: coalescing_panda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Mills
|
|
@@ -10,20 +10,20 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2020-
|
|
13
|
+
date: 2020-08-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rails
|
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
|
18
18
|
requirements:
|
|
19
|
-
- - "
|
|
19
|
+
- - ">="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: 4.2.1
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
25
|
requirements:
|
|
26
|
-
- - "
|
|
26
|
+
- - ">="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
28
|
version: 4.2.1
|
|
29
29
|
- !ruby/object:Gem::Dependency
|
|
@@ -487,7 +487,9 @@ files:
|
|
|
487
487
|
- lib/coalescing_panda/bearcat_uri.rb
|
|
488
488
|
- lib/coalescing_panda/controller_helpers.rb
|
|
489
489
|
- lib/coalescing_panda/engine.rb
|
|
490
|
+
- lib/coalescing_panda/misc_helper.rb
|
|
490
491
|
- lib/coalescing_panda/route_helpers.rb
|
|
492
|
+
- lib/coalescing_panda/secure_headers.rb
|
|
491
493
|
- lib/coalescing_panda/version.rb
|
|
492
494
|
- lib/tasks/coalescing_panda_tasks.rake
|
|
493
495
|
- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
|