coalescing_panda 5.0.4 → 5.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/db/migrate/20131114150001_create_coalescing_panda_canvas_api_auths.rb +1 -1
- data/db/migrate/20131118211442_create_coalescing_panda_lti_accounts.rb +1 -1
- data/db/migrate/20131119165343_create_coalescing_panda_lti_nonces.rb +1 -1
- data/db/migrate/20140904223159_create_coalescing_panda_sessions.rb +1 -1
- data/db/migrate/20141119225319_create_coalescing_panda_terms.rb +1 -1
- data/db/migrate/20141119225721_create_coalescing_panda_courses.rb +1 -1
- data/db/migrate/20141120151432_create_coalescing_panda_sections.rb +1 -1
- data/db/migrate/20141120151940_create_coalescing_panda_assignments.rb +1 -1
- data/db/migrate/20141120152458_create_coalescing_panda_users.rb +1 -1
- data/db/migrate/20141120152546_create_coalescing_panda_submissions.rb +1 -1
- data/db/migrate/20141120153135_create_coalescing_panda_enrollments.rb +1 -1
- data/db/migrate/20141121174846_create_coalescing_panda_canvas_batches.rb +1 -1
- data/db/migrate/20141124160857_create_delayed_jobs.rb +1 -1
- data/db/migrate/20141208221740_add_submission_types_to_assignments.rb +1 -1
- data/db/migrate/20150106175418_add_group_category_id_to_assignment.rb +1 -1
- data/db/migrate/20150106180131_add_published_to_assignments.rb +1 -1
- data/db/migrate/20150107205405_create_coalescing_panda_groups.rb +1 -1
- data/db/migrate/20150107205413_create_coalescing_panda_group_memberships.rb +1 -1
- data/db/migrate/20150210180516_add_context_to_canvas_batch.rb +1 -1
- data/db/migrate/20150506183335_create_coalescing_panda_assignment_groups.rb +1 -1
- data/db/migrate/20150506192717_add_assignment_group_id_to_assignments.rb +1 -1
- data/db/migrate/20150526144713_add_account_to_canvas_batches.rb +1 -1
- data/db/migrate/20150602205257_add_option_to_canvas_batches.rb +1 -1
- data/db/migrate/20150708192717_add_group_moderator_to_group_memberships.rb +1 -1
- data/db/migrate/20150709192717_add_leader_id_to_groups.rb +1 -1
- data/db/migrate/20150714205405_create_coalescing_panda_group_categories.rb +1 -1
- data/db/migrate/20150811140030_add_fields_to_users.rb +1 -1
- data/db/migrate/20151209155923_add_refresh_settings_to_canvas_api_auth.rb +1 -1
- data/db/migrate/20160830183155_create_coalescing_panda_oauth_states.rb +1 -1
- data/db/migrate/20200528224505_create_coalescing_panda_persistent_session.rb +1 -1
- data/lib/coalescing_panda/engine.rb +8 -42
- data/lib/coalescing_panda/misc_helper.rb +13 -0
- data/lib/coalescing_panda/secure_headers.rb +84 -0
- data/lib/coalescing_panda/version.rb +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 92bed66c0757318a64fada41a45e598216c1daefdd7b43c8adf0a58c9d5259af
|
|
4
|
+
data.tar.gz: d99684f401684ffdcb93ae63fe7ea49ba6ae4303db2e68ac43709e934b31ebeb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 8d1289c6a483a650b1e54a669ad2968cd1d3935e4ef3a67de130775cacfeab78a810ab7a736edb7b5a63b1960633f98fb8d813ceb0e3b6dd1e59d50448fa9697
|
|
7
|
+
data.tar.gz: a8b9d22ffc7262a1385e156915e382ef43bc0d3e68d9077032676c92b9e9dd466084289c143079e977ee20d82e7259a05496ed452798aaf3ae3306f9efe006b7
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateDelayedJobs <
|
|
1
|
+
class CreateDelayedJobs < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def self.up
|
|
3
3
|
create_table :delayed_jobs, :force => true do |table|
|
|
4
4
|
table.integer :priority, :default => 0, :null => false # Allows some jobs to jump to the front of the queue
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddGroupCategoryIdToAssignment <
|
|
1
|
+
class AddGroupCategoryIdToAssignment < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_assignments, :group_category_id, :integer
|
|
4
4
|
add_column :coalescing_panda_assignments, :grade_group_students_individually, :boolean
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddContextToCanvasBatch <
|
|
1
|
+
class AddContextToCanvasBatch < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_canvas_batches, :context_id, :integer
|
|
4
4
|
add_column :coalescing_panda_canvas_batches, :context_type, :string
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateCoalescingPandaAssignmentGroups <
|
|
1
|
+
class CreateCoalescingPandaAssignmentGroups < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
create_table :coalescing_panda_assignment_groups do |t|
|
|
4
4
|
t.belongs_to :coalescing_panda_course, null: false
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddLeaderIdToGroups <
|
|
1
|
+
class AddLeaderIdToGroups < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_groups, :leader_id, :integer
|
|
4
4
|
add_foreign_key :coalescing_panda_groups, :coalescing_panda_users, column: :leader_id, primary_key: "id"
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class CreateCoalescingPandaGroupCategories <
|
|
1
|
+
class CreateCoalescingPandaGroupCategories < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
create_table :coalescing_panda_group_categories do |t|
|
|
4
4
|
t.belongs_to :context, polymorphic: true
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
class AddRefreshSettingsToCanvasApiAuth <
|
|
1
|
+
class AddRefreshSettingsToCanvasApiAuth < CoalescingPanda::MiscHelper::MigrationClass
|
|
2
2
|
def change
|
|
3
3
|
add_column :coalescing_panda_canvas_api_auths, :refresh_token, :string
|
|
4
4
|
add_column :coalescing_panda_canvas_api_auths, :expires_at, :datetime
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'secure_headers'
|
|
2
|
+
require_relative './secure_headers'
|
|
2
3
|
|
|
3
4
|
module CoalescingPanda
|
|
4
5
|
class Engine < ::Rails::Engine
|
|
@@ -42,56 +43,21 @@ module CoalescingPanda
|
|
|
42
43
|
end
|
|
43
44
|
|
|
44
45
|
initializer :secure_headers do |app|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
if Rails.env.development?
|
|
49
|
-
# Allow webpack-dev-server to work
|
|
50
|
-
connect_src << "http://localhost:3035"
|
|
51
|
-
connect_src << "ws://localhost:3035"
|
|
52
|
-
|
|
53
|
-
# Allow stuff like rack-mini-profiler to work in development:
|
|
54
|
-
# https://github.com/MiniProfiler/rack-mini-profiler/issues/327
|
|
55
|
-
# DON'T ENABLE THIS FOR PRODUCTION!
|
|
56
|
-
script_src << "'unsafe-eval'"
|
|
57
|
-
elsif CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
|
|
58
|
-
# For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
|
|
59
|
-
script_src << "'unsafe-eval'"
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
SecureHeaders::Configuration.default do |config|
|
|
63
|
-
# The default cookie headers aren't compatible with PandaPal cookies currently
|
|
64
|
-
config.cookies = { samesite: { none: true } }
|
|
65
|
-
|
|
66
|
-
if Rails.env.production?
|
|
67
|
-
config.cookies[:secure] = true
|
|
46
|
+
begin
|
|
47
|
+
::SecureHeaders::Configuration.default do |config|
|
|
48
|
+
CoalescingPanda::SecureHeaders.apply_defaults(config)
|
|
68
49
|
end
|
|
69
|
-
|
|
70
|
-
#
|
|
71
|
-
config.x_frame_options = "ALLOWALL"
|
|
72
|
-
|
|
73
|
-
config.x_content_type_options = "nosniff"
|
|
74
|
-
config.x_xss_protection = "1; mode=block"
|
|
75
|
-
config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
|
|
76
|
-
|
|
77
|
-
config.csp = {
|
|
78
|
-
default_src: %w('self'),
|
|
79
|
-
script_src: script_src,
|
|
80
|
-
# Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
|
|
81
|
-
style_src: %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com),
|
|
82
|
-
font_src: %w('self' data: https://fonts.gstatic.com),
|
|
83
|
-
connect_src: connect_src,
|
|
84
|
-
}
|
|
50
|
+
rescue ::SecureHeaders::Configuration::AlreadyConfiguredError
|
|
51
|
+
# The App already applied settings
|
|
85
52
|
end
|
|
86
53
|
|
|
87
|
-
SecureHeaders::Configuration.override(:safari_override) do |config|
|
|
54
|
+
::SecureHeaders::Configuration.override(:safari_override) do |config|
|
|
88
55
|
config.cookies = SecureHeaders::OPT_OUT
|
|
89
56
|
end
|
|
90
57
|
|
|
91
|
-
SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
|
|
58
|
+
::SecureHeaders::Configuration.override(:allow_inline_scripts) do |config|
|
|
92
59
|
config.csp[:script_src] << "'unsafe-inline'"
|
|
93
60
|
end
|
|
94
61
|
end
|
|
95
|
-
|
|
96
62
|
end
|
|
97
63
|
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
module CoalescingPanda
|
|
2
|
+
module MiscHelper
|
|
3
|
+
MigrationClass = Rails.version < '5.0' ? ActiveRecord::Migration : ActiveRecord::Migration[4.2]
|
|
4
|
+
|
|
5
|
+
def self.to_boolean(v)
|
|
6
|
+
if Rails.version < '5.0'
|
|
7
|
+
ActiveRecord::Type::Boolean.new.type_cast_from_user("0")
|
|
8
|
+
else
|
|
9
|
+
ActiveRecord::Type::Boolean.new.deserialize('0')
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
module CoalescingPanda
|
|
2
|
+
module SecureHeaders
|
|
3
|
+
def self.apply_defaults(config)
|
|
4
|
+
@config = config
|
|
5
|
+
# The default cookie headers aren't compatable with CoalescingPanda cookies currenntly
|
|
6
|
+
config.cookies = { samesite: { none: true } }
|
|
7
|
+
|
|
8
|
+
if Rails.env.production?
|
|
9
|
+
config.cookies[:secure] = true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# Need to allow LTI iframes
|
|
13
|
+
config.x_frame_options = "ALLOWALL"
|
|
14
|
+
|
|
15
|
+
config.x_content_type_options = "nosniff"
|
|
16
|
+
config.x_xss_protection = "1; mode=block"
|
|
17
|
+
config.referrer_policy = %w(origin-when-cross-origin strict-origin-when-cross-origin)
|
|
18
|
+
|
|
19
|
+
config.csp ||= {}
|
|
20
|
+
|
|
21
|
+
csp_entry(:default_src, %w['self'])
|
|
22
|
+
csp_entry(:connect_src, %w['self'])
|
|
23
|
+
csp_entry(:script_src, %w['self'])
|
|
24
|
+
|
|
25
|
+
if Rails.env.development?
|
|
26
|
+
# Allow webpack-dev-server to work
|
|
27
|
+
csp_entry(:connect_src, "http://localhost:3035")
|
|
28
|
+
csp_entry(:connect_src, "ws://localhost:3035")
|
|
29
|
+
|
|
30
|
+
# Allow stuff like rack-mini-profiler to work in development:
|
|
31
|
+
# https://github.com/MiniProfiler/rack-mini-profiler/issues/327
|
|
32
|
+
# DON'T ENABLE THIS FOR PRODUCTION!
|
|
33
|
+
csp_entry(:script_src, "'unsafe-eval'")
|
|
34
|
+
|
|
35
|
+
# Detect and permit Scout APM in Dev
|
|
36
|
+
if MiscHelper.to_boolean(ENV['SCOUT_DEV_TRACE'])
|
|
37
|
+
csp_entry(:default_src, 'https://scoutapm.com')
|
|
38
|
+
csp_entry(:default_src, 'https://apm.scoutapp.com')
|
|
39
|
+
|
|
40
|
+
csp_entry(:script_src, "'unsafe-inline'")
|
|
41
|
+
csp_entry(:script_src, 'https://scoutapm.com')
|
|
42
|
+
csp_entry(:script_src, 'https://apm.scoutapp.com')
|
|
43
|
+
|
|
44
|
+
csp_entry(:connect_src, 'https://apm.scoutapp.com')
|
|
45
|
+
|
|
46
|
+
csp_entry(:style_src, 'https://scoutapm.com')
|
|
47
|
+
csp_entry(:style_src, 'https://apm.scoutapp.com')
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
if CoalescingPanda.lti_options.has_key?(:allow_unsafe_eval) && CoalescingPanda.lti_options[:allow_unsafe_eval] == true
|
|
52
|
+
# For when code is returned from server and injected into dom. Need to have unsafe-eval or it won't work.
|
|
53
|
+
csp_entry(:script_src, "'unsafe-eval'")
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
# Detect and permit Sentry
|
|
57
|
+
if defined?(Raven) && Raven.configuration.server.present?
|
|
58
|
+
csp_entry(:connect_src, Raven.configuration.server)
|
|
59
|
+
|
|
60
|
+
# Report CSP Violations to Sentry
|
|
61
|
+
unless config.csp[:report_uri].present?
|
|
62
|
+
cfg = Raven.configuration
|
|
63
|
+
config.csp[:report_uri] = ["#{cfg.scheme}://#{cfg.host}/api/#{cfg.project_id}/security/?sentry_key=#{cfg.public_key}"] unless config.csp[:report_uri].present?
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
# Certain CSS-in-JS libraries inline the CSS, so we need to use unsafe-inline for them
|
|
68
|
+
csp_entry(:style_src, %w('self' 'unsafe-inline' blob: https://fonts.googleapis.com))
|
|
69
|
+
csp_entry(:font_src, %w('self' data: https://fonts.gstatic.com))
|
|
70
|
+
|
|
71
|
+
@config = nil
|
|
72
|
+
|
|
73
|
+
config
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
private
|
|
77
|
+
|
|
78
|
+
def self.csp_entry(key, *values)
|
|
79
|
+
values = values.flatten
|
|
80
|
+
@config.csp[key] ||= []
|
|
81
|
+
@config.csp[key] |= values
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: coalescing_panda
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.0.
|
|
4
|
+
version: 5.0.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Nathan Mills
|
|
@@ -10,20 +10,20 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2020-
|
|
13
|
+
date: 2020-08-18 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: rails
|
|
17
17
|
requirement: !ruby/object:Gem::Requirement
|
|
18
18
|
requirements:
|
|
19
|
-
- - "
|
|
19
|
+
- - ">="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: 4.2.1
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
25
25
|
requirements:
|
|
26
|
-
- - "
|
|
26
|
+
- - ">="
|
|
27
27
|
- !ruby/object:Gem::Version
|
|
28
28
|
version: 4.2.1
|
|
29
29
|
- !ruby/object:Gem::Dependency
|
|
@@ -487,7 +487,9 @@ files:
|
|
|
487
487
|
- lib/coalescing_panda/bearcat_uri.rb
|
|
488
488
|
- lib/coalescing_panda/controller_helpers.rb
|
|
489
489
|
- lib/coalescing_panda/engine.rb
|
|
490
|
+
- lib/coalescing_panda/misc_helper.rb
|
|
490
491
|
- lib/coalescing_panda/route_helpers.rb
|
|
492
|
+
- lib/coalescing_panda/secure_headers.rb
|
|
491
493
|
- lib/coalescing_panda/version.rb
|
|
492
494
|
- lib/tasks/coalescing_panda_tasks.rake
|
|
493
495
|
- spec/controllers/coalescing_panda/canvas_batches_controller_spec.rb
|