hyrax 1.0.4 → 1.0.5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f8ad2991ded6a429bb8dad99fd4f9eccbbc7b74d
4
- data.tar.gz: a3aa325263c85f965daf3b36ae3c76feee564dc4
3
+ metadata.gz: b0379fe162c5ff9207af59dc36af58aead2df14c
4
+ data.tar.gz: c5802ec9c6318be8056ff459a39441a80cc12b7c
5
5
  SHA512:
6
- metadata.gz: 953b2193c4e569fd2d54b93f24c54960147a2399aa7967d140e95205536f353fafeb615c65c30e2b771a14d99603d441ec85cd301077e4fe7d1aa2fd26b33751
7
- data.tar.gz: 04dd1fbcdf0d254710784c76bc5776ec373d480e350f6723a5ded2557eac36df6d5537baf8cdb13d190a79f590a5744f41ccd0ab0ad0ee31dd0dbe70233022cb
6
+ metadata.gz: cd7d19603b15aa26f5a8500f3f3249e71985e52ce8070b24d9a88d04efad6a239dc9b1d036d80e29c93774dc6839dd3366fdf497dbd6bf544de4f6e7d29e78b0
7
+ data.tar.gz: 29e50bbf459b2a8200d0adf473b6334cee516c8f4fb6f6ab6758ea8bdba86f257a7c9bd1cfde14ac323abf64438095331c0d8bde81a184a240c24e441c29e969
data/README.md CHANGED
@@ -1,19 +1,19 @@
1
- ![Logo](https://raw.githubusercontent.com/projecthydra-labs/hyrax/gh-pages/assets/images/hyrax_logo_horizontal_white_background.png)
1
+ ![Logo](https://raw.githubusercontent.com/samvera/hyrax/gh-pages/assets/images/hyrax_logo_horizontal_white_background.png)
2
2
 
3
3
  Code: [![Version](https://badge.fury.io/rb/hyrax.png)](http://badge.fury.io/rb/hyrax)
4
- [![Build Status](https://travis-ci.org/projecthydra-labs/hyrax.png?branch=master)](https://travis-ci.org/projecthydra-labs/hyrax)
5
- [![Coverage Status](https://coveralls.io/repos/github/projecthydra-labs/hyrax/badge.svg?branch=master)](https://coveralls.io/github/projecthydra-labs/hyrax?branch=master)
6
- [![Code Climate](https://codeclimate.com/github/projecthydra-labs/hyrax/badges/gpa.svg)](https://codeclimate.com/github/projecthydra-labs/hyrax)
7
- [![Dependency Update Status](https://gemnasium.com/projecthydra-labs/hyrax.png)](https://gemnasium.com/projecthydra-labs/hyrax)
8
- [![Dependency Maintenance Status](https://dependencyci.com/github/projecthydra-labs/hyrax/badge)](https://dependencyci.com/github/projecthydra-labs/hyrax)
4
+ [![Build Status](https://travis-ci.org/samvera/hyrax.png?branch=master)](https://travis-ci.org/samvera/hyrax)
5
+ [![Coverage Status](https://coveralls.io/repos/github/samvera/hyrax/badge.svg?branch=master)](https://coveralls.io/github/samvera/hyrax?branch=master)
6
+ [![Code Climate](https://codeclimate.com/github/samvera/hyrax/badges/gpa.svg)](https://codeclimate.com/github/samvera/hyrax)
7
+ [![Dependency Update Status](https://gemnasium.com/samvera/hyrax.png)](https://gemnasium.com/samvera/hyrax)
8
+ [![Dependency Maintenance Status](https://dependencyci.com/github/samvera/hyrax/badge)](https://dependencyci.com/github/samvera/hyrax)
9
9
 
10
- Docs: [![Documentation Status](https://inch-ci.org/github/projecthydra-labs/hyrax.svg?branch=master)](https://inch-ci.org/github/projecthydra-labs/hyrax)
10
+ Docs: [![Documentation Status](https://inch-ci.org/github/samvera/hyrax.svg?branch=master)](https://inch-ci.org/github/samvera/hyrax)
11
11
  [![API Docs](http://img.shields.io/badge/API-docs-blue.svg)](http://rubydoc.info/gems/hyrax)
12
12
  [![Contribution Guidelines](http://img.shields.io/badge/CONTRIBUTING-Guidelines-blue.svg)](./.github/CONTRIBUTING.md)
13
13
  [![Apache 2.0 License](http://img.shields.io/badge/APACHE2-license-blue.svg)](./LICENSE)
14
14
 
15
- Jump in: [![Slack Status](http://slack.projecthydra.org/badge.svg)](http://slack.projecthydra.org/)
16
- [![Ready Tickets](https://badge.waffle.io/projecthydra-labs/hyrax.png?label=ready&milestone=1.0.0&title=Ready)](https://waffle.io/projecthydra-labs/hyrax?milestone=1.0.0)
15
+ Jump in: [![Slack Status](http://slack.samvera.org/badge.svg)](http://slack.samvera.org/)
16
+ [![Ready Tickets](https://badge.waffle.io/samvera/hyrax.png?label=ready&milestone=1.x%20series&title=Ready)](https://waffle.io/samvera/hyrax?milestone=1.x%20series)
17
17
 
18
18
  # Table of Contents
19
19
 
@@ -44,22 +44,22 @@ Jump in: [![Slack Status](http://slack.projecthydra.org/badge.svg)](http://slack
44
44
 
45
45
  # What is Hyrax?
46
46
 
47
- Hyrax is a front-end based on the robust [Hydra](http://projecthydra.org) framework, providing a user interface for common repository features. Hyrax offers the ability to create repository object types on demand, to deposit content via multiple configurable workflows, and to describe content with flexible metadata. Numerous optional features may be turned on in the administrative dashboard or added through plugins. It is implemented as a Rails engine, so it may be the base of, or added to, a Rails application. Hyrax is the consolidation of Sufia and the CurationConcerns gems and behaves in much the same way.
47
+ Hyrax is a front-end based on the robust [Samvera](http://samvera.org) framework, providing a user interface for common repository features. Hyrax offers the ability to create repository object types on demand, to deposit content via multiple configurable workflows, and to describe content with flexible metadata. Numerous optional features may be turned on in the administrative dashboard or added through plugins. It is implemented as a Rails engine, so it may be the base of, or added to, a Rails application. Hyrax is the consolidation of Sufia and the CurationConcerns gems and behaves in much the same way.
48
48
 
49
49
  ## Feature list
50
50
 
51
- Hyrax has many features. [Read more about what they are and how to turn them on](https://github.com/projecthydra/sufia/wiki/Feature-matrix). See the [Sufia Management Guide](https://github.com/projecthydra/sufia/wiki/Sufia-Management-Guide) to learn more.
51
+ Hyrax has many features. [Read more about what they are and how to turn them on](https://github.com/samvera/sufia/wiki/Feature-matrix). See the [Sufia Management Guide](https://github.com/samvera/sufia/wiki/Sufia-Management-Guide) to learn more.
52
52
 
53
53
  For non-technical documentation about Hyrax, see the Hyrax [documentation site](http://hyr.ax/).
54
54
 
55
55
  # Help
56
56
 
57
- If you have questions or need help, please email [the Hydra community tech list](mailto:hydra-tech@googlegroups.com) or stop by the #dev channel in [the Hydra community Slack team](https://wiki.duraspace.org/pages/viewpage.action?pageId=43910187#Getintouch!-Slack).
57
+ If you have questions or need help, please email [the Samvera community tech list](mailto:samvera-tech@googlegroups.com) or stop by the #dev channel in [the Samvera community Slack team](https://wiki.duraspace.org/pages/viewpage.action?pageId=43910187#Getintouch!-Slack).
58
58
 
59
59
  # Getting started
60
60
 
61
61
  This document contains instructions specific to setting up an app with __Hyrax
62
- v1.0.4__. If you are looking for instructions on installing a different
62
+ v1.0.5__. If you are looking for instructions on installing a different
63
63
  version, be sure to select the appropriate branch or tag from the drop-down
64
64
  menu above.
65
65
 
@@ -80,7 +80,7 @@ Hyrax requires the following software to work:
80
80
  1. [FITS](#characterization) version 0.8.x (0.8.5 is known to be good)
81
81
  1. [LibreOffice](#derivatives)
82
82
 
83
- **NOTE: The [Sufia Development Guide](https://github.com/projecthydra/sufia/wiki/Sufia-Development-Guide) has instructions for installing Solr and Fedora in a development environment.**
83
+ **NOTE: The [Sufia Development Guide](https://github.com/samvera/sufia/wiki/Sufia-Development-Guide) has instructions for installing Solr and Fedora in a development environment.**
84
84
 
85
85
  ### Characterization
86
86
 
@@ -121,7 +121,7 @@ Hyrax requires Rails 5. We recommend the latest Rails 5.0 release.
121
121
 
122
122
  ```
123
123
  # If you don't already have Rails at your disposal...
124
- gem install rails -v 5.0.1
124
+ gem install rails -v 5.0.3
125
125
  ```
126
126
 
127
127
  ### JavaScript runtime
@@ -133,7 +133,7 @@ Rails requires that you have a JavaScript runtime -- for example, nodejs -- inst
133
133
  Generate a new Rails application using the template.
134
134
 
135
135
  ```
136
- rails new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v1.0.4/template.rb
136
+ rails new my_app -m https://raw.githubusercontent.com/samvera/hyrax/v1.0.5/template.rb
137
137
  ```
138
138
 
139
139
  Generating a new Rails application using Hyrax's template above takes cares of a number of steps for you, including:
@@ -166,7 +166,7 @@ Namespaces can be included in the work My::MovingImage by adding the path.
166
166
  rails generate hyrax:work My/MovingImage
167
167
  ```
168
168
 
169
- You may wish to [customize your work type](https://github.com/projecthydra/sufia/wiki/Customizing-your-work-types) now that it's been generated.
169
+ You may wish to [customize your work type](https://github.com/samvera/sufia/wiki/Customizing-your-work-types) now that it's been generated.
170
170
 
171
171
  ## Start servers
172
172
 
@@ -200,7 +200,7 @@ class Application < Rails::Application
200
200
  end
201
201
  ```
202
202
 
203
- **For production applications** you will want to use a more robust message queue system such as [Sidekiq](http://sidekiq.org/) or [Resque](https://github.com/resque/resque). The Sufia Development Guide has a detailed walkthrough of [installing and configuring Resque](https://github.com/projecthydra/sufia/wiki/Background-Workers-(Resque-in-Sufia-7). Initial Sidekiq instructions for ActiveJob are available on the [Sidekiq wiki](https://github.com/mperham/sidekiq/wiki/Active-Job).
203
+ **For production applications** you will want to use a more robust message queue system such as [Sidekiq](http://sidekiq.org/) or [Resque](https://github.com/resque/resque). The Sufia Development Guide has a detailed walkthrough of [installing and configuring Resque](https://github.com/samvera/sufia/wiki/Background-Workers-(Resque-in-Sufia-7). Initial Sidekiq instructions for ActiveJob are available on the [Sidekiq wiki](https://github.com/mperham/sidekiq/wiki/Active-Job).
204
204
 
205
205
  ## Load workflows
206
206
  Load workflows from the json files in `config/workflows` by running the following rake task:
@@ -221,7 +221,7 @@ rake hyrax:default_admin_set:create
221
221
 
222
222
  # Managing a Hyrax-based app
223
223
 
224
- The [Sufia Management Guide](https://github.com/projecthydra/sufia/wiki/Sufia-Management-Guide) provides tips for how to manage, customize, and enhance your Hyrax application, including guidance specific to:
224
+ The [Sufia Management Guide](https://github.com/samvera/sufia/wiki/Sufia-Management-Guide) provides tips for how to manage, customize, and enhance your Hyrax application, including guidance specific to:
225
225
 
226
226
  * Production implementations
227
227
  * Configuration of background workers
@@ -254,23 +254,23 @@ Hyrax is available under [the Apache 2.0 license](LICENSE.md).
254
254
 
255
255
  We'd love to accept your contributions. Please see our guide to [contributing to Hyrax](./.github/CONTRIBUTING.md).
256
256
 
257
- If you'd like to help the development effort and you're not sure where to get started, you can always grab a ticket in the "Ready" column from our [Waffle board](https://waffle.io/projecthydra-labs/hyrax). There are other ways to help, too.
257
+ If you'd like to help the development effort and you're not sure where to get started, you can always grab a ticket in the "Ready" column from our [Waffle board](https://waffle.io/samvera/hyrax). There are other ways to help, too.
258
258
 
259
- * [Contribute a user story](https://github.com/projecthydra-labs/hyrax/issues/new).
260
- * Help us improve [Hyrax's test coverage](https://coveralls.io/r/projecthydra-labs/hyrax) or [documentation coverage](https://inch-ci.org/github/projecthydra-labs/hyrax).
261
- * Refactor away [code smells](https://codeclimate.com/github/projecthydra-labs/hyrax).
259
+ * [Contribute a user story](https://github.com/samvera/hyrax/issues/new).
260
+ * Help us improve [Hyrax's test coverage](https://coveralls.io/r/samvera/hyrax) or [documentation coverage](https://inch-ci.org/github/samvera/hyrax).
261
+ * Refactor away [code smells](https://codeclimate.com/github/samvera/hyrax).
262
262
 
263
263
  # Development
264
264
 
265
- The [Sufia Development Guide](https://github.com/projecthydra/sufia/wiki/Sufia-Development-Guide) is for people who want to modify Hyrax itself, not an application that uses Hyrax.
265
+ The [Sufia Development Guide](https://github.com/samvera/sufia/wiki/Sufia-Development-Guide) is for people who want to modify Hyrax itself, not an application that uses Hyrax.
266
266
 
267
267
  # Release process
268
268
 
269
- See the [release management process](https://github.com/projecthydra/sufia/wiki/Release-management-process).
269
+ See the [release management process](https://github.com/samvera/sufia/wiki/Release-management-process).
270
270
 
271
271
  # Acknowledgments
272
272
 
273
- This software has been developed by and is brought to you by the Hydra community. Learn more at the
274
- [Project Hydra website](http://projecthydra.org/).
273
+ This software has been developed by and is brought to you by the Samvera community. Learn more at the
274
+ [Samvera website](http://samvera.org/).
275
275
 
276
- ![Project Hydra Logo](http://hyr.ax/assets/images/hydra_logo.png)
276
+ ![Samvera Logo](https://wiki.duraspace.org/download/thumbnails/87459292/samvera-fall-font2-200w.png?version=1&modificationDate=1498550535816&api=v2)
@@ -19,6 +19,10 @@ module Hyrax
19
19
  return true unless remote_files
20
20
  remote_files.each do |file_info|
21
21
  next if file_info.blank? || file_info[:url].blank?
22
+ unless validate_remote_url(file_info[:url])
23
+ Rails.logger.error "User #{user.user_key} attempted to ingest file from url #{file_info[:url]}, which doesn't pass validation"
24
+ return false
25
+ end
22
26
  create_file_from_url(file_info[:url], file_info[:file_name])
23
27
  end
24
28
  true
@@ -45,5 +49,23 @@ module Hyrax
45
49
  Hyrax::Operation.create!(user: user,
46
50
  operation_type: "Attach Remote File")
47
51
  end
52
+
53
+ def validate_remote_url(url)
54
+ uri = URI.parse(URI.encode(url))
55
+ if uri.scheme == 'file'
56
+ path = File.absolute_path(URI.decode(uri.path))
57
+ whitelisted_ingest_dirs.any? do |dir|
58
+ path.start_with?(dir) && path.length > dir.length
59
+ end
60
+ else
61
+ # TODO: It might be a good idea to validate other URLs as well.
62
+ # The server can probably access URLs the user can't.
63
+ true
64
+ end
65
+ end
66
+
67
+ def whitelisted_ingest_dirs
68
+ Hyrax.config.whitelisted_ingest_dirs
69
+ end
48
70
  end
49
71
  end
@@ -186,6 +186,22 @@ Hyrax.config do |config|
186
186
  rescue Errno::ENOENT
187
187
  config.browse_everything = nil
188
188
  end
189
+
190
+ ## Whitelist all directories which can be used to ingest from the local file
191
+ # system.
192
+ #
193
+ # Any file, and only those, that is anywhere under one of the specified
194
+ # directories can be used by CreateWithRemoteFilesActor to add local files
195
+ # to works. Files uploaded by the user are handled separately and the
196
+ # temporary directory for those need not be included here.
197
+ #
198
+ # Default value includes BrowseEverything.config['file_system'][:home] if it
199
+ # is set, otherwise default is an empty list. You should only need to change
200
+ # this if you have custom ingestions using CreateWithRemoteFilesActor to
201
+ # ingest files from the file system that are not part of the BrowseEverything
202
+ # mount point.
203
+ #
204
+ # config.whitelisted_ingest_dirs = []
189
205
  end
190
206
 
191
207
  Date::DATE_FORMATS[:standard] = "%m/%d/%Y"
@@ -226,6 +226,18 @@ module Hyrax
226
226
  end
227
227
  # rubocop:enable Metrics/MethodLength
228
228
 
229
+ # @!attribute [w] whitelisted_ingest_dirs
230
+ # List of directories which can be used for local file system ingestion.
231
+ attr_writer :whitelisted_ingest_dirs
232
+ def whitelisted_ingest_dirs
233
+ @whitelisted_ingest_dirs ||= \
234
+ if defined? BrowseEverything
235
+ Array.wrap(BrowseEverything.config['file_system'].try(:[], :home)).compact
236
+ else
237
+ []
238
+ end
239
+ end
240
+
229
241
  callback.enable :after_create_concern, :after_create_fileset,
230
242
  :after_update_content, :after_revert_content,
231
243
  :after_update_metadata, :after_import_local_file_success,
data/lib/hyrax/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hyrax
2
- VERSION = '1.0.4'.freeze
2
+ VERSION = '1.0.5'.freeze
3
3
  end
@@ -51,11 +51,27 @@ describe Hyrax::CreateWithRemoteFilesActor do
51
51
  file_name: "here.txt" }]
52
52
  end
53
53
 
54
+ before do
55
+ allow(Hyrax.config).to receive(:whitelisted_ingest_dirs).and_return(["/local/file/"])
56
+ end
57
+
54
58
  it "attaches files" do
55
59
  expect(IngestLocalFileJob).to receive(:perform_later).with(FileSet, "/local/file/here.txt", user)
56
60
  expect(actor.create(attributes)).to be true
57
61
  end
58
62
 
63
+ context "with files from non-whitelisted directories" do
64
+ let(:file) { "file:///local/otherdir/test.txt" }
65
+
66
+ # rubocop:disable RSpec/AnyInstance
67
+ it "doesn't attach files" do
68
+ expect_any_instance_of(described_class).to receive(:validate_remote_url).and_call_original
69
+ expect(IngestLocalFileJob).not_to receive(:perform_later)
70
+ expect(actor.create(attributes)).to be false
71
+ end
72
+ # rubocop:enable RSpec/AnyInstance
73
+ end
74
+
59
75
  context "with spaces" do
60
76
  let(:file) { "file:///local/file/ pigs .txt" }
61
77
  it "attaches files" do
@@ -64,4 +80,26 @@ describe Hyrax::CreateWithRemoteFilesActor do
64
80
  end
65
81
  end
66
82
  end
83
+
84
+ describe "#validate_remote_url" do
85
+ before do
86
+ allow(Hyrax.config).to receive(:whitelisted_ingest_dirs).and_return(['/test/', '/local/file/'])
87
+ end
88
+
89
+ it "accepts file: urls in whitelisted directories" do
90
+ expect(actor.actor.send(:validate_remote_url, "file:///local/file/test.txt")).to be true
91
+ expect(actor.actor.send(:validate_remote_url, "file:///local/file/subdirectory/test.txt")).to be true
92
+ expect(actor.actor.send(:validate_remote_url, "file:///test/test.txt")).to be true
93
+ end
94
+
95
+ it "rejects file: urls outside whitelisted directories" do
96
+ expect(actor.actor.send(:validate_remote_url, "file:///tmp/test.txt")).to be false
97
+ expect(actor.actor.send(:validate_remote_url, "file:///test/../tmp/test.txt")).to be false
98
+ expect(actor.actor.send(:validate_remote_url, "file:///test/")).to be false
99
+ end
100
+
101
+ it "accepts other types of urls" do
102
+ expect(actor.actor.send(:validate_remote_url, "https://example.com/test.txt")).to be true
103
+ end
104
+ end
67
105
  end
@@ -21,8 +21,14 @@ describe ImportUrlJob do
21
21
  allow(Hyrax::ImportUrlSuccessService).to receive(:new).and_return(success_service)
22
22
  allow(Hyrax::Actors::FileSetActor).to receive(:new).with(file_set, user).and_return(actor)
23
23
 
24
+ response_headers = { 'Content-Type' => 'image/png', 'Content-Length' => File.size(File.expand_path(file_path, __FILE__)) }
25
+
26
+ stub_request(:head, "http://example.org#{file_hash}").to_return(
27
+ body: "", status: 200, headers: response_headers
28
+ )
29
+
24
30
  stub_request(:get, "http://example.org#{file_hash}").to_return(
25
- body: File.open(File.expand_path(file_path, __FILE__)).read, status: 200, headers: { 'Content-Type' => 'image/png' }
31
+ body: File.open(File.expand_path(file_path, __FILE__)).read, status: 200, headers: response_headers
26
32
  )
27
33
  end
28
34
 
@@ -53,4 +53,6 @@ describe Hyrax::Configuration do
53
53
  it { is_expected.to respond_to(:translate_uri_to_id) }
54
54
  it { is_expected.to respond_to(:upload_path) }
55
55
  it { is_expected.to respond_to(:work_requires_files?) }
56
+ it { is_expected.to respond_to(:whitelisted_ingest_dirs) }
57
+ it { is_expected.to respond_to(:whitelisted_ingest_dirs=) }
56
58
  end
data/template.rb CHANGED
@@ -1,4 +1,4 @@
1
- gem 'hyrax', '1.0.4'
1
+ gem 'hyrax', '1.0.5'
2
2
 
3
3
  run 'bundle install'
4
4
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hyrax
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.4
4
+ version: 1.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Justin Coyne
@@ -14,7 +14,7 @@ authors:
14
14
  autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
- date: 2017-08-22 00:00:00.000000000 Z
17
+ date: 2017-10-10 00:00:00.000000000 Z
18
18
  dependencies:
19
19
  - !ruby/object:Gem::Dependency
20
20
  name: hydra-head
@@ -2627,7 +2627,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
2627
2627
  version: '0'
2628
2628
  requirements: []
2629
2629
  rubyforge_project:
2630
- rubygems_version: 2.6.8
2630
+ rubygems_version: 2.6.11
2631
2631
  signing_key:
2632
2632
  specification_version: 4
2633
2633
  summary: Hyrax is a front-end based on the robust Samvera framework, providing a user