openproject-token 4.0.0 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26f34040f3ddbd6546761e8e6e33f5081b95550d3795dccccdf86f3610952b52
-  data.tar.gz: d387c8130062a25183db07cbb3f43d7319836d143e3857d5271e24d99ef208eb
+  metadata.gz: 24a0ac03322b7a1471a9b638111f18d7a038e3171fb1e9156e6b7d04d0503053
+  data.tar.gz: 47d565cc5231417c67dc9db5639bdb8eecb8e12203c7f43cc9e789ff3c66df23
 SHA512:
-  metadata.gz: 7cfc8e13d23e2d50c5f769ea7482f526b92ecf6a83075ca03790c3415ecf959e073f60f611c217f7546f02b080242d3075cfc32a9185d5e69749c895aa398659
-  data.tar.gz: bf8dd5ea2f830eeca4854560f560bcee3ccbbb6993e1d5868bf7caf40c24e0547b454e82b5aa9fde7384ac38314426cb9cac28f838197312596f6dfcf54ccc78
+  metadata.gz: c50b946dd44364c974f326fd3c4987f0edd9ad1c04a123bf8242af1e2556923f68f12e90032a58376c2a3e867f1a73b421b8ea81f94d61afd7de67c0020a88d6
+  data.tar.gz: 1a8d2af2edaf6587af2791fd414b9446e41a2f9fb7b66a17b76c1a8b60956182dbe0da6c7c8d67f2a0753ffc22ed914e80f869a8272c31e3de96f9b0201377db

data/lib/open_project/token/armor.rb

@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
 module OpenProject
   class Token
     module Armor
       class ParseError < StandardError; end
 
-      MARKER = 'OPENPROJECT-EE TOKEN'
+      MARKER = "OPENPROJECT-EE TOKEN"
 
       class << self
         def header
@@ -15,19 +17,17 @@ module OpenProject
         end
 
         def encode(data)
-          ''.tap do |s|
-            s << header << "\n"
-
-            s << data.strip << "\n"
-
-            s << footer
-          end
+          <<~DATA
+            #{header}
+            #{data.strip}
+            #{footer}
+          DATA
         end
 
         def decode(data)
           match = data.match /#{header}\r?\n(.+?)\r?\n#{footer}/m
           if match.nil?
-            raise ParseError, 'Failed to parse armored text.'
+            raise ParseError, "Failed to parse armored text."
           end
 
           match[1]

data/lib/open_project/token/extractor.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module OpenProject
   class Token
     class Extractor
@@ -40,17 +42,17 @@ module OpenProject
         end
 
         # Decrypt the data using symmetric AES encryption.
-        cipher = OpenSSL::Cipher::AES128.new(:CBC)
+        cipher = OpenSSL::Cipher.new("aes-128-cbc")
         cipher.decrypt
 
         begin
-          cipher.key  = aes_key
+          cipher.key = aes_key
         rescue OpenSSL::Cipher::CipherError
           raise DecryptionError, "AES encryption key is invalid."
         end
 
         begin
-          cipher.iv   = aes_iv
+          cipher.iv = aes_iv
         rescue OpenSSL::Cipher::CipherError
           raise DecryptionError, "AES IV is invalid."
         end

data/lib/open_project/token/plans.rb

@@ -0,0 +1,83 @@
+# frozen_string_literal: true
+
+module OpenProject
+  class Token
+    LEGACY_ENTERPRISE_PLAN_FEATURES = %i[
+      baseline_comparison
+      board_view
+      conditional_highlighting
+      custom_actions
+      custom_field_hierarchies
+      customize_life_cycle
+      date_alerts
+      define_custom_style
+      edit_attribute_groups
+      gantt_pdf_export
+      grid_widget_wp_graph
+      ldap_groups
+      one_drive_sharepoint_file_storage
+      placeholder_users
+      project_list_sharing
+      readonly_work_packages
+      sso_auth_providers
+      team_planner_view
+      virus_scanning
+      work_package_query_relation_columns
+      work_package_sharing
+    ].freeze
+
+    BASIC_PLAN_FEATURES = %i[
+      baseline_comparison
+      board_view
+      conditional_highlighting
+      custom_actions
+      custom_field_hierarchies
+      date_alerts
+      define_custom_style
+      edit_attribute_groups
+      gantt_pdf_export
+      grid_widget_wp_graph
+      placeholder_users
+      readonly_work_packages
+      team_planner_view
+      work_package_query_relation_columns
+    ].freeze
+
+    PROFESSIONAL_PLAN_FEATURES = %i[
+      one_drive_sharepoint_file_storage
+      work_package_sharing
+      work_package_subject_generation
+    ].freeze
+
+    PREMIUM_PLAN_FEATURES = %i[
+      customize_life_cycle
+      ldap_groups
+      project_list_sharing
+      sso_auth_providers
+    ].freeze
+
+    CORPORATE_PLAN_FEATURES = %i[
+      virus_scanning
+    ].freeze
+
+    FEATURES_PER_PLAN = {
+      # old plan that is used for all plans that do not have a plan set
+      legacy_enterprise: LEGACY_ENTERPRISE_PLAN_FEATURES,
+
+      # new plans
+      basic: BASIC_PLAN_FEATURES,
+      professional: PROFESSIONAL_PLAN_FEATURES + BASIC_PLAN_FEATURES,
+      premium: PREMIUM_PLAN_FEATURES + PROFESSIONAL_PLAN_FEATURES + BASIC_PLAN_FEATURES,
+      corporate: CORPORATE_PLAN_FEATURES + PREMIUM_PLAN_FEATURES + PROFESSIONAL_PLAN_FEATURES + BASIC_PLAN_FEATURES
+    }.freeze
+
+    # Current plan names, sorted by inheritance
+    ACTIVE_PLAN_NAMES = %i[basic professional premium corporate].freeze
+
+    # All available plan names
+    AVAILABLE_PLAN_NAMES = %i[legacy_enterprise] + ACTIVE_PLAN_NAMES
+
+    # default plan that is assigned to a token if no plan is given (especially legacy tokens)
+    DEFAULT_PLAN = :legacy_enterprise
+  end
+end

data/lib/open_project/token/version.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 module OpenProject
   class Token
-    VERSION = "4.0.0"
+    VERSION = "5.1.0"
   end
 end

data/lib/open_project/token.rb

@@ -1,13 +1,16 @@
+# frozen_string_literal: true
+
 require "openssl"
 require "date"
 require "json"
 require "base64"
 
-require 'active_model'
+require "active_model"
 
 require "open_project/token/version"
 require "open_project/token/extractor"
 require "open_project/token/armor"
+require "open_project/token/plans"
 
 module OpenProject
   class Token
@@ -44,28 +47,31 @@ module OpenProject
       rescue Armor::ParseError
         raise ImportError, "Token value could not be parsed."
       end
+
+      def lowest_plan_for(feature)
+        OpenProject::Token::ACTIVE_PLAN_NAMES.detect do |plan|
+          OpenProject::Token::FEATURES_PER_PLAN[plan].include?(feature)
+        end
+      end
     end
 
     include ActiveModel::Validations
 
-    attr_reader :version
-    attr_accessor :subscriber, :mail, :company, :domain
-    attr_accessor :starts_at, :issued_at, :expires_at
-    attr_accessor :reprieve_days
-    attr_accessor :notify_admins_at, :notify_users_at, :block_changes_at
-    attr_accessor :restrictions
-    attr_accessor :features
+    attr_reader :version, :plan
+    attr_accessor :subscriber, :mail, :company, :domain, :starts_at, :issued_at, :expires_at, :reprieve_days, :notify_admins_at,
+                  :notify_users_at, :block_changes_at, :restrictions, :features
 
     validates_presence_of :subscriber
     validates_presence_of :mail
     validates_presence_of :company, allow_blank: true
     validates_presence_of :domain, if: :validate_domain?
+    validates_inclusion_of :plan, in:  -> { OpenProject::Token::AVAILABLE_PLAN_NAMES }, allow_blank: true
 
     validates_each(
       :starts_at, :issued_at, :expires_at, :notify_admins_at, :notify_users_at, :block_changes_at,
-      allow_blank: true) do |record, attr, value|
-
-      record.errors.add attr, 'is not a date' if !value.is_a?(Date)
+      allow_blank: true
+    ) do |record, attr, value|
+      record.errors.add attr, "is not a date" if !value.is_a?(Date)
     end
 
     validates_each :restrictions, allow_nil: true do |record, attr, value|
@@ -77,23 +83,36 @@ module OpenProject
     end
 
     def will_expire?
-      self.expires_at
+      expires_at
     end
 
     def will_notify_admins?
-      self.notify_admins_at
+      notify_admins_at
     end
 
     def will_notify_users?
-      self.notify_users_at
+      notify_users_at
     end
 
     def will_block_changes?
-      self.block_changes_at
+      block_changes_at
     end
 
     def has_feature?(name)
-      features && features.include?(name.to_sym)
+      available_features.include?(name.to_sym)
+    end
+
+    def plan=(value)
+      value.presence&.to_sym
+    end
+
+    def available_features
+      return @available_features if defined?(@available_features)
+
+      relevant_features = OpenProject::Token::FEATURES_PER_PLAN[plan] || []
+      additional_features = features || []
+
+      @available_features = (relevant_features + additional_features).uniq
     end
 
     ##
@@ -108,7 +127,7 @@ module OpenProject
     def expired?(reprieve: true)
       offset = reprieve ? reprieve_days.to_i : 0
 
-      will_expire? && Date.today >= self.expires_at.next_day(offset)
+      will_expire? && Date.today >= expires_at.next_day(offset)
     end
 
     ##
@@ -118,19 +137,19 @@ module OpenProject
     def reprieve_days_left
       return nil unless reprieve_days.to_i > 0 && expired?(reprieve: false)
 
-      (self.expires_at.next_day(reprieve_days.to_i) - Date.today).to_i
+      (expires_at.next_day(reprieve_days.to_i) - Date.today).to_i
     end
 
     def notify_admins?
-      will_notify_admins? && Date.today >= self.notify_admins_at
+      will_notify_admins? && Date.today >= notify_admins_at
     end
 
     def notify_users?
-      will_notify_users? && Date.today >= self.notify_users_at
+      will_notify_users? && Date.today >= notify_users_at
     end
 
     def block_changes?
-      will_block_changes? && Date.today >= self.block_changes_at
+      will_block_changes? && Date.today >= block_changes_at
     end
 
     # tokens with no version or a version lower than 2.0 don't have the attributes company or domain
@@ -157,34 +176,35 @@ module OpenProject
     def attributes
       hash = {}
 
-      hash["version"]          = self.version
-      hash["subscriber"]       = self.subscriber
-      hash["mail"]             = self.mail
-      hash["company"]          = self.company
-      hash["domain"]           = self.domain
+      hash["version"]          = version
+      hash["subscriber"]       = subscriber
+      hash["mail"]             = mail
+      hash["company"]          = company
+      hash["domain"]           = domain
+      hash["plan"]             = plan
 
-      hash["issued_at"]        = self.issued_at
-      hash["starts_at"]        = self.starts_at
-      hash["expires_at"]       = self.expires_at       if self.will_expire?
-      hash["reprieve_days"]    = self.reprieve_days    if self.will_expire?
+      hash["issued_at"]        = issued_at
+      hash["starts_at"]        = starts_at
+      hash["expires_at"]       = expires_at       if will_expire?
+      hash["reprieve_days"]    = reprieve_days    if will_expire?
 
-      hash["notify_admins_at"] = self.notify_admins_at if self.will_notify_admins?
-      hash["notify_users_at"]  = self.notify_users_at  if self.will_notify_users?
-      hash["block_changes_at"] = self.block_changes_at if self.will_block_changes?
+      hash["notify_admins_at"] = notify_admins_at if will_notify_admins?
+      hash["notify_users_at"]  = notify_users_at  if will_notify_users?
+      hash["block_changes_at"] = block_changes_at if will_block_changes?
 
-      hash["restrictions"]     = self.restrictions     if self.restricted?
-      hash["features"]         = self.features
+      hash["restrictions"]     = restrictions     if restricted?
+      hash["features"]         = features
 
       hash
     end
 
-    def to_json
-      JSON.dump(self.attributes)
+    def to_json(*_args)
+      JSON.dump(attributes)
     end
 
     def from_json(json)
       load_attributes(JSON.parse(json))
-    rescue => e
+    rescue StandardError => e
       raise ParseError, "Failed to load from json: #{e}"
     end
 
@@ -194,11 +214,10 @@ module OpenProject
       @parsed_domain
     end
 
-
     private
 
     def load_attributes(attributes)
-      attributes = Hash[attributes.map { |k, v| [k.to_s, v] }]
+      attributes = attributes.transform_keys(&:to_s)
 
       @version = read_version attributes
       @subscriber = attributes["subscriber"]
@@ -208,7 +227,13 @@ module OpenProject
 
       date_attribute_keys.each do |attr|
         value = attributes[attr]
-        value = Date.parse(value) rescue nil if value.is_a?(String)
+        if value.is_a?(String)
+          value = begin
+            Date.parse(value)
+          rescue StandardError
+            nil
+          end
+        end
 
         next unless value
 
@@ -218,24 +243,26 @@ module OpenProject
       reprieve_days = attributes["reprieve_days"]
 
       if will_expire?
-        if reprieve_days.nil? && apply_default_reprieve?(version)
-          @reprieve_days = 7
-        else
-          @reprieve_days = reprieve_days.to_i
-        end
+        @reprieve_days = if reprieve_days.nil? && apply_default_reprieve?(version)
+                           7
+                         else
+                           reprieve_days.to_i
+                         end
       end
 
       restrictions = attributes["restrictions"]
 
-      if restrictions && restrictions.is_a?(Hash)
-        restrictions = Hash[restrictions.map { |k, v| [k.to_sym, v] }]
+      if restrictions.is_a?(Hash)
+        restrictions = restrictions.transform_keys(&:to_sym)
         @restrictions = restrictions
       end
 
-      features = attributes['features']
-      if features && features.is_a?(Array)
+      features = attributes["features"]
+      if features.is_a?(Array)
         @features = features.map(&:to_sym)
       end
+
+      @plan = attributes["plan"].presence&.to_sym || OpenProject::Token::DEFAULT_PLAN
     end
 
     ##
@@ -272,7 +299,7 @@ module OpenProject
     end
 
     def read_domain!(input)
-      return input if input.nil? || !(input.start_with?('/') && input.end_with?('/'))
+      return input if input.nil? || !(input.start_with?("/") && input.end_with?("/"))
 
       # Omit the slashes of the input
       Regexp.new input[1..-2]
@@ -287,7 +314,7 @@ module OpenProject
     end
 
     def domain_required_from_version
-      @domain_required_from_version ||= Gem::Version.new('2.0')
+      @domain_required_from_version ||= Gem::Version.new("2.0")
     end
 
     ##

data/lib/openproject-token.rb

@@ -1 +1,3 @@
-require 'open_project/token'
+# frozen_string_literal: true
+
+require "open_project/token"

metadata

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: openproject-token
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 5.1.0
 platform: ruby
 authors:
 - OpenProject GmbH
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-11-08 00:00:00.000000000 Z
+date: 2025-03-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -24,49 +23,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: pry
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.10'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.10'
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.5'
-- !ruby/object:Gem::Dependency
-  name: debug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description:
 email: info@openproject.com
 executables: []
 extensions: []
@@ -77,13 +33,14 @@ files:
 - lib/open_project/token.rb
 - lib/open_project/token/armor.rb
 - lib/open_project/token/extractor.rb
+- lib/open_project/token/plans.rb
 - lib/open_project/token/version.rb
 - lib/openproject-token.rb
 homepage: https://www.openproject.org
 licenses:
 - GPL-3.0
-metadata: {}
-post_install_message:
+metadata:
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -91,15 +48,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.4.2
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.6
-signing_key:
+rubygems_version: 3.6.5
 specification_version: 4
 summary: OpenProject EE token reader
 test_files: []