Merge remote-tracking branch 'origin/staging' into develop

2025-04-02 10:01:34 -05:00 · 2023-04-25 13:25:13 +02:00 · 2023-04-25 13:25:13 +02:00 · b37a92aaf7
commit b37a92aaf7
parent 4ddd3811b2 c44e2a9526
7 changed files with 56 additions and 33 deletions
--- a/backend/scripts/repl
+++ b/backend/scripts/repl
@ -4,6 +4,12 @@ export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
 export PENPOT_FLAGS="\
       $PENPOT_FLAGS \
+       enable-registration
+       enable-login-with-password
+       enable-login-with-oidc \
+       enable-login-with-google \
+       enable-login-with-github \
+       enable-login-with-gitlab \
       enable-backend-asserts \
       enable-fdata-storage-pointer-map \
       enable-fdata-storage-objets-map \
@ -46,6 +52,18 @@ export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot

 #-J-Djdk.virtualThreadScheduler.parallelism=16

+# export PENPOT_ERROR_REPORT_WEBHOOK=https://chat.kaleidos.net/hooks/r9o4gpyhbpnkuczbpg6xcz8enc
+
+export PENPOT_GOOGLE_CLIENT_ID=918240256800-jbmmeanksmmd0ocha7jfqrj36d59gfsa.apps.googleusercontent.com
+export PENPOT_GOOGLE_CLIENT_SECRET=u-11Tnc2XqpLSOwTLN_9XGlh
+export PENPOT_GITLAB_CLIENT_ID=6f63fd91e495349ba206148728c9aca64ae2605e9a95f2a1233b37c4f018b7a0
+export PENPOT_GITLAB_CLIENT_SECRET=c4d195795587187dc351190d8bd97a9c3c0a7cfe7d304af8fc0cde960efe2a7f
+export PENPOT_GITHUB_CLIENT_ID=eeba78a4acb5d752e39d
+export PENPOT_GITHUB_CLIENT_SECRET=d336f54eb1ceb2328f261ad9a4b449f67dbad38f
+
+export PENPOT_OIDC_BASE_URI=https://dev-t71ydmki.eu.auth0.com
+export PENPOT_OIDC_CLIENT_ID=lsg1unfacZi4Wac9C0RlsdpPnj6bP5wb
+export PENPOT_OIDC_CLIENT_SECRET=f_JONt992YoNjUqZIFTyLgCZ2Bc_1r74j2op_XT-KQEVQPJv2ebiH8IPZnViimOd

 export OPTIONS="
       -A:jmx-remote -A:dev \
--- a/backend/src/app/auth/oidc.clj
+++ b/backend/src/app/auth/oidc.clj
@ -161,8 +161,8 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

 (defn- retrieve-github-email
-  [cfg tdata info]
-  (or (some-> info :email)
+  [cfg tdata props]
+  (or (some-> props :github/email)
      (let [params {:uri "https://api.github.com/user/emails"
                    :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
                    :timeout 6000
@ -244,6 +244,11 @@
 ;; HANDLERS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

+(defn- parse-attr-path
+  [provider path]
+  (let [[fitem & items] (str/split path "__")]
+    (into [(keyword (:name provider) fitem)] (map keyword) items)))
+
 (defn- build-redirect-uri
  [{:keys [provider] :as cfg}]
  (let [public (u/uri (cf/get :public-uri))]
@ -303,26 +308,29 @@

 (defn- retrieve-user-info
  [{:keys [provider] :as cfg} tdata]
-  (letfn [(get-email [info]
+  (letfn [(get-email [props]
            ;; Allow providers hook into this for custom email
            ;; retrieval method.
-            (if-let [get-email-fn (:get-email-fn provider)]
-              (get-email-fn tdata info)
-              (let [attr-kw (cf/get :oidc-email-attr :email)]
-                (get info attr-kw))))

-          (get-name [info]
-            (let [attr-kw (cf/get :oidc-name-attr :name)]
-              (get info attr-kw)))
+            (if-let [get-email-fn (:get-email-fn provider)]
+              (get-email-fn tdata props)
+              (let [attr-kw (cf/get :oidc-email-attr "email")
+                    attr-ph (parse-attr-path provider attr-kw)]
+                (get-in props attr-ph))))
+
+          (get-name [props]
+            (let [attr-kw (cf/get :oidc-name-attr "name")
+                  attr-ph (parse-attr-path provider attr-kw)]
+              (get-in props attr-ph)))

          (process-response [response]
            (let [info  (-> response :body json/decode)
-                  email (get-email info)]
+                  props (qualify-props provider info)
+                  email (get-email props)]
              {:backend  (:name provider)
+               :fullname (or (get-name props) email)
               :email    email
-               :fullname (or (get-name info) email)
-               :props    (->> (dissoc info :name :email)
-                              (qualify-props provider))}))]
+               :props    props}))]

    (l/trace :hint "request user info"
             :uri (:user-uri provider)
@ -367,11 +375,6 @@
                   ::fullname
                   ::props]))

-(defn- parse-oidc-role-attrs
-  [path]
-  (let [[fitem & items] (str/split path "__")]
-    (into [(keyword "oidc" fitem)] (map keyword) items)))
-
 (defn get-info
  [{:keys [provider] :as cfg} {:keys [params] :as request}]
  (when-let [error (get params :error)]
@ -392,9 +395,10 @@
               (seq (:roles provider)))

      (let [expected-roles (into #{} (:roles provider))
-            current-roles  (let [roles (->> (cf/get :oidc-roles-attr "roles")
-                                            (parse-oidc-role-attrs)
-                                            (get-in info))]
+            current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
+                                 roles-ph (parse-attr-path provider roles-kw)
+                                 props    (:props info)
+                                 roles    (get-in (:props info) roles-ph)]
                             (cond
                               (string? roles) (into #{} (str/words roles))
                               (vector? roles) (into #{} roles)
--- a/backend/src/app/config.clj
+++ b/backend/src/app/config.clj
@ -154,8 +154,8 @@
 (s/def ::oidc-scopes ::us/set-of-strings)
 (s/def ::oidc-roles ::us/set-of-strings)
 (s/def ::oidc-roles-attr ::us/string)
-(s/def ::oidc-email-attr ::us/keyword)
-(s/def ::oidc-name-attr ::us/keyword)
+(s/def ::oidc-email-attr ::us/string)
+(s/def ::oidc-name-attr ::us/string)
 (s/def ::host ::us/string)
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)
--- a/backend/src/app/loggers/audit.clj
+++ b/backend/src/app/loggers/audit.clj
@ -233,9 +233,8 @@

 (defn submit!
  "Submit audit event to the collector."
-  [{:keys [::wrk/executor] :as cfg} params]
+  [cfg params]
  (let [conn (or (::db/conn cfg) (::db/pool cfg))]
-    (us/assert! ::wrk/executor executor)
    (us/assert! ::db/pool-or-conn conn)
    (try
      (handle-event! conn (d/without-nils params))
--- a/frontend/gulpfile.js
+++ b/frontend/gulpfile.js
@ -49,9 +49,12 @@ function readLocales() {
  const langs = ["ar", "ca", "de", "el", "en", "eu", "it", "es",
                 "fa", "fr", "he", "nb_NO", "pl", "pt_BR", "ro", "id",
                 "ru", "tr", "zh_CN", "zh_Hant", "hr", "gl", "pt_PT",
+                 "cs", "fo", "ko", "lv",
                 // this happens when file does not matches correct
                 // iso code for the language.
-                 ["ja_jp", "jpn_JP"]
+                 ["ja_jp", "jpn_JP"],
+                 // ["fi", "fin_FI"],
+                 ["uk", "ukr_UA"]
                ];
  const result = {};

--- a/frontend/src/app/util/i18n.cljs
+++ b/frontend/src/app/util/i18n.cljs
@ -39,6 +39,11 @@
   {:label "Türkçe (community)" :value "tr"}
   {:label "Ελληνική γλώσσα (community)" :value "el"}
   {:label "Русский (community)" :value "ru"}
+   {:label "Украї́нська мо́ва (community)" :value "uk"}
+   {:label "Český jazyk (community)" :value "cs"}
+   {:label "Latviešu valoda (community)" :value "lv"}
+   {:label "Føroyskt mál (community)" :value "fo"}
+   {:label "Korean (community)" :value "ko"}
   {:label "עִבְרִית (community)" :value "he"}
   {:label "عربي/عربى (community)" :value "ar"}
   {:label "فارسی (community)" :value "fa"}
--- a/frontend/translations/fi.po
+++ b/frontend/translations/fi.po
@ -1,6 +0,0 @@
-msgid ""
-msgstr ""
-"X-Generator: Weblate\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
-"Content-Transfer-Encoding: 8bit\n"