3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-06-06 09:41:43 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'origin/staging' into develop

Browse source
This commit is contained in:
Andrey Antukh 2023-02-07 18:16:37 +01:00
commit 64f2d874fe
5 changed files with 50 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/scripts/build
View file

@ -12,6 +12,7 @@ cp ../CHANGES.md target/classes/changelog.md;
clojure -T:build jar; clojure -T:build jar;
mv target/penpot.jar target/dist/penpot.jar mv target/penpot.jar target/dist/penpot.jar
cp resources/log4j2.xml target/dist/log4j2.xml
cp scripts/run.template.sh target/dist/run.sh; cp scripts/run.template.sh target/dist/run.sh;
cp scripts/manage.py target/dist/manage.py cp scripts/manage.py target/dist/manage.py
chmod +x target/dist/run.sh; chmod +x target/dist/run.sh;

2
backend/scripts/run.template.sh
View file

@ -18,5 +18,7 @@ if [ -f ./environ ]; then
source ./environ source ./environ
fi fi
export JVM_OPTS="-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -Dlog4j2.configurationFile=log4j2.xml -XX:-OmitStackTraceInFastThrow $JVM_OPTS"
set -x set -x
exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main exec $JAVA_CMD $JVM_OPTS "$@" -jar penpot.jar -m app.main

60
backend/src/app/auth/oidc.clj
View file

@ -64,10 +64,17 @@
nil) nil)
(= 200 (:status response)) (= 200 (:status response))
(let [data (json/decode (:body response))] (let [data (json/decode (:body response))
{:token-uri (get data :token_endpoint) token-uri (get data :token_endpoint)
:auth-uri (get data :authorization_endpoint) auth-uri (get data :authorization_endpoint)
:user-uri (get data :userinfo_endpoint)}) user-uri (get data :userinfo_endpoint)]
(l/debug :hint "oidc uris discovered"
:token-uri token-uri
:auth-uri auth-uri
:user-uri user-uri)
{:token-uri token-uri
:auth-uri auth-uri
:user-uri user-uri})
:else :else
(do (do
@ -110,7 +117,7 @@
(if-let [opts (prepare-oidc-opts cfg)] (if-let [opts (prepare-oidc-opts cfg)]
(do (do
(l/info :hint "provider initialized" (l/info :hint "provider initialized"
:provider :oidc :provider "oidc"
:method (if (:discover? opts) "discover" "manual") :method (if (:discover? opts) "discover" "manual")
:client-id (:client-id opts) :client-id (:client-id opts)
:client-secret (obfuscate-string (:client-secret opts)) :client-secret (obfuscate-string (:client-secret opts))
@ -122,7 +129,7 @@
:roles (:roles opts)) :roles (:roles opts))
opts) opts)
(do (do
(l/warn :hint "unable to initialize auth provider, missing configuration" :provider :oidc) (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "oidc")
nil)))) nil))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -144,13 +151,13 @@
(string? (:client-secret opts))) (string? (:client-secret opts)))
(do (do
(l/info :hint "provider initialized" (l/info :hint "provider initialized"
:provider :google :provider "google"
:client-id (:client-id opts) :client-id (:client-id opts)
:client-secret (obfuscate-string (:client-secret opts))) :client-secret (obfuscate-string (:client-secret opts)))
opts) opts)
(do (do
(l/warn :hint "unable to initialize auth provider, missing configuration" :provider :google) (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "google")
nil))))) nil)))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -196,13 +203,13 @@
(string? (:client-secret opts))) (string? (:client-secret opts)))
(do (do
(l/info :hint "provider initialized" (l/info :hint "provider initialized"
:provider :github :provider "github"
:client-id (:client-id opts) :client-id (:client-id opts)
:client-secret (obfuscate-string (:client-secret opts))) :client-secret (obfuscate-string (:client-secret opts)))
opts) opts)
(do (do
(l/warn :hint "unable to initialize auth provider, missing configuration" :provider :github) (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "github")
nil))))) nil)))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -225,14 +232,14 @@
(string? (:client-secret opts))) (string? (:client-secret opts)))
(do (do
(l/info :hint "provider initialized" (l/info :hint "provider initialized"
:provider :gitlab :provider "gitlab"
:base-uri base :base-uri base
:client-id (:client-id opts) :client-id (:client-id opts)
:client-secret (obfuscate-string (:client-secret opts))) :client-secret (obfuscate-string (:client-secret opts)))
opts) opts)
(do (do
(l/warn :hint "unable to initialize auth provider, missing configuration" :provider :gitlab) (l/warn :hint "unable to initialize auth provider, missing configuration" :provider "gitlab")
nil))))) nil)))))
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@ -275,8 +282,19 @@
"accept" "application/json"} "accept" "application/json"}
:uri (:token-uri provider) :uri (:token-uri provider)
:body (u/map->query-string params)}] :body (u/map->query-string params)}]
(l/trace :hint "request access token"
:provider (:name provider)
:client-id (:client-id provider)
:client-secret (obfuscate-string (:client-secret provider))
:grant-type (:grant_type params)
:redirect-uri (:redirect_uri params))
(->> (http/req! cfg req) (->> (http/req! cfg req)
(p/map (fn [{:keys [status body] :as res}] (p/map (fn [{:keys [status body] :as res}]
(l/trace :hint "access token response"
:status status
:body body)
(if (= status 200) (if (= status 200)
(let [data (json/decode body)] (let [data (json/decode body)]
{:token (get data :access_token) {:token (get data :access_token)
@ -289,12 +307,19 @@
(defn- retrieve-user-info (defn- retrieve-user-info
[{:keys [provider] :as cfg} tdata] [{:keys [provider] :as cfg} tdata]
(letfn [(retrieve [] (letfn [(retrieve []
(l/trace :hint "request user info"
:uri (:user-uri provider)
:token (obfuscate-string (:token tdata))
:token-type (:type tdata))
(http/req! cfg (http/req! cfg
{:uri (:user-uri provider) {:uri (:user-uri provider)
:headers {"Authorization" (str (:type tdata) " " (:token tdata))} :headers {"Authorization" (str (:type tdata) " " (:token tdata))}
:timeout 6000 :timeout 6000
:method :get})) :method :get}))
(validate-response [response] (validate-response [response]
(l/trace :hint "user info response"
:status (:status response)
:body (:body response))
(when-not (s/int-in-range? 200 300 (:status response)) (when-not (s/int-in-range? 200 300 (:status response))
(ex/raise :type :internal (ex/raise :type :internal
:code :unable-to-retrieve-user-info :code :unable-to-retrieve-user-info
@ -309,7 +334,7 @@
(if-let [get-email-fn (:get-email-fn provider)] (if-let [get-email-fn (:get-email-fn provider)]
(get-email-fn tdata info) (get-email-fn tdata info)
(let [attr-kw (cf/get :oidc-email-attr :email)] (let [attr-kw (cf/get :oidc-email-attr :email)]
(get info attr-kw)))) (p/resolved (get info attr-kw)))))
(get-name [info] (get-name [info]
(let [attr-kw (cf/get :oidc-name-attr :name)] (let [attr-kw (cf/get :oidc-name-attr :name)]
@ -325,6 +350,7 @@
(qualify-props provider))})) (qualify-props provider))}))
(validate-info [info] (validate-info [info]
(l/trace :hint "authentication info" :info info)
(when-not (s/valid? ::info info) (when-not (s/valid? ::info info)
(l/warn :hint "received incomplete profile info object (please set correct scopes)" (l/warn :hint "received incomplete profile info object (please set correct scopes)"
:info (pr-str info)) :info (pr-str info))
@ -334,10 +360,10 @@
:info info)) :info info))
info)] info)]
(-> (retrieve) (->> (retrieve)
(p/then validate-response) (p/fmap validate-response)
(p/then process-response) (p/mcat process-response)
(p/then validate-info)))) (p/fmap validate-info))))
(s/def ::backend ::us/not-empty-string) (s/def ::backend ::us/not-empty-string)
(s/def ::email ::us/not-empty-string) (s/def ::email ::us/not-empty-string)

1
docker/images/Dockerfile.backend
View file

@ -13,6 +13,7 @@ RUN set -ex; \
apt-get -qq update; \ apt-get -qq update; \
apt-get -qq upgrade; \ apt-get -qq upgrade; \
apt-get -qqy --no-install-recommends install \ apt-get -qqy --no-install-recommends install \
nano \
curl \ curl \
tzdata \ tzdata \
locales \ locales \

10
frontend/src/app/main/ui/routes.cljs
View file

@ -8,7 +8,6 @@
(:require (:require
[app.common.spec :as us] [app.common.spec :as us]
[app.common.uuid :as uuid] [app.common.uuid :as uuid]
[app.config :as cf]
[app.main.data.users :as du] [app.main.data.users :as du]
[app.main.repo :as rp] [app.main.repo :as rp]
[app.main.store :as st] [app.main.store :as st]
@ -35,12 +34,9 @@
(def routes (def routes
[["/auth" [["/auth"
["/login" :auth-login] ["/login" :auth-login]
(when (contains? @cf/flags :registration) ["/register" :auth-register]
["/register" :auth-register]) ["/register/validate" :auth-register-validate]
(when (contains? @cf/flags :registration) ["/register/success" :auth-register-success]
["/register/validate" :auth-register-validate])
(when (contains? @cf/flags :registration)
["/register/success" :auth-register-success])
["/recovery/request" :auth-recovery-request] ["/recovery/request" :auth-recovery-request]
["/recovery" :auth-recovery] ["/recovery" :auth-recovery]
["/verify-token" :auth-verify-token]] ["/verify-token" :auth-verify-token]]