Merge remote-tracking branch 'origin/staging' into develop

backend/scripts/repl

@@ -4,6 +4,12 @@ export PENPOT_HOST=devenv
 export PENPOT_TENANT=dev
 export PENPOT_FLAGS="\
        $PENPOT_FLAGS \
+       enable-registration
+       enable-login-with-password
+       enable-login-with-oidc \
+       enable-login-with-google \
+       enable-login-with-github \
+       enable-login-with-gitlab \
        enable-backend-asserts \
        enable-fdata-storage-pointer-map \
        enable-fdata-storage-objets-map \
@@ -46,6 +52,18 @@ export PENPOT_STORAGE_ASSETS_S3_BUCKET=penpot
 
 #-J-Djdk.virtualThreadScheduler.parallelism=16
 
+# export PENPOT_ERROR_REPORT_WEBHOOK=https://chat.kaleidos.net/hooks/r9o4gpyhbpnkuczbpg6xcz8enc
+
+export PENPOT_GOOGLE_CLIENT_ID=918240256800-jbmmeanksmmd0ocha7jfqrj36d59gfsa.apps.googleusercontent.com
+export PENPOT_GOOGLE_CLIENT_SECRET=u-11Tnc2XqpLSOwTLN_9XGlh
+export PENPOT_GITLAB_CLIENT_ID=6f63fd91e495349ba206148728c9aca64ae2605e9a95f2a1233b37c4f018b7a0
+export PENPOT_GITLAB_CLIENT_SECRET=c4d195795587187dc351190d8bd97a9c3c0a7cfe7d304af8fc0cde960efe2a7f
+export PENPOT_GITHUB_CLIENT_ID=eeba78a4acb5d752e39d
+export PENPOT_GITHUB_CLIENT_SECRET=d336f54eb1ceb2328f261ad9a4b449f67dbad38f
+
+export PENPOT_OIDC_BASE_URI=https://dev-t71ydmki.eu.auth0.com
+export PENPOT_OIDC_CLIENT_ID=lsg1unfacZi4Wac9C0RlsdpPnj6bP5wb
+export PENPOT_OIDC_CLIENT_SECRET=f_JONt992YoNjUqZIFTyLgCZ2Bc_1r74j2op_XT-KQEVQPJv2ebiH8IPZnViimOd
 
 export OPTIONS="
        -A:jmx-remote -A:dev \

backend/src/app/auth/oidc.clj

@@ -161,8 +161,8 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
 (defn- retrieve-github-email
-  [cfg tdata info]
+  [cfg tdata props]
-  (or (some-> info :email)
+  (or (some-> props :github/email)
       (let [params {:uri "https://api.github.com/user/emails"
                     :headers {"Authorization" (dm/str (:type tdata) " " (:token tdata))}
                     :timeout 6000
@@ -244,6 +244,11 @@
 ;; HANDLERS
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
+(defn- parse-attr-path
+  [provider path]
+  (let [[fitem & items] (str/split path "__")]
+    (into [(keyword (:name provider) fitem)] (map keyword) items)))
+
 (defn- build-redirect-uri
   [{:keys [provider] :as cfg}]
   (let [public (u/uri (cf/get :public-uri))]
@@ -303,26 +308,29 @@
 
 (defn- retrieve-user-info
   [{:keys [provider] :as cfg} tdata]
-  (letfn [(get-email [info]
+  (letfn [(get-email [props]
             ;; Allow providers hook into this for custom email
             ;; retrieval method.
-            (if-let [get-email-fn (:get-email-fn provider)]
-              (get-email-fn tdata info)
-              (let [attr-kw (cf/get :oidc-email-attr :email)]
-                (get info attr-kw))))
 
-          (get-name [info]
+            (if-let [get-email-fn (:get-email-fn provider)]
-            (let [attr-kw (cf/get :oidc-name-attr :name)]
+              (get-email-fn tdata props)
-              (get info attr-kw)))
+              (let [attr-kw (cf/get :oidc-email-attr "email")
+                    attr-ph (parse-attr-path provider attr-kw)]
+                (get-in props attr-ph))))
+
+          (get-name [props]
+            (let [attr-kw (cf/get :oidc-name-attr "name")
+                  attr-ph (parse-attr-path provider attr-kw)]
+              (get-in props attr-ph)))
 
           (process-response [response]
             (let [info  (-> response :body json/decode)
-                  email (get-email info)]
+                  props (qualify-props provider info)
+                  email (get-email props)]
               {:backend  (:name provider)
+               :fullname (or (get-name props) email)
                :email    email
-               :fullname (or (get-name info) email)
+               :props    props}))]
-               :props    (->> (dissoc info :name :email)
-                              (qualify-props provider))}))]
 
     (l/trace :hint "request user info"
              :uri (:user-uri provider)
@@ -367,11 +375,6 @@
                    ::fullname
                    ::props]))
 
-(defn- parse-oidc-role-attrs
-  [path]
-  (let [[fitem & items] (str/split path "__")]
-    (into [(keyword "oidc" fitem)] (map keyword) items)))
-
 (defn get-info
   [{:keys [provider] :as cfg} {:keys [params] :as request}]
   (when-let [error (get params :error)]
@@ -392,9 +395,10 @@
                (seq (:roles provider)))
 
       (let [expected-roles (into #{} (:roles provider))
-            current-roles  (let [roles (->> (cf/get :oidc-roles-attr "roles")
+            current-roles  (let [roles-kw (cf/get :oidc-roles-attr "roles")
-                                            (parse-oidc-role-attrs)
+                                 roles-ph (parse-attr-path provider roles-kw)
-                                            (get-in info))]
+                                 props    (:props info)
+                                 roles    (get-in (:props info) roles-ph)]
                              (cond
                                (string? roles) (into #{} (str/words roles))
                                (vector? roles) (into #{} roles)

backend/src/app/config.clj

@@ -154,8 +154,8 @@
 (s/def ::oidc-scopes ::us/set-of-strings)
 (s/def ::oidc-roles ::us/set-of-strings)
 (s/def ::oidc-roles-attr ::us/string)
-(s/def ::oidc-email-attr ::us/keyword)
+(s/def ::oidc-email-attr ::us/string)
-(s/def ::oidc-name-attr ::us/keyword)
+(s/def ::oidc-name-attr ::us/string)
 (s/def ::host ::us/string)
 (s/def ::http-server-port ::us/integer)
 (s/def ::http-server-host ::us/string)

backend/src/app/loggers/audit.clj

@@ -233,9 +233,8 @@
 
 (defn submit!
   "Submit audit event to the collector."
-  [{:keys [::wrk/executor] :as cfg} params]
+  [cfg params]
   (let [conn (or (::db/conn cfg) (::db/pool cfg))]
-    (us/assert! ::wrk/executor executor)
     (us/assert! ::db/pool-or-conn conn)
     (try
       (handle-event! conn (d/without-nils params))

frontend/gulpfile.js

@@ -49,9 +49,12 @@ function readLocales() {
   const langs = ["ar", "ca", "de", "el", "en", "eu", "it", "es",
                  "fa", "fr", "he", "nb_NO", "pl", "pt_BR", "ro", "id",
                  "ru", "tr", "zh_CN", "zh_Hant", "hr", "gl", "pt_PT",
+                 "cs", "fo", "ko", "lv",
                  // this happens when file does not matches correct
                  // iso code for the language.
-                 ["ja_jp", "jpn_JP"]
+                 ["ja_jp", "jpn_JP"],
+                 // ["fi", "fin_FI"],
+                 ["uk", "ukr_UA"]
                 ];
   const result = {};
 

frontend/src/app/util/i18n.cljs

@@ -39,6 +39,11 @@
    {:label "Türkçe (community)" :value "tr"}
    {:label "Ελληνική γλώσσα (community)" :value "el"}
    {:label "Русский (community)" :value "ru"}
+   {:label "Украї́нська мо́ва (community)" :value "uk"}
+   {:label "Český jazyk (community)" :value "cs"}
+   {:label "Latviešu valoda (community)" :value "lv"}
+   {:label "Føroyskt mál (community)" :value "fo"}
+   {:label "Korean (community)" :value "ko"}
    {:label "עִבְרִית (community)" :value "he"}
    {:label "عربي/عربى (community)" :value "ar"}
    {:label "فارسی (community)" :value "fa"}

frontend/translations/fi.po

@@ -1,6 +0,0 @@
-msgid ""
-msgstr ""
-"X-Generator: Weblate\n"
-"MIME-Version: 1.0\n"
-"Content-Type: text/plain; charset=utf-8\n"
-"Content-Transfer-Encoding: 8bit\n"