blob: 16bcebec4bb4c6d8446688b89a8e67b0ea299f0d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# frozen_string_literal: true
require 'redmine/configuration'
require 'redmine/plugin_loader'
Rails.application.config.to_prepare do
I18n::Backend::Simple.include(I18n::Backend::Pluralization)
# Use Nokogiri as XML backend instead of Rexml
ActiveSupport::XmlMini.backend = 'Nokogiri'
Redmine::Preparation.prepare
end
# Load the secret token from the Redmine configuration file
secret = Redmine::Configuration['secret_token']
if secret.present?
RedmineApp::Application.config.secret_token = secret
end
Redmine::PluginLoader.load
Rails.application.config.to_prepare do
Doorkeeper.configure do
orm :active_record
# Issue access tokens with refresh token
use_refresh_token
# Authorization Code expiration time (default: 10 minutes).
#
# authorization_code_expires_in 10.minutes
# Access token expiration time (default: 2 hours).
# If you want to disable expiration, set this to `nil`.
#
# access_token_expires_in 2.hours
# Hash access and refresh tokens before persisting them.
# https://doorkeeper.gitbook.io/guides/security/token-and-application-secrets
hash_token_secrets
# Hash application secrets before persisting them.
hash_application_secrets using: '::Doorkeeper::SecretStoring::BCrypt'
# limit supported flows to Auth code
grant_flows ['authorization_code']
realm Redmine::Info.app_name
base_controller 'ApplicationController'
default_scopes(*Redmine::AccessControl.public_permissions.map(&:name))
optional_scopes(*(Redmine::AccessControl.permissions.map(&:name) << :admin))
# Forbids creating/updating applications with arbitrary scopes that are
# not in configuration, i.e. +default_scopes+ or +optional_scopes+.
enforce_configured_scopes
allow_token_introspection false
# allow http loopback redirect URIs but require https for all others
force_ssl_in_redirect_uri { |uri| !%w[localhost 127.0.0.1 web localohst:8080].include?(uri.host) }
# Specify what redirect URI's you want to block during Application creation.
forbid_redirect_uri { |uri| %w[data vbscript javascript].include?(uri.scheme.to_s.downcase) }
resource_owner_authenticator do
if require_login
if Setting.rest_api_enabled?
User.current
else
deny_access
end
end
end
admin_authenticator do |_routes|
if !Setting.rest_api_enabled? || !User.current.admin?
deny_access
end
end
end
# Use Redmine standard layouts and helpers for Doorkeeper OAuth2 screens
Doorkeeper::ApplicationsController.layout "admin"
Doorkeeper::ApplicationsController.main_menu = false
Doorkeeper::AuthorizationsController.layout "base"
Doorkeeper::AuthorizedApplicationsController.layout "base"
Doorkeeper::AuthorizedApplicationsController.main_menu = false
default_paths = []
default_paths << Rails.root.join("app/assets/javascripts")
default_paths << Rails.root.join("app/assets/images")
default_paths << Rails.root.join("app/assets/stylesheets")
Rails.application.config.assets.redmine_default_asset_path = Redmine::AssetPath.new(Rails.root.join('app/assets'), default_paths)
Redmine::FieldFormat::RecordList.subclasses.each do |klass|
klass.instance.reset_target_class
end
Redmine::Plugin.all.each do |plugin|
paths = plugin.asset_paths
Rails.application.config.assets.redmine_extension_paths << paths if paths.present?
end
Redmine::Themes.themes.each do |theme|
paths = theme.asset_paths
Rails.application.config.assets.redmine_extension_paths << paths if paths.present?
end
Doorkeeper::ApplicationsController.class_eval do
require_sudo_mode :create, :show, :update, :destroy
end
Doorkeeper::AuthorizationsController.class_eval do
require_sudo_mode :create, :destroy
end
end
Rails.application.deprecators[:redmine] = ActiveSupport::Deprecation.new('7.0', 'Redmine')
|
