[ { "path": ".deepsource.toml", "content": "version = 1\n\n[[analyzers]]\nname = \"ruby\"\nenabled = true\n\n[[analyzers]]\nname = \"javascript\"\nenabled = true\n" }, { "path": ".dockerignore", "content": "/log/*\n!/log/.keep\n/tmp\n.idea\n.env\n*.swp\nconfig/application.yml\ndump.rdb\ncoverage\n.git\n" }, { "path": ".gitignore", "content": "# See https://help.github.com/articles/ignoring-files for more about ignoring files.\n#\n# If you find yourself ignoring temporary files generated by your text editor\n# or operating system, you probably want to add a global ignore instead:\n# git config --global core.excludesfile '~/.gitignore_global'\n\n# Ignore bundler config.\n/.bundle\n.local\nvendor/*\n\n# Ignore the default SQLite database.\n/db/*.sqlite3\n/db/*.sqlite3-journal\n\n# Ignore all logfiles and tempfiles.\n/log/*\n!/log/.keep\n/tmp\n.idea\n.env\n.ruby-gemset\n*.swp\nconfig/application.yml\npublic/assets/*\ndump.rdb\ncoverage\ndata/\n" }, { "path": ".rspec", "content": "--color\n--format documentation\n--require spec_helper\n" }, { "path": ".rubocop.yml", "content": "---\nrequire: \n - rubocop-rails\n - rubocop-performance\n - rubocop-faker\n\nAllCops:\n NewCops: enable\n Exclude:\n - config/initializers/*.rb\n - config/environments/*.rb\n - db/*.rb\n - app/workers/*.rb\n - app/services/**/*.rb\n - spec/services/*.rb\n - bin/*\n - Rakefile\n - lib/tasks/*.rake\n - spec/workers/*.rb\n - chef-repo/**/*\nNaming/AccessorMethodName:\n Description: Check the naming of accessor methods for get_/set_.\n Enabled: false\nStyle/Alias:\n Description: Use alias_method instead of alias.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#alias-method\n Enabled: false\nStyle/ArrayJoin:\n Description: Use Array#join instead of Array#*.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#array-join\n Enabled: false\nStyle/AsciiComments:\n Description: Use only ascii symbols in comments.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#english-comments\n Enabled: false\nNaming/AsciiIdentifiers:\n Description: Use only ascii symbols in identifiers.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#english-identifiers\n Enabled: false\nStyle/Attr:\n Description: Checks for uses of Module#attr.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#attr\n Enabled: false\nMetrics/BlockNesting:\n Description: Avoid excessive block nesting\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#three-is-the-number-thou-shalt-count\n Enabled: false\nStyle/CaseEquality:\n Description: Avoid explicit use of the case equality operator(===).\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-case-equality\n Enabled: false\nStyle/CharacterLiteral:\n Description: Checks for uses of character literals.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-character-literals\n Enabled: false\nStyle/ClassAndModuleChildren:\n Description: Checks style of children classes and modules.\n Enabled: true\n EnforcedStyle: compact\n Exclude:\n - config/application.rb\nMetrics/ClassLength:\n Description: Avoid classes longer than 100 lines of code.\n Enabled: false\nMetrics/ModuleLength:\n Description: Avoid modules longer than 100 lines of code.\n Enabled: false\nStyle/ClassVars:\n Description: Avoid the use of class variables.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-class-vars\n Enabled: false\nStyle/CollectionMethods:\n Enabled: true\n PreferredMethods:\n find: detect\n inject: reduce\n collect: map\n find_all: select\nStyle/ColonMethodCall:\n Description: 'Do not use :: for method call.'\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#double-colons\n Enabled: false\nStyle/CommentAnnotation:\n Description: Checks formatting of special comments (TODO, FIXME, OPTIMIZE, HACK,\n REVIEW).\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#annotate-keywords\n Enabled: false\nMetrics/AbcSize:\n Description: A calculated magnitude based on number of assignments, branches, and\n conditions.\n Enabled: false\nMetrics/BlockLength:\n CountComments: true\n Max: 25\n AllowedMethods: []\n Exclude:\n - spec/**/*\n - config/environments/*.rb\nMetrics/CyclomaticComplexity:\n Description: A complexity metric that is strongly correlated to the number of test\n cases needed to validate a method.\n Enabled: false\nRails/Delegate:\n Description: Prefer delegate method for delegations.\n Enabled: false\nStyle/PreferredHashMethods:\n Description: Checks use of `has_key?` and `has_value?` Hash methods.\n StyleGuide: \"#hash-key\"\n Enabled: false\nStyle/Documentation:\n Description: Document classes and non-namespace modules.\n Enabled: false\nStyle/DoubleNegation:\n Description: Checks for uses of double negation (!!).\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-bang-bang\n Enabled: false\nStyle/EachWithObject:\n Description: Prefer `each_with_object` over `inject` or `reduce`.\n Enabled: false\nStyle/EmptyLiteral:\n Description: Prefer literals to Array.new/Hash.new/String.new.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#literal-array-hash\n Enabled: false\nStyle/Encoding:\n Enabled: false\nStyle/EvenOdd:\n Description: Favor the use of Fixnum#even? && Fixnum#odd?\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#predicate-methods\n Enabled: false\nNaming/FileName:\n Description: Use snake_case for source file names.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#snake-case-files\n Enabled: false\nStyle/FrozenStringLiteralComment:\n Description: Add the frozen_string_literal comment to the top of files to help transition\n from Ruby 2.3.0 to Ruby 3.0.\n Enabled: false\nStyle/FormatString:\n Description: Enforce the use of Kernel#sprintf, Kernel#format or String#%.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#sprintf\n Enabled: false\nStyle/GlobalVars:\n Description: Do not introduce global variables.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#instance-vars\n Reference: http://www.zenspider.com/Languages/Ruby/QuickRef.html\n Enabled: false\nStyle/GuardClause:\n Description: Check for conditionals that can be replaced with guard clauses\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals\n Enabled: false\nStyle/IfUnlessModifier:\n Description: Favor modifier if/unless usage when you have a single-line body.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#if-as-a-modifier\n Enabled: false\nStyle/IfWithSemicolon:\n Description: Do not use if x; .... Use the ternary operator instead.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-semicolon-ifs\n Enabled: false\nStyle/InlineComment:\n Description: Avoid inline comments.\n Enabled: false\nStyle/Lambda:\n Description: Use the new lambda literal syntax for single-line blocks.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#lambda-multi-line\n Enabled: false\nStyle/LambdaCall:\n Description: Use lambda.call(...) instead of lambda.(...).\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#proc-call\n Enabled: false\nStyle/LineEndConcatenation:\n Description: Use \\ instead of + or << to concatenate two string literals at line\n end.\n Enabled: false\nMetrics/MethodLength:\n Description: Avoid methods longer than 10 lines of code.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#short-methods\n Enabled: false\nStyle/ModuleFunction:\n Description: Checks for usage of `extend self` in modules.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#module-function\n Enabled: false\nStyle/MultilineBlockChain:\n Description: Avoid multi-line chains of blocks.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#single-line-blocks\n Enabled: false\nStyle/NegatedIf:\n Description: Favor unless over if for negative conditions (or control flow or).\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#unless-for-negatives\n Enabled: false\nStyle/NegatedWhile:\n Description: Favor until over while for negative conditions.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#until-for-negatives\n Enabled: false\nStyle/Next:\n Description: Use `next` to skip iteration instead of a condition at the end.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-conditionals\n Enabled: false\nStyle/NilComparison:\n Description: Prefer x.nil? to x == nil.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#predicate-methods\n Enabled: false\nStyle/Not:\n Description: Use ! instead of not.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#bang-not-not\n Enabled: false\nStyle/NumericLiterals:\n Description: Add underscores to large numeric literals to improve their readability.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#underscores-in-numerics\n Enabled: false\nStyle/OneLineConditional:\n Description: Favor the ternary operator(?:) over if/then/else/end constructs.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#ternary-operator\n Enabled: false\nNaming/BinaryOperatorParameterName:\n Description: When defining binary operators, name the argument other.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#other-arg\n Enabled: false\nMetrics/ParameterLists:\n Description: Avoid parameter lists longer than three or four parameters.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#too-many-params\n Enabled: false\nStyle/PercentLiteralDelimiters:\n Description: Use `%`-literal delimiters consistently\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#percent-literal-braces\n Enabled: false\nStyle/PerlBackrefs:\n Description: Avoid Perl-style regex back references.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-perl-regexp-last-matchers\n Enabled: false\nNaming/PredicateName:\n Description: Check the names of predicate methods.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#bool-methods-qmark\n ForbiddenPrefixes:\n - is_\n Exclude:\n - spec/**/*\nStyle/Proc:\n Description: Use proc instead of Proc.new.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#proc\n Enabled: false\nStyle/RaiseArgs:\n Description: Checks the arguments passed to raise/fail.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#exception-class-messages\n Enabled: false\nStyle/RegexpLiteral:\n Description: Use / or %r around regular expressions.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#percent-r\n Enabled: false\nStyle/SelfAssignment:\n Description: Checks for places where self-assignment shorthand should have been\n used.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#self-assignment\n Enabled: false\nStyle/SingleLineBlockParams:\n Description: Enforces the names of some block params.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#reduce-blocks\n Enabled: false\nStyle/SingleLineMethods:\n Description: Avoid single-line methods.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-single-line-methods\n Enabled: false\nStyle/SignalException:\n Description: Checks for proper usage of fail and raise.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#fail-method\n Enabled: false\nStyle/SpecialGlobalVars:\n Description: Avoid Perl-style global variables.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-cryptic-perlisms\n Enabled: false\nStyle/StringLiterals:\n Description: Checks if uses of quotes match the configured preference.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-string-literals\n EnforcedStyle: single_quotes\n Enabled: true\nStyle/TrailingCommaInArguments:\n Description: Checks for trailing comma in argument lists.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas\n EnforcedStyleForMultiline: no_comma\n SupportedStylesForMultiline:\n - comma\n - consistent_comma\n - no_comma\n Enabled: true\nStyle/TrailingCommaInArrayLiteral:\n Description: Checks for trailing comma in array literals.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas\n EnforcedStyleForMultiline: comma\n SupportedStylesForMultiline:\n - comma\n - consistent_comma\n - no_comma\n Enabled: true\nStyle/TrailingCommaInHashLiteral:\n Description: Checks for trailing comma in hash literals.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-trailing-array-commas\n EnforcedStyleForMultiline: comma\n SupportedStylesForMultiline:\n - comma\n - consistent_comma\n - no_comma\n Enabled: true\nStyle/TrivialAccessors:\n Description: Prefer attr_* methods to trivial readers/writers.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#attr_family\n Enabled: false\nStyle/VariableInterpolation:\n Description: Don't interpolate global, instance and class variables directly in\n strings.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#curlies-interpolate\n Enabled: false\nStyle/WhenThen:\n Description: Use when x then ... for one-line cases.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#one-line-cases\n Enabled: false\nStyle/WhileUntilModifier:\n Description: Favor modifier while/until usage when you have a single-line body.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#while-as-a-modifier\n Enabled: false\nStyle/WordArray:\n Description: Use %w or %W for arrays of words.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#percent-w\n Enabled: false\nLayout/ConditionPosition:\n Description: Checks for condition placed in a confusing position relative to the\n keyword.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#same-line-condition\n Enabled: false\nLayout/DotPosition:\n Description: Checks the position of the dot in multi-line method calls.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#consistent-multi-line-chains\n EnforcedStyle: trailing\nLayout/ExtraSpacing:\n Description: Do not use unnecessary spacing.\n Enabled: true\nLayout/MultilineOperationIndentation:\n Description: Checks indentation of binary operations that span more than one line.\n Enabled: true\n EnforcedStyle: indented\nLayout/MultilineMethodCallIndentation:\n Description: Checks indentation of method calls with the dot operator that span\n more than one line.\n Enabled: true\n EnforcedStyle: indented\nLayout/InitialIndentation:\n Description: Checks the indentation of the first non-blank non-comment line in a\n file.\n Enabled: false\nLint/AmbiguousOperator:\n Description: Checks for ambiguous operators in the first argument of a method invocation\n without parentheses.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#parens-as-args\n Enabled: false\nLint/AmbiguousRegexpLiteral:\n Description: Checks for ambiguous regexp literals in the first argument of a method\n invocation without parenthesis.\n Enabled: false\nLint/AssignmentInCondition:\n Description: Don't use assignment in conditions.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#safe-assignment-in-condition\n Enabled: false\nLint/CircularArgumentReference:\n Description: Don't refer to the keyword argument in the default value.\n Enabled: false\nLint/DeprecatedClassMethods:\n Description: Check for deprecated class method calls.\n Enabled: false\nLint/EachWithObjectArgument:\n Description: Check for immutable argument given to each_with_object.\n Enabled: false\nLint/ElseLayout:\n Description: Check for odd code arrangement in an else block.\n Enabled: false\nLint/FormatParameterMismatch:\n Description: The number of parameters to format/sprint must match the fields.\n Enabled: false\nLint/LiteralAsCondition:\n Description: Checks of literals used in conditions.\n Enabled: false\nLint/LiteralInInterpolation:\n Description: Checks for literals used in interpolation.\n Enabled: false\nLint/Loop:\n Description: Use Kernel#loop with break rather than begin/end/until or begin/end/while\n for post-loop tests.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#loop-with-break\n Enabled: false\nLint/NestedMethodDefinition:\n Description: Do not use nested method definitions.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-nested-methods\n Enabled: false\nLint/NonLocalExitFromIterator:\n Description: Do not use return in iterator to cause non-local exit.\n Enabled: false\nLint/ParenthesesAsGroupedExpression:\n Description: Checks for method calls with a space before the opening parenthesis.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#parens-no-spaces\n Enabled: false\nLint/RequireParentheses:\n Description: Use parentheses in the method call to avoid confusion about precedence.\n Enabled: false\nLint/UnderscorePrefixedVariableName:\n Description: Do not use prefix `_` for a variable that is used.\n Enabled: false\nLint/Void:\n Description: Possible use of operator/literal/variable in void context.\n Enabled: false\nPerformance/CaseWhenSplat:\n Description: Place `when` conditions that use splat at the end of the list of `when`\n branches.\n Enabled: false\nPerformance/Count:\n Description: Use `count` instead of `select...size`, `reject...size`, `select...count`,\n `reject...count`, `select...length`, and `reject...length`.\n Enabled: false\nPerformance/Detect:\n Description: Use `detect` instead of `select.first`, `find_all.first`, `select.last`,\n and `find_all.last`.\n Reference: https://github.com/JuanitoFatas/fast-ruby#enumerabledetect-vs-enumerableselectfirst-code\n Enabled: false\nPerformance/FlatMap:\n Description: Use `Enumerable#flat_map` instead of `Enumerable#map...Array#flatten(1)`\n or `Enumberable#collect..Array#flatten(1)`\n Reference: https://github.com/JuanitoFatas/fast-ruby#enumerablemaparrayflatten-vs-enumerableflat_map-code\n Enabled: false\nPerformance/ReverseEach:\n Description: Use `reverse_each` instead of `reverse.each`.\n Reference: https://github.com/JuanitoFatas/fast-ruby#enumerablereverseeach-vs-enumerablereverse_each-code\n Enabled: false\nPerformance/Size:\n Description: Use `size` instead of `count` for counting the number of elements in\n `Array` and `Hash`.\n Reference: https://github.com/JuanitoFatas/fast-ruby#arraycount-vs-arraysize-code\n Enabled: false\nPerformance/StringReplacement:\n Description: Use `tr` instead of `gsub` when you are replacing the same number of\n characters. Use `delete` instead of `gsub` when you are deleting characters.\n Reference: https://github.com/JuanitoFatas/fast-ruby#stringgsub-vs-stringtr-code\n Enabled: false\nRails/ActionFilter:\n Description: Enforces consistent use of action filter methods.\n Enabled: false\nRails/Date:\n Description: Checks the correct usage of date aware methods, such as Date.today,\n Date.current etc.\n Enabled: false\nRails/FindBy:\n Description: Prefer find_by over where.first.\n Enabled: false\nRails/FindEach:\n Description: Prefer all.find_each over all.find.\n Enabled: false\nRails/HasAndBelongsToMany:\n Description: Prefer has_many :through to has_and_belongs_to_many.\n Enabled: false\nRails/Output:\n Description: Checks for calls to puts, print, etc.\n Enabled: false\nRails/ReadWriteAttribute:\n Description: Checks for read_attribute(:attr) and write_attribute(:attr, val).\n Enabled: false\nRails/ScopeArgs:\n Description: Checks the arguments of ActiveRecord scopes.\n Enabled: false\nRails/TimeZone:\n Description: Checks the correct usage of time zone aware methods.\n StyleGuide: https://github.com/bbatsov/rails-style-guide#time\n Reference: http://danilenko.org/2012/7/6/rails_timezones\n Enabled: false\nRails/Validation:\n Description: Use validates :attribute, hash of validations.\n Enabled: false\nLint/FlipFlop:\n Description: Checks for flip flops\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-flip-flops\n Enabled: false\nLayout/LineLength:\n Description: Limit lines to 80 characters.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#80-character-limits\n Max: 100\nStyle/Sample:\n Description: Use `sample` instead of `shuffle.first`, `shuffle.last`, and `shuffle[Fixnum]`.\n Reference: https://github.com/JuanitoFatas/fast-ruby#arrayshufflefirst-vs-arraysample-code\n Enabled: false\nLayout/ParameterAlignment:\n Description: Here we check if the parameters on a multi-line method call or definition\n are aligned.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#no-double-indent\n Enabled: false\nLint/DuplicateHashKey:\n Description: Check for duplicate keys in hash literals.\n Enabled: false\nLint/SuppressedException:\n Description: Don't suppress exception.\n StyleGuide: https://github.com/bbatsov/ruby-style-guide#dont-hide-exceptions\n Enabled: false\nLint/RedundantCopDisableDirective:\n Description: 'Checks for rubocop:disable comments that can be removed. Note: this\n cop is not disabled when disabling all cops. It must be explicitly disabled.'\n Enabled: false\n" }, { "path": ".ruby-version", "content": "ruby-3.1.2\n" }, { "path": ".travis.yml", "content": "dist: xenial\nsudo: required\nlanguage: ruby\nrvm:\n - ruby-2.4.4\nservices:\n - redis-server\n - mysql\n\nenv:\n global:\n - GATE_SERVER_URL=gate.server/url\n - SIGN_IN_TYPE=\n - GATE_OAUTH_CLIENT_ID=totally_secret_client_id\n - GATE_OAUTH_CLIENT_SECRET=totally_secret\n - GATE_HOSTED_DOMAIN=gate.domain\n - GATE_HOSTED_DOMAINS=test1.com,test2.com\n - GATE_DB_HOST=localhost\n - GATE_DB_PORT=3306\n - GATE_DB_NAME=\n - GATE_DB_USER=root\n - GATE_DB_PASSWORD=\n - CACHE_HOST=localhost\n - CACHE_PORT=6379\n - SECRET_KEY_BASE=\n - SECRET_API_KEY=\n - GATE_CONFIG_SECRET=gate_pw_secret\n - USER_ROLES=employee,consultant\n - UID_BUFFER=5000\n - DEFAULT_HOST_PATTERN=s*\n - PRODUCT_LIST=pr1,pr2\n - SAML_APPS=datadog\n - secure: Q2/gUeT/Y6IUKsRzgiiE6HGxLcHAzTtVCv6+6TcQnpJL9+HEO06+ISwekNXHRe/2BNMiWzDG5ufqo2YpA1j9h8899KAJZRYDULbbV0o8nrpT2kZSac1ZejBVYb/SrhDk8wrnQxQ061o6SdKpFEEwbIiJDzaqeQkv4tkyw3dEOq6+FRGS/QXj3mPIIArPbNCOtwcvnmg0mGIuPAAxuRZmz4Tuk2F6JdR4LrZstf33mvUYqbTw02Kl7UoErFjGSx2Ti+JPYIVDJ6D8pNCjv5va3awJskcXE5bj0evR5+OiP69GK6T2/UbP+QKwN2J36Pb9RxBKGuEkBTNuduch+h+RMiYk0A8MDO3Sy47i2v8Oj1xTEYqsNm0scmD2utZ93/VqPipYTrxuos7gbC4mdiW3dcMzyrhgaULEJlvalKaSQV41Xex8h/V7NCRvpoYjnyuWVUMQFgGSnE25Xpt1LvP3epcxlEBA9LcndskbEHaWup8mCD2bp+2Zq10iWi/hNnR2IBrj61fApTWBSoNplJMsMZNb3bverQVFFG79Gfr320HWk+eJVahZNFwUYp9VYn17r38nMRdfP9B85hm2ZUEiokzOvEXEKoSa2QVlCNQHk4HGJmfykPn4L8kDnS6LhYV3Yxugxwsl//1iUOwv4+ARMGn/rs13BDOixWXc+GVZIvk=\n - secure: hTSsv54GMEfKuZfk5UL3cekNK4ZgEEWwTp2cbfN39ViWBbq4xtXok1jREx4QyhwkNak47ewHuY0rifxPEYkJVJfj+tA/xiGs9BOG73gNEtQYhXXN/ZodXF0Kq3pYOfcVWDDo7oMAUoohkohHK2TA+KY3mfk5sFbxbXHOlNdSn0vXDSa8MgzALoN6+w1oWkC41perODfNS4EYD3gdhwDg4x6QHrmakrt0oOP4PPMCpOWinvkzWq7lBDdhkPSze47BwGilyUDFSJnunSKip88s6DlP4gNj6YYBiT6xGTPLuR76tgEPma9rp25zGvLxH9LsluMXTNuN0L3/6FzVyv0kJgXIwQrpgreQ+B45q3mT6iNom0alyNk3fYDKU59azpH9G0rC0zflmOhW+jssgwyJN08rJN8rFkhpQreD4dgey7+UDjf7qF3rOd0kXmqBvA/3z/aF8Mla/2+EIb1DjyHwnjAcPF2E0/97Gv2eGpZR/PPrQIVN2m8vEe3ce/39c4S/l9OU0G4Dqz9HMqIBG+0qFdS24+egbjaIoOQzO/eJwG/eew4ncvaz/ES8qCDtvFNeKR+QnfxcbJysybrxDNTqt3cBGTeotIdZxIB3rYK63+s+dvzggm09vBMafoP7zyWzD0xjSES7m+Gv9V8Jlvc7h5JSWrkmAgLmgnqt7FpI7hs=\n - secure: KtmItMzRHfZEPS54hTnYXNAWsqxCZZMtmxamJPcr2SVP+pzM/25eEF3M2b0JZECFRtW3xPBGita+4BjH8IY4NljH0IDVhPPKQsMHaVKtaqEeiTCRXCqkJd0DMUDeqyRcccwPDJSy9HeZns6E+zQDCGaC/tmFwDUWy5BYpairWd7sdw436iOeTmQ2fJ8SQ9lBr9LGpk8NwDmkYqg14fnOraIhw70tiWv9Wn82mEv+OwY4iKphOv2ZXEBeJYitoT1LQmhnaVvNvax16TYIY3Mxh89Oy2gVkKCgvbR9q1NmAIiWmMTyCLWxF0bd6A6Q+dHDDaQZF0pDsQqe83rnoA0xuaJUF9dh+ahvW0bn0aVFIa8tWgiBEMXWxHEDuEyfCWFis9vf3uj1xJl0SV0ktE5oIRzaF/0cTQorAwRy0UpN1HxK1yB9aITCad/BJ9ERK8MXYnfzC65jn2zHuQMjBz9Aeig4sgLc4IgtGM2DzabsIkhYG3ygL1TYaXXSj5Mo2KDwOuaZ46C7B6qxlzcesPmSnM3KF1CBatRZQK5tjsMm5GnxXKKtqg/udGtOA2fELlNolFsojtpmO4A79TAnebRUpEsU2vP0da1x7yTD5+2NWg6dnvq7tA3c5b8qBK2cAMnCHS0gmjaN3RYeFhLYO55dHDdmx/DNyQQ1V/YEkuisy80=\n - COMMIT=${TRAVIS_COMMIT::8}\n - DOCKER_COMPOSE_VERSION=1.11.2\n\nbefore_install:\n - gem update --system\n - gem install bundler\n\nstages:\n - build, test and releases\n - name: build and publish docker\n if: (branch = master OR tag IS present) and type != pull_request\n\njobs:\n include:\n - stage: build, test and releases\n script:\n - sudo mysql_upgrade -u root\n - sudo service mysql restart\n - mysql -e 'CREATE DATABASE IF NOT EXISTS gate_test;'\n - gem install bundler\n - bundle package --all\n - bundle install --binstubs --local\n - bundle exec rake db:migrate\n - bundle exec rake spec\n - bundle exec rake assets:precompile RAILS_ENV=production\n before_deploy:\n - \"rm -rf $TRAVIS_BUILD_DIR/*.tar.gz\"\n - \"tar zcf gate-$TRAVIS_TAG.tar.gz -C $TRAVIS_BUILD_DIR ./*\"\n deploy:\n provider: releases\n skip_cleanup: true\n api_key:\n secure: VWDGnrtrECoeJBATfe71HdpvnD15IKTkHWq/cQDfo9FTrm005ngTusQpW0eim76tSTMcJ1OBLoE9aAkd4Szi00TWenNPaAWHtgodcvNXxjqyZEtznRmtZW/vSk2H+iwJxJZoPDMZqStjmmSoD0dA1t2GLGltFzeJ5Y409YeroLUsVdRcTJY0mvQYbuLt1aZCu76gY5nB01yH7ib4ykZllJQbkyX57TKBYSLoQVUQ3hqo9BLUoROknHSfFGBHjSN9D3zIqKoh0XDOuTnyMHB+zMGmjjJbHMx5Z2eW1NW1HvpqDUOPl8uRnUEoCCfujA7OUlGgdadRBeUJObzpNkpQUNLEh5zIIr9NAZzjunzYkMiMZIseTNflJ6HOajld2Bcgz3PcbzM8hcIFog5loE7CBLWEzDoOIY/B75NYuHPIzRzTbgw7jf8XdfypCNMm0RLWiCXiDmuDMcNPZT9NrrheNGFz1CDmWkwpJmUTIv8J13J2Ux9ex1NY9iSRD8rgJ+bLOfp/u1nJWjACki8zq2/vffm2oUWz/R7q23Keq5Itddpe3mJUyFjokTUZPNSAlC45rF+rgK4ka7yJb+ZZAOaq/N8iIfVkgnfviWtaPQzAWRkO8J8Wzt1GrfQpNlo2BMM6Cpy0iV9ANYqAVYerImAopMWlzQmjbtt8P+xmmYA0FIw=\n file_glob: true\n file: $TRAVIS_BUILD_DIR/*.tar.gz\n on:\n tags: true\n repo: gate-sso/gate\n - stage: build and publish docker\n install: skip\n script:\n - gem install bundler\n - bundle install\n - bundle exec rake assets:precompile RAILS_ENV=production\n - echo \"$DOCKER_PASSWORD\" | docker login -u \"$DOCKER_USERNAME\" --password-stdin\n - docker build -t gatesso/gate:latest .\n - if [ -n \"$TRAVIS_TAG\" ]; then\n docker tag gatesso/gate:latest gatesso/gate:$TRAVIS_TAG;\n fi\n - docker images\n - docker push gatesso/gate\n" }, { "path": "CHANGELOG.md", "content": "# Changelog\nAll notable changes to this project will be documented in this file.\n\nThe format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),\nand this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).\n\n## [Unreleased]\n\n## [1.1.8] - 2020-02-17\n- Securing organisations configuration page\n\n## [1.1.7] - 2020-02-24\n### Fixed\n- Fix audit trail when user removed from group\n\n## [1.1.6] - 2020-01-14\n### Changed\n- Store session to db using active record instead of using cookies\n\n## [1.1.5] - 2019-10-20\n### Changed\n- User API now also return `id`\n\n## [1.1.4] - 2019-10-05\n### Added\n- API to add user to group (POST /api/v1/groups/:group_id/users)\n\n## [1.1.3] - 2019-09-17\n### Changed\n- Update devise to version `4.7.1`.\n\n## [1.1.2] - 2019-09-17\n### Added\n- Show email of group admin on group detail\n- Show users join date to group on group detail\n\n## [1.1.1] - 2019-09-02\n### Changed\n- Update nokogiri to version `1.10.4`.\n\n## [1.1.0] - 2019-09-02\n### Fixed\n- Ensure that 'deactivated_at' on user is automatically set when we make user inactive\n### Changed\n- Improve access policy for actions on resources including profile, user, api resource, host machine, organisation\n### Added\n- Add endpoint entity to represent gate endpoint. Group will own endpoints, this mechanism will be used as an authorization for gate.\n- Add api to deactivate user in gate (PATCH /api/v1/users/:id/deactivate).\n\n## [1.0.5] - 2019-08-06\n### Fixed\n- Improve loading time when opening group and user show page\n\n## [1.0.4] - 2019-07-17\n### Fixed\n- If a user don't have any VPNs, they should still be able to click download VPN without incurring exception\n- Create missing tests for user model\n- Optimize queries when fetching sysadmins\n\n## [1.0.3] - 2019-07-16\n### Fixed\n- Fix nil pointer exception when group members response is nil\n\n## [1.0.2] - 2019-07-15\n### Fixed\n- Optimize slow queries on vpn model\n\n## [1.0.1] - 2019-07-15\n### Added\n- Add the ability to only fetch active user for `/api/v1/users/profile` API\n\n## [1.0.0] - 2019-07-15\n### Changed\n- Use dotenv instead of figaro. This is a breaking change and warrant a major version release.\n- All spiders are banned by default now in `robots.txt`\n- When admin account become inactive, the admin status will automatically revoked.\n- Admin can set expiration date on group assignment. This expiration date is optional, when not specified then it's a permanent assignment.\n\n## [0.1.0] - 2019-05-20\n### Changed\n- Gate now uses semantic versioning.\n" }, { "path": "CONTRIBUTING.md", "content": "# Contributing Guidelines\n\n## Releasing Gate\n\n> Gate uses semantic versioning, check [this page](https://semver.org/) for more details on how to bump the version number.\n\nSteps on releasing Gate.\n\n1. Bump version on [VERSION](VERSION) file.\n2. Add appropriate changelogs on [CHANGELOG.md](CHANGELOG.md) file. Please follow existing format.\n3. Tag the commit by the new version number and push it, travis will automatically build and release Gate.\n" }, { "path": "Dockerfile", "content": "FROM ruby:2.4\n\nRUN apt-get update\nRUN curl -sL https://deb.nodesource.com/setup_10.x | bash\nRUN apt-get update -qq && apt-get install -y build-essential nodejs git\n\nRUN mkdir /app\nWORKDIR /app\n\nCOPY Gemfile /app\nCOPY Gemfile.lock /app\n\nRUN gem install bundler -v '>= 2.0'\nRUN bundle install --without development\nCOPY . /app\n\nCMD [ \"bundle\", \"exec\", \"rails\", \"s\" ]\n" }, { "path": "Gemfile", "content": "source 'https://rubygems.org'\n\ngem 'rails', '7.1.3.2'\n\ngem 'activerecord-session_store'\ngem 'ansi'\ngem 'bootstrap'\ngem 'countries', require: 'countries/global'\ngem 'devise'\ngem 'dotenv-rails'\ngem 'font-awesome-rails'\ngem 'httparty'\ngem 'jbuilder'\ngem 'mysql2'\ngem 'omniauth'\ngem 'omniauth-google-oauth2'\ngem 'paranoia'\ngem 'puma'\ngem 'redis'\ngem 'rotp'\ngem 'rqrcode'\n\ngem 'sassc-rails'\n\n\n#Disabling SAML Feature during upgrade\n# #TODO ENable this feature later\n#gem 'ruby-saml', '1.8.0'\n#gem 'saml_idp', git: 'https://github.com/gate-sso/saml_idp'\ngem 'sdoc', group: :doc\n# #TODO ENable this feature later\n\ngem 'slim-rails'\ngem 'turbolinks'\ngem 'uglifier'\ngem 'whenever', require: false\n\ngroup :development, :test do\n gem 'capybara'\n gem 'coveralls'\n gem 'database_cleaner'\n gem 'dredd_hooks'\n gem 'factory_bot_rails'\n gem 'faker'\n gem 'mock_redis'\n gem 'pry'\n gem 'rails-controller-testing'\n gem 'rspec-rails'\n gem 'rubocop'\n gem 'rubocop-faker'\n gem 'rubocop-performance'\n gem 'rubocop-rails'\n gem 'rubocop-rspec'\n gem 'shoulda-matchers'\n gem 'simplecov'\n gem 'simplecov-console'\n gem 'timecop'\n gem 'webmock'\nend\n\ngroup :development do\n gem 'web-console', platform: :ruby\nend\n" }, { "path": "LICENSE", "content": "The MIT License (MIT)\n\nCopyright (c) 2016 gate-sso\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n" }, { "path": "README.md", "content": "# Gate is now Gate-WireGuard \n\n## DEPRECATED\n\n#### Please use [Gate-WireGuard](https://github.com/gate-sso/gate-wireguard)\n\nGateWireguard is based on WireGuard VPN Backend, also, it provides better security, faster speeds; it's much easier to install and run.\n\n\n## *MASTER is broken* we are migrating to Rails 7.\n\n## Ubuntu dependencies\nApart from devtools you need to install the following packages as well.\n```\n apt-get install libmysqlclient-dev\n apt-get install libyaml-dev\n```\n\n#### Please note that we are upgrading gate RAILS version, and it will have breaking changes New RAILS 7 version will not be backward compatible and will not have many features We are removing many features, just to support API TOKENS and VPN functionality\n\n#### Please use [RAILS 5 Branch](https://github.com/gate-sso/gate/tree/RAILS_5_RELEASE) for backward compatibilty\n\n> Gate now uses semantic versioning to add more visibility on breaking changes. For users, you might want to check [CHANGELOG.md](CHANGELOG.md). For contributors, check [CONTRIBUTING.md](CONTRIBUTING.md).\n\nGate is a single sign-on (SSO) platform for centralised authentication across Linux, OpenVPN and CAS.\n\nGate works by automating OpenVPN profile creation for you and also providing you with google multi-factor authentication (MFA) integration. Gate provides single MFA Token authorisation across your organisation. Following scenarios can be handled by Gate:\n\n1. Setup OpenVPN with Gate authentication.\n2. Automatically create VPN profiles for each users.\n3. Provide you with JaSig CAS Custom Authentication Handler to authenticate with Gate SSO and in turn enabling MFA for JaSig CAS.\n4. Enable Linux authentication with [pam_gate](https://github.com/gate-sso/pam_gate), which sits like a small module with Linux and allow authentication.\n5. Enable Name Service Switch (NSS) on Linux, so that Gate users can be discovered and authenticated on Linux.\n6. **Access Control on Linux** Gate also allows you to control access to specific machines, like which hosts a user can login. And that can be controlled by reg-ex pattern on host name or IP addresses. (Note: pattern * matches everything).\n\n> The entry point for self sign-in is Google mail authentication. If you don't use Google mail authentication, you can point gate to any OAuth provider and it should work.\n\n> Gate provides you with single sign-on solution plus centralised user management across your applications and services. Not only it helps in controlling users access but it also helps in making most of it automated.\n\n### Modules\n\n* [pam_gate](https://github.com/gate-sso/pam_gate) - Gate module for Linux PAM\n* [nss_gate](https://github.com/gate-sso/nss_gate) - Gate module for Linux Name Server Switch (NSS)\n* [cas_gate](https://github.com/gate-sso/cas_gate) - CAS Customer MFA authentication handler for Gate\n* open_vpn_gate - for OpenVPN setup, it is not extracted yet.\n\n## Development Setup\n\n> We are in the process of improving Gate setup process, please check back for updated instructions.\n\n### Manual Setup\n\n#### Initializing Your Application\n\n* Ensure that ruby is installed (>= 2.4) and `bundler` gem is installed.\n* Clone [Gate repository](https://github.com/gate-sso/gate)\n* Run `bundle install`\n* Run `rake app:init` to create environment file based on sample (we use dotenv to manage environment variables).\n\n#### Setting up OAuth (Optional)\n\n> If you setup Gate for development purpose and you want to avoid setting up OAuth, you can fill `SIGN_IN_TYPE` environment variable with `form`. This option will provide you with sign-in form in Gate homepage that you can fill with e-mail and name to sign-in.\n\n> Note that you still need to update `GATE_HOSTED_DOMAINS` to serve your e-mail domain.\n\nCheck [this guide](docs/oauth_setup.md) For detailed information on how to setup OAuth.\n\n#### Setting up Database and Cache\n\n* Install and setup database (mysql) and update the following values (`GATE_DB_HOST`, `GATE_DB_PORT`, `GATE_DB_USER`, `GATE_DB_PASSWORD`) on `.env`.\n* Install and setup cache (redis) and update the following values (`CACHE_DB`, `CACHE_HOST`).\n\n#### Finishing Steps\n\nTo finalize your setup you just need to run `rake app:setup`. This command will setup your database and also run inital set of tests to make sure you have a successful setup.\n\nOnce Gate is setup, sign-in with your user and you should see welcome page with VPN profile download and VPN MFA Scanning.\n\nIf you want Gate to setup VPN for you then just install OpenVPN with easy rsa. Gate should just work fine with it.\n\n> **NOTE** We will be putting more effort to automate VPN setup using Gate as well. Or you can send a pull request to help us with this.\n\n### Docker Setup\n\n* Build docker image using `docker build -t gate .`\n* Create and update `.env` file according to `.env.example` with appropriate values\n* Run the image using `docker run -p 3000:3000 --env-file=.env -it gate`\n* If you want use docker-compose run using `docker-compose up`\n\n## Additional Topics\n\n* [API Blueprint Test](docs/dredd_setup.md)\n* [Additional Setup](docs/additional_setup.md)\n* [Administration](docs/administration.md)\n* [Newrelic Integration](docs/newrelic.md)\n\n### Changelog\n\nSee [CHANGELOG.md](CHANGELOG.md)\n\n### Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md)\n\n### License\n\nMIT License, See [LICENSE](LICENSE).\n" }, { "path": "Rakefile", "content": "# Add your own tasks in files placed in lib/tasks ending in .rake,\n# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.\n\nrequire File.expand_path('../config/application', __FILE__)\n\nRails.application.load_tasks\n" }, { "path": "VERSION", "content": "1.1.8\n" }, { "path": "api_blueprint/bin/dredd_server.sh", "content": "#!/bin/bash\n# dredd_server.sh\nkill -9 $(lsof -i tcp:9865 -t)\nexport RAILS_ENV=test\nexport LOG_LEVEL=info\nrake db:drop\nrake db:setup\nbundle exec rails server --port=9865\n\n" }, { "path": "api_blueprint/group.apib", "content": "FORMAT: 1A\n\n# API Group\n\n# Group [/api/v1/groups]\n\n## Create Groups [POST]\nCreate new group\n\n+ Request(application/json)\n\n + Body\n\n {\n \"access_token\": \"token\",\n \"name\" : \"foo\"\n }\n \n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"access_token\" : {\n \"type\" : \"string\"\n }\n }\n }\n \n+ Response 200\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: application/json; charset=utf-8\n etag: W/\"5c15461069e69109955c72671ffc465d\"\n cache-control: max-age=0, private, must-revalidate\n x-request-id: 0613ec11-afd7-4dc0-9096-fee607d71c12\n x-runtime: 0.073641\n connection: close\n transfer-encoding: chunked\n\n + Body\n \n {\n \"id\": 1,\n \"name\": \"foo\"\n }\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"id\" : {\n \"type\" : \"int\"\n },\n \"name\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Request(application/json)\n\n + Body\n\n {\n \"access_token\": \"token\",\n \"name\" : \"foo\"\n }\n \n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"access_token\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 422\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: application/json; charset=utf-8\n cache-control: no-cache\n x-request-id: 30ec7a3a-4794-435b-a5b9-8ff480cd648c\n x-runtime: 0.007976\n connection: close\n transfer-encoding: chunked\n\n + Body\n\n {\n \"status\": \"group already exist\",\n \"id\": 1,\n \"name\": \"foo\"\n }\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"status\" : {\n \"type\" : \"string\"\n },\n \"id\" : {\n \"type\" : \"int\"\n },\n \"name\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Request(application/json)\n\n + Body\n\n {\n \"access_token\": \"wrong token\",\n \"name\" : \"foo\"\n }\n \n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"access_token\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 401\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: text/html\n cache-control: no-cache\n x-request-id: 30276bf6-0ce6-4ba6-b87d-7528b4f2c85d\n x-runtime: 0.002650\n connection: close\n transfer-encoding: chunked\n\n + Body\n\n# Group Users [/api/v1/groups/{group_id}/users]\n\n+ Parameters\n + group_id: 1 (required, number) - ID of the Group in form of an integer\n\n## Add user [POST]\n\n+ user_id (required, number) - ID of the User in form of an integer\n+ expiration_date (optional, date) - Membership expiration date in format (YYYY-MM-DD)\n\n+ Request (application/json)\n\n + Header\n\n Authorization: \n\n + Body\n\n {\n \"user_id\": 7,\n \"expiration_date\": \"2019-11-20\"\n }\n\n+ Response 204\n" }, { "path": "api_blueprint/hooks/dredd_hooks.rb", "content": "ENV['RAILS_ENV'] ||= 'test'\n\nrequire File.expand_path('../../config/environment', __dir__)\nrequire 'dredd_hooks/methods'\n\ninclude DreddHooks::Methods\n\nbefore_all do |_|\n user = User.create(name: 'foo', email: 'bar@test.com', admin: 1)\n access_token = AccessToken.new\n access_token.token = 'token'\n access_token.user = user\n user.access_token = access_token\n access_token.save!\n user.save!\n inactive_user = User.create(name: 'foo', email: 'foo@test2.com', active: 0, user_login_id: 'foo')\n inactive_user.save!\n active_user = User.create(name: 'foo', email: 'foo@test.com', active: 1, user_login_id: 'foo')\n active_user.save!\nend\n" }, { "path": "api_blueprint/user.apib", "content": "FORMAT: 1A\n\n# API User\n\n# User [/api/v1/users]\n\n## Create Users [POST]\nCreate new users gate\n\n+ Request(application/json)\n\n + Body\n \n {\n \"access_token\": \"token\",\n \"name\" : \"foo\",\n \"email\" : \"foo@test.com\"\n }\n\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"email\" : {\n \"type\" : \"string\"\n },\n \"access_token\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 200\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: application/json; charset=utf-8\n etag: W/\"5c15461069e69109955c72671ffc465d\"\n cache-control: max-age=0, private, must-revalidate\n x-request-id: 0613ec11-afd7-4dc0-9096-fee607d71c12\n x-runtime: 0.073641\n connection: close\n transfer-encoding: chunked\n\n + Body\n \n {\n \"status\" : \"created\"\n }\n\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"status\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n\n+ Request(application/json)\n\n + Body\n \n {\n \"access_token\": \"wrong token\",\n \"name\" : \"foo\",\n \"email\" : \"foo@test.com\"\n }\n\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"email\" : {\n \"type\" : \"string\"\n },\n \"access_token\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 401\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: text/html\n cache-control: no-cache\n x-request-id: 30276bf6-0ce6-4ba6-b87d-7528b4f2c85d\n x-runtime: 0.002650\n connection: close\n transfer-encoding: chunked\n\n + Body\n\n# User [/api/v1/users/profile/{?email,uid,username,active}]\n\n## Get Users [GET]\nGet user data with email, uid or username\n\n+ Request\n\n + Headers\n\n Authorization: token\n\n + Parameters\n\n + email (string, optional)\n + Default: bar@test.com\n + uid (string, optional)\n + username (string, optional)\n + active ((string, boolean, int), optional)\n\n+ Response 200\n\n + Body\n\n {\n \"email\": \"bar@test.com\",\n \"id\": null,\n \"uid\": null,\n \"name\": \"foo\",\n \"active\": true,\n \"admin\": true,\n \"home_dir\": null,\n \"shell\": null,\n \"public_key\": null,\n \"user_login_id\": null,\n \"product_name\": null,\n \"groups\": []\n }\n\n+ Request\n\n + Headers\n\n Authorization: token\n\n + Parameters\n\n + email (string, optional)\n + uid (string, optional)\n + username (string, optional)\n + Default: foo\n + active ((string, boolean, int), optional)\n + Default: 1\n\n+ Response 200\n\n + Body\n\n {\n \"email\": \"foo@test.com\",\n \"uid\": null,\n \"name\": \"foo\",\n \"active\": true,\n \"admin\": true,\n \"home_dir\": null,\n \"shell\": null,\n \"public_key\": null,\n \"user_login_id\": \"foo\",\n \"product_name\": null,\n \"groups\": []\n }\n \n+ Request\n\n + Headers\n\n Authorization: token\n\n + Parameters\n\n + email (string, optional)\n + Default: notfound@test.com\n + uid (string, optional)\n + username (string, optional)\n + active ((string, boolean, int), optional)\n\n+ Response 404\n\n + Body\n\n# User [/api/v1/users/profile]\n\n## Update Users [POST]\nUpdate users data with email as key \n\n+ Request(application/json)\n\n + Headers\n\n Authorization: token\n\n + Body\n \n {\n \"name\" : \"foo bar\",\n \"email\" : \"bar@test.com\"\n }\n\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"email\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 200\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: application/json; charset=utf-8\n etag: W/\"c955e57777ec0d73639dca6748560d00\"\n cache-control: max-age=0, private, must-revalidate\n x-request-id: 136874b1-39fb-4704-b548-d7670773a4bf\n x-runtime: 0.014707\n connection: close\n transfer-encoding: chunked\n\n + Body\n\n {\n \"success\": true\n } \n\n\n+ Request(application/json)\n\n + Headers\n\n Authorization: wrong-token\n\n + Body\n \n {\n \"name\" : \"foo bar\",\n \"email\" : \"bar@test.com\"\n }\n\n + Schema\n \n {\n \"type\": \"object\",\n \"properties\" : {\n \"name\" : {\n \"type\" : \"string\"\n },\n \"email\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 401\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: text/html\n cache-control: no-cache\n x-request-id: 85cb1679-58d4-41c4-9479-ce5f9c75ca7a\n x-runtime: 0.002542\n connection: close\n transfer-encoding: chunked\n" }, { "path": "api_blueprint/vpns.apib", "content": "FORMAT: 1A\n\n# API VPNS\n\n# VPNS [/api/v1/vpns]\n\n## Create VPNS [POST]\nCreate new vpns\n\n+ Request(application/json)\n\n + Headers\n \n Authorization: token\n\n + Body\n \n {\n \"id\": 1,\n \"name\": \"test-vpn\",\n \"host_name\": \"test-vpn.example.com\",\n \"ip_address\" : \"10.10.10.10\"\n }\n\n + Schema\n\n {\n \"type\": \"object\",\n \"properties\" : {\n \"id\" : {\n \"type\" : int\n },\n \"name\" : {\n \"type\" : \"string\"\n },\n \"host_name\" : {\n \"type\" : \"string\"\n },\n \"ip_address\" : {\n \"type\" : \"string\"\n }\n }\n }\n\n+ Response 200\n\n + Body\n\n {\n \"id\": 1,\n \"name\": \"test-vpn\",\n \"host_name\": \"test-vpn.example.com\",\n \"ip_address\": \"10.10.10.10\"\n }\n\n+ Request(application/json)\n\n + Headers\n \n Authorization: wrong-token\n \n + Body\n\n+ Response 401\n\n + Headers\n\n x-frame-options: SAMEORIGIN\n x-xss-protection: 1; mode=block\n x-content-type-options: nosniff\n content-type: text/html\n cache-control: no-cache\n x-request-id: 73b10aa8-6f68-400b-b723-2e992ac4d000\n x-runtime: 0.002242\n connection: close\n transfer-encoding: chunked\n" }, { "path": "app/assets/config/manifest.js", "content": "//= link application.css\n//= link apple-touch-icon-144x144-precomposed.png\n//= link apple-touch-icon-72x72-precomposed.png\n//= link apple-touch-icon-precomposed.png\n//= link favicon.ico\n//= link application.js\n" }, { "path": "app/assets/images/.keep", "content": "" }, { "path": "app/assets/javascripts/admin.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/api_resources.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n\nAPI_RESOURCE_NAME_FORMAT_ERROR_MSG = \"Please enter valid name containing only alphanumeric (a-z, A-Z, 0-9), underscore (_) and dash (-)\"\nAPI_RESOURCE_NAME_UNIQUENESS_ERROR_MSG = \"API name already taken\"\nAPI_RESOURCE_DESC_REQUIRED_ERROR_MSG = \"Please enter description\"\n\napi_resources_ready = ->\n $('#api_resource_name').on 'blur', ->\n valid = validate_pattern($('#api_resource_name'), '^[a-zA-Z0-9_-]+$', API_RESOURCE_NAME_FORMAT_ERROR_MSG)\n if valid \n validate_uniqueness($('#api_resource_name'), '/api_resources/search', API_RESOURCE_NAME_UNIQUENESS_ERROR_MSG)\n\n $('#api_resource_description').on 'blur', ->\n validate_required($('#api_resource_description'), API_RESOURCE_DESC_REQUIRED_ERROR_MSG)\n\n $('#new_api_resource').submit (event) ->\n if $('.is-invalid').length > 0\n event.preventDefault()\n event.stopPropagation()\n return\n\n$(document).on('turbolinks:load', api_resources_ready)\n" }, { "path": "app/assets/javascripts/application.js", "content": "// This is a manifest file that'll be compiled into application.js, which will include all the files\n// listed below.\n//\n// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,\n// or any plugin's vendor/assets/javascripts directory can be referenced here using a relative path.\n//\n// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the\n// compiled file.\n//\n// Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details\n// about supported directives.\n//\n// require jquery3\n// require popper\n// require bootstrap-sprockets\n// require jquery_ujs\n// require turbolinks\n// require_tree .\n" }, { "path": "app/assets/javascripts/bootstrap.js.coffee", "content": "jQuery ->\n $(\"a[rel~=popover], .has-popover\").popover()\n $(\"a[rel~=tooltip], .has-tooltip\").tooltip()\n" }, { "path": "app/assets/javascripts/group.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n\ngroup_ready = ->\n $('#assign_admin_include_inactive_user').prop('checked', false);\n $('#assign_admin_user_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name_email'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
' + escape(item.email) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Clear the cache, because user list may change\n this.clearOptions()\n include_inactive = $('#assign_admin_include_inactive_user').is(':checked')\n\n # Use remote as source\n $.ajax\n url: '/users/search?q=' + encodeURIComponent(query) + '&include_inactive=' + include_inactive\n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#assign_admin_user_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n $('#add_user_include_inactive_user').prop('checked', false);\n $('#add_user_user_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name_email'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
' + escape(item.email) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Clear the cache, because user list may change\n this.clearOptions()\n include_inactive = $('#add_user_include_inactive_user').is(':checked')\n\n # Use remote as source\n $.ajax\n url: '/users/search?q=' + encodeURIComponent(query) + '&include_inactive=' + include_inactive\n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#add_user_user_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n $('#add_vpn_vpn_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Use remote as source\n $.ajax\n url: '/vpns/search?q=' + encodeURIComponent(query) \n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#add_vpn_vpn_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n $('#add_machine_machine_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Use remote as source\n $.ajax\n url: '/host_machines/search?q=' + encodeURIComponent(query) \n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#add_machine_machine_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n$(document).on('turbolinks:load', group_ready)\n" }, { "path": "app/assets/javascripts/groups.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/home.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/host_access_groups.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/host_machine_groups.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/host_machines.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n\nhost_machines_ready = ->\n $('#group_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Use remote as source\n $.ajax\n url: '/groups/search?q=' + encodeURIComponent(query) \n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#group_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n$(document).on('turbolinks:load', host_machines_ready)\n" }, { "path": "app/assets/javascripts/nss.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/omniauth_callbacks.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/profile.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n" }, { "path": "app/assets/javascripts/users.coffee", "content": "# Place all the behaviors and hooks related to the matching controller here.\n# All this logic will automatically be available in application.js.\n# You can use CoffeeScript in this file: http://coffeescript.org/\n\nusers_ready = ->\n $('#group_id').selectize\n maxItems: 1\n valueField: 'id'\n labelField: 'name'\n searchField: 'name'\n create: false\n render: option: (item, escape) ->\n '
' + escape(item.name) + '
'\n load: (query, callback) ->\n if !query.length\n return callback()\n\n # Use remote as source\n $.ajax\n url: '/groups/search?q=' + encodeURIComponent(query) \n type: 'GET'\n error: ->\n callback()\n return\n success: (res) ->\n callback res\n return\n return\n\n $('#group_id').on 'change', ->\n set_allow_submit($(this).val(), $(this))\n\n$(document).on('turbolinks:load', users_ready)\n" }, { "path": "app/assets/javascripts/utilities.coffee", "content": "# Utility functions\n\n@append_error_msg = (elem, res, msg) ->\n if !res\n elem.addClass('is-invalid')\n elem.next('.invalid-feedback').html(msg)\n else\n elem.removeClass('is-invalid')\n elem.next('.invalid-feedback').html('')\n\n@validate_required = (elem, msg) ->\n input = elem.val()\n append_error_msg(elem, input, msg)\n return !!input\n\n@validate_pattern = (elem, pattern, msg) ->\n input = elem.val()\n regex = new RegExp(pattern)\n validate_regex = regex.test(input)\n append_error_msg(elem, validate_regex, msg)\n return !!validate_regex\n\n@validate_uniqueness = (elem, check_url, msg) ->\n input = elem.val()\n $.ajax\n url: check_url + '?q=' + encodeURIComponent(input) + '&exact=true'\n type: 'GET'\n error: ->\n return\n success: (res) ->\n append_error_msg(elem, $.isEmptyObject(res), msg)\n return\n\n@set_allow_submit = (cond, elem) ->\n curSubmit = $(\"input[type=submit]\", $(elem).parents('form'))\n if !!cond\n curSubmit.prop(\"disabled\", false)\n else\n curSubmit.prop('disabled', true)\n return\n" }, { "path": "app/assets/javascripts/viewport.js", "content": "/*!\n * IE10 viewport hack for Surface/desktop Windows 8 bug\n * Copyright 2014-2015 Twitter, Inc.\n * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE)\n */\n\n// See the Getting Started docs for more information:\n// http://getbootstrap.com/getting-started/#support-ie10-width\n\n(function () {\n 'use strict';\n\n if (navigator.userAgent.match(/IEMobile\\/10\\.0/)) {\n var msViewportStyle = document.createElement('style')\n msViewportStyle.appendChild(\n document.createTextNode(\n '@-ms-viewport{width:auto!important}'\n )\n )\n document.querySelector('head').appendChild(msViewportStyle)\n }\n\n})();\n" }, { "path": "app/assets/stylesheets/application.scss", "content": "/*\n * This is a manifest file that'll be compiled into application.css, which will include all the files\n * listed below.\n *\n * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,\n * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.\n *\n * You're free to add application-wide styles to this file and they'll appear at the bottom of the\n * compiled file so the styles you add here take precedence over styles defined in any styles\n * defined in the other CSS/SCSS files in this directory. It is generally better to create a new\n * file per style scope.\n *\n *= require_tree .\n *= require_self\n *= stub 'profile'\n *= stub 'general'\n */\n\n\n@import url(https://fonts.googleapis.com/css?family=Roboto:300);\n@import url(https://fonts.googleapis.com/css?family=Lato:300);\n@import \"bootstrap\";\n@import \"font-awesome\";\n\n/*\n * https://github.com/ladjs/bootstrap-social\n */\n@import \"bootstrap-social\";\na.btn { color: white!important; }\n.form-group .field_with_errors { display: block; background: none; }\n.form-group .field_with_errors label::after { content: ' *'; color: red; }\nbody {\n font-family: 'Roboto', 'Lato', sans-serif;\n}\n\n.container-profile {\n max-width: 768px;\n min-width: 768px;\n}\n\na:visited {\n color: blue;\n}\n/* mouse over link */\na:hover {\n color: blue;\n background: none;\n}\n.table-responsive { overflow-x: inherit; }\n\n#configAppTabsContent .tab-pane { padding-top: 20px; }\n#configAppTabsContent ol li { margin-top: 10px; }\n#configAppTabsContent li > ol { margin-bottom: 10px; }\n" }, { "path": "app/assets/stylesheets/bootstrap-social.scss", "content": "/*\n * Social Buttons for Bootstrap\n *\n * Copyright 2013-2016 Panayiotis Lipiridis\n * Licensed under the MIT License\n *\n * https://github.com/lipis/bootstrap-social\n */\n.btn-social, .btn-social-icon {\n position: relative;\n padding-left: 3.5rem;\n text-align: left;\n white-space: nowrap;\n overflow: hidden;\n text-overflow: ellipsis; }\n .btn-social > :first-child, .btn-social-icon > :first-child {\n position: absolute;\n left: 0;\n top: 0;\n bottom: 0;\n width: 3rem;\n line-height: 5rem;\n font-size: 1.6em;\n text-align: center;\n border-right: 1px solid rgba(0, 0, 0, 0.2); }\n .btn-social.btn-lg, .btn-lg.btn-social-icon {\n padding-left: 4.75rem; }\n .btn-social.btn-lg > :first-child, .btn-lg.btn-social-icon > :first-child {\n line-height: 4rem;\n width: 4rem;\n font-size: 1.8em; }\n .btn-social.btn-sm, .btn-sm.btn-social-icon {\n padding-left: 2.25rem; }\n .btn-social.btn-sm > :first-child, .btn-sm.btn-social-icon > :first-child {\n line-height: 2rem;\n width: 2rem;\n font-size: 1.4em; }\n .btn-social.btn-xs, .btn-xs.btn-social-icon {\n padding-left: 2.25rem; }\n .btn-social.btn-xs > :first-child, .btn-xs.btn-social-icon > :first-child {\n line-height: 2rem;\n width: 2rem;\n font-size: 1.2em; }\n\n.btn-social > :first-child, .btn-social-icon > :first-child {\n line-height: 1.25 !important;\n padding-top: 0.5rem !important;\n padding-bottom: 0.5rem !important;\n font-size: inherit !important; }\n.btn-social.btn-lg > :first-child, .btn-lg.btn-social-icon > :first-child {\n line-height: 1.25 !important;\n padding-top: 0.75rem !important;\n padding-bottom: 0.75rem !important;\n font-size: inherit !important; }\n\n.btn-social-icon {\n height: 3rem;\n width: 3rem;\n padding: 0; }\n .btn-social-icon > :first-child {\n border: none;\n text-align: center;\n width: 100% !important; }\n .btn-social-icon.btn-lg {\n height: 4rem;\n width: 4rem;\n padding-left: 0;\n padding-right: 0; }\n .btn-social-icon.btn-sm {\n height: 2rem;\n width: 2rem;\n padding-left: 0;\n padding-right: 0; }\n .btn-social-icon.btn-xs {\n height: 2rem;\n width: 2rem;\n padding-left: 0;\n padding-right: 0; }\n\n.btn-adn {\n color: #fff;\n background-color: #d87a68;\n border-color: #d87a68; }\n .btn-adn:hover {\n color: #fff;\n background-color: #d05f4a;\n border-color: #ce563f; }\n .btn-adn:focus, .btn-adn.focus {\n box-shadow: 0 0 0 3px rgba(216, 122, 104, 0.5); }\n .btn-adn.disabled, .btn-adn:disabled {\n background-color: #d87a68;\n border-color: #d87a68; }\n .btn-adn:active, .btn-adn.active, .show > .btn-adn.dropdown-toggle {\n background-color: #d05f4a;\n background-image: none;\n border-color: #ce563f; }\n\n.btn-bitbucket {\n color: #fff;\n background-color: #205081;\n border-color: #205081; }\n .btn-bitbucket:hover {\n color: #fff;\n background-color: #183d62;\n border-color: #163758; }\n .btn-bitbucket:focus, .btn-bitbucket.focus {\n box-shadow: 0 0 0 3px rgba(32, 80, 129, 0.5); }\n .btn-bitbucket.disabled, .btn-bitbucket:disabled {\n background-color: #205081;\n border-color: #205081; }\n .btn-bitbucket:active, .btn-bitbucket.active, .show > .btn-bitbucket.dropdown-toggle {\n background-color: #183d62;\n background-image: none;\n border-color: #163758; }\n\n.btn-dropbox {\n color: #fff;\n background-color: #1087dd;\n border-color: #1087dd; }\n .btn-dropbox:hover {\n color: #fff;\n background-color: #0d71b9;\n border-color: #0d6aad; }\n .btn-dropbox:focus, .btn-dropbox.focus {\n box-shadow: 0 0 0 3px rgba(16, 135, 221, 0.5); }\n .btn-dropbox.disabled, .btn-dropbox:disabled {\n background-color: #1087dd;\n border-color: #1087dd; }\n .btn-dropbox:active, .btn-dropbox.active, .show > .btn-dropbox.dropdown-toggle {\n background-color: #0d71b9;\n background-image: none;\n border-color: #0d6aad; }\n\n.btn-facebook {\n color: #fff;\n background-color: #3b5998;\n border-color: #3b5998; }\n .btn-facebook:hover {\n color: #fff;\n background-color: #30497c;\n border-color: #2d4373; }\n .btn-facebook:focus, .btn-facebook.focus {\n box-shadow: 0 0 0 3px rgba(59, 89, 152, 0.5); }\n .btn-facebook.disabled, .btn-facebook:disabled {\n background-color: #3b5998;\n border-color: #3b5998; }\n .btn-facebook:active, .btn-facebook.active, .show > .btn-facebook.dropdown-toggle {\n background-color: #30497c;\n background-image: none;\n border-color: #2d4373; }\n\n.btn-flickr {\n color: #fff;\n background-color: #ff0084;\n border-color: #ff0084; }\n .btn-flickr:hover {\n color: #fff;\n background-color: #d90070;\n border-color: #cc006a; }\n .btn-flickr:focus, .btn-flickr.focus {\n box-shadow: 0 0 0 3px rgba(255, 0, 132, 0.5); }\n .btn-flickr.disabled, .btn-flickr:disabled {\n background-color: #ff0084;\n border-color: #ff0084; }\n .btn-flickr:active, .btn-flickr.active, .show > .btn-flickr.dropdown-toggle {\n background-color: #d90070;\n background-image: none;\n border-color: #cc006a; }\n\n.btn-foursquare {\n color: #fff;\n background-color: #f94877;\n border-color: #f94877; }\n .btn-foursquare:hover {\n color: #fff;\n background-color: #f8235b;\n border-color: #f71752; }\n .btn-foursquare:focus, .btn-foursquare.focus {\n box-shadow: 0 0 0 3px rgba(249, 72, 119, 0.5); }\n .btn-foursquare.disabled, .btn-foursquare:disabled {\n background-color: #f94877;\n border-color: #f94877; }\n .btn-foursquare:active, .btn-foursquare.active, .show > .btn-foursquare.dropdown-toggle {\n background-color: #f8235b;\n background-image: none;\n border-color: #f71752; }\n\n.btn-github {\n color: #fff;\n background-color: #444444;\n border-color: #444444; }\n .btn-github:hover {\n color: #fff;\n background-color: #313131;\n border-color: #2b2b2b; }\n .btn-github:focus, .btn-github.focus {\n box-shadow: 0 0 0 3px rgba(68, 68, 68, 0.5); }\n .btn-github.disabled, .btn-github:disabled {\n background-color: #444444;\n border-color: #444444; }\n .btn-github:active, .btn-github.active, .show > .btn-github.dropdown-toggle {\n background-color: #313131;\n background-image: none;\n border-color: #2b2b2b; }\n\n.btn-google {\n color: #fff;\n background-color: #dd4b39;\n border-color: #dd4b39; }\n .btn-google:hover {\n color: #fff;\n background-color: #cd3623;\n border-color: #c23321; }\n .btn-google:focus, .btn-google.focus {\n box-shadow: 0 0 0 3px rgba(221, 75, 57, 0.5); }\n .btn-google.disabled, .btn-google:disabled {\n background-color: #dd4b39;\n border-color: #dd4b39; }\n .btn-google:active, .btn-google.active, .show > .btn-google.dropdown-toggle {\n background-color: #cd3623;\n background-image: none;\n border-color: #c23321; }\n\n.btn-instagram {\n color: #fff;\n background-color: #3f729b;\n border-color: #3f729b; }\n .btn-instagram:hover {\n color: #fff;\n background-color: #345e80;\n border-color: #305777; }\n .btn-instagram:focus, .btn-instagram.focus {\n box-shadow: 0 0 0 3px rgba(63, 114, 155, 0.5); }\n .btn-instagram.disabled, .btn-instagram:disabled {\n background-color: #3f729b;\n border-color: #3f729b; }\n .btn-instagram:active, .btn-instagram.active, .show > .btn-instagram.dropdown-toggle {\n background-color: #345e80;\n background-image: none;\n border-color: #305777; }\n\n.btn-linkedin {\n color: #fff;\n background-color: #007bb6;\n border-color: #007bb6; }\n .btn-linkedin:hover {\n color: #fff;\n background-color: #006190;\n border-color: #005983; }\n .btn-linkedin:focus, .btn-linkedin.focus {\n box-shadow: 0 0 0 3px rgba(0, 123, 182, 0.5); }\n .btn-linkedin.disabled, .btn-linkedin:disabled {\n background-color: #007bb6;\n border-color: #007bb6; }\n .btn-linkedin:active, .btn-linkedin.active, .show > .btn-linkedin.dropdown-toggle {\n background-color: #006190;\n background-image: none;\n border-color: #005983; }\n\n.btn-microsoft {\n color: #fff;\n background-color: #2672ec;\n border-color: #2672ec; }\n .btn-microsoft:hover {\n color: #fff;\n background-color: #135fd9;\n border-color: #125acd; }\n .btn-microsoft:focus, .btn-microsoft.focus {\n box-shadow: 0 0 0 3px rgba(38, 114, 236, 0.5); }\n .btn-microsoft.disabled, .btn-microsoft:disabled {\n background-color: #2672ec;\n border-color: #2672ec; }\n .btn-microsoft:active, .btn-microsoft.active, .show > .btn-microsoft.dropdown-toggle {\n background-color: #135fd9;\n background-image: none;\n border-color: #125acd; }\n\n.btn-odnoklassniki {\n color: #fff;\n background-color: #f4731c;\n border-color: #f4731c; }\n .btn-odnoklassniki:hover {\n color: #fff;\n background-color: #df600b;\n border-color: #d35b0a; }\n .btn-odnoklassniki:focus, .btn-odnoklassniki.focus {\n box-shadow: 0 0 0 3px rgba(244, 115, 28, 0.5); }\n .btn-odnoklassniki.disabled, .btn-odnoklassniki:disabled {\n background-color: #f4731c;\n border-color: #f4731c; }\n .btn-odnoklassniki:active, .btn-odnoklassniki.active, .show > .btn-odnoklassniki.dropdown-toggle {\n background-color: #df600b;\n background-image: none;\n border-color: #d35b0a; }\n\n.btn-openid {\n color: #111;\n background-color: #f7931e;\n border-color: #f7931e; }\n .btn-openid:hover {\n color: #111;\n background-color: #e78008;\n border-color: #da7908; }\n .btn-openid:focus, .btn-openid.focus {\n box-shadow: 0 0 0 3px rgba(247, 147, 30, 0.5); }\n .btn-openid.disabled, .btn-openid:disabled {\n background-color: #f7931e;\n border-color: #f7931e; }\n .btn-openid:active, .btn-openid.active, .show > .btn-openid.dropdown-toggle {\n background-color: #e78008;\n background-image: none;\n border-color: #da7908; }\n\n.btn-pinterest {\n color: #fff;\n background-color: #cb2027;\n border-color: #cb2027; }\n .btn-pinterest:hover {\n color: #fff;\n background-color: #aa1b21;\n border-color: #9f191f; }\n .btn-pinterest:focus, .btn-pinterest.focus {\n box-shadow: 0 0 0 3px rgba(203, 32, 39, 0.5); }\n .btn-pinterest.disabled, .btn-pinterest:disabled {\n background-color: #cb2027;\n border-color: #cb2027; }\n .btn-pinterest:active, .btn-pinterest.active, .show > .btn-pinterest.dropdown-toggle {\n background-color: #aa1b21;\n background-image: none;\n border-color: #9f191f; }\n\n.btn-reddit {\n color: #111;\n background-color: #eff7ff;\n border-color: #eff7ff; }\n .btn-reddit:hover {\n color: #111;\n background-color: #c9e4ff;\n border-color: #bcdeff; }\n .btn-reddit:focus, .btn-reddit.focus {\n box-shadow: 0 0 0 3px rgba(239, 247, 255, 0.5); }\n .btn-reddit.disabled, .btn-reddit:disabled {\n background-color: #eff7ff;\n border-color: #eff7ff; }\n .btn-reddit:active, .btn-reddit.active, .show > .btn-reddit.dropdown-toggle {\n background-color: #c9e4ff;\n background-image: none;\n border-color: #bcdeff; }\n\n.btn-soundcloud {\n color: #fff;\n background-color: #ff5500;\n border-color: #ff5500; }\n .btn-soundcloud:hover {\n color: #fff;\n background-color: #d94800;\n border-color: #cc4400; }\n .btn-soundcloud:focus, .btn-soundcloud.focus {\n box-shadow: 0 0 0 3px rgba(255, 85, 0, 0.5); }\n .btn-soundcloud.disabled, .btn-soundcloud:disabled {\n background-color: #ff5500;\n border-color: #ff5500; }\n .btn-soundcloud:active, .btn-soundcloud.active, .show > .btn-soundcloud.dropdown-toggle {\n background-color: #d94800;\n background-image: none;\n border-color: #cc4400; }\n\n.btn-tumblr {\n color: #fff;\n background-color: #2c4762;\n border-color: #2c4762; }\n .btn-tumblr:hover {\n color: #fff;\n background-color: #203448;\n border-color: #1c2e3f; }\n .btn-tumblr:focus, .btn-tumblr.focus {\n box-shadow: 0 0 0 3px rgba(44, 71, 98, 0.5); }\n .btn-tumblr.disabled, .btn-tumblr:disabled {\n background-color: #2c4762;\n border-color: #2c4762; }\n .btn-tumblr:active, .btn-tumblr.active, .show > .btn-tumblr.dropdown-toggle {\n background-color: #203448;\n background-image: none;\n border-color: #1c2e3f; }\n\n.btn-twitter {\n color: #fff;\n color: #fff;\n background-color: #1DA1F2;\n border-color: #1DA1F2; }\n .btn-twitter:hover {\n color: #fff;\n background-color: #0d8ddc;\n border-color: #0c85d0; }\n .btn-twitter:focus, .btn-twitter.focus {\n box-shadow: 0 0 0 3px rgba(29, 161, 242, 0.5); }\n .btn-twitter.disabled, .btn-twitter:disabled {\n background-color: #1DA1F2;\n border-color: #1DA1F2; }\n .btn-twitter:active, .btn-twitter.active, .show > .btn-twitter.dropdown-toggle {\n background-color: #0d8ddc;\n background-image: none;\n border-color: #0c85d0; }\n\n.btn-vimeo {\n color: #fff;\n background-color: #1ab7ea;\n border-color: #1ab7ea; }\n .btn-vimeo:hover {\n color: #fff;\n background-color: #139ecb;\n border-color: #1295bf; }\n .btn-vimeo:focus, .btn-vimeo.focus {\n box-shadow: 0 0 0 3px rgba(26, 183, 234, 0.5); }\n .btn-vimeo.disabled, .btn-vimeo:disabled {\n background-color: #1ab7ea;\n border-color: #1ab7ea; }\n .btn-vimeo:active, .btn-vimeo.active, .show > .btn-vimeo.dropdown-toggle {\n background-color: #139ecb;\n background-image: none;\n border-color: #1295bf; }\n\n.btn-vk {\n color: #fff;\n background-color: #587ea3;\n border-color: #587ea3; }\n .btn-vk:hover {\n color: #fff;\n background-color: #4b6b8a;\n border-color: #466482; }\n .btn-vk:focus, .btn-vk.focus {\n box-shadow: 0 0 0 3px rgba(88, 126, 163, 0.5); }\n .btn-vk.disabled, .btn-vk:disabled {\n background-color: #587ea3;\n border-color: #587ea3; }\n .btn-vk:active, .btn-vk.active, .show > .btn-vk.dropdown-toggle {\n background-color: #4b6b8a;\n background-image: none;\n border-color: #466482; }\n\n.btn-yahoo {\n color: #fff;\n background-color: #720e9e;\n border-color: #720e9e; }\n .btn-yahoo:hover {\n color: #fff;\n background-color: #590b7b;\n border-color: #500a6f; }\n .btn-yahoo:focus, .btn-yahoo.focus {\n box-shadow: 0 0 0 3px rgba(114, 14, 158, 0.5); }\n .btn-yahoo.disabled, .btn-yahoo:disabled {\n background-color: #720e9e;\n border-color: #720e9e; }\n .btn-yahoo:active, .btn-yahoo.active, .show > .btn-yahoo.dropdown-toggle {\n background-color: #590b7b;\n background-image: none;\n border-color: #500a6f; }\n\n.btn-stripe {\n color: #fff;\n background-color: #1275FF;\n border-color: #1275FF; }\n .btn-stripe:hover {\n color: #fff;\n background-color: #0062eb;\n border-color: #005dde; }\n .btn-stripe:focus, .btn-stripe.focus {\n box-shadow: 0 0 0 3px rgba(18, 117, 255, 0.5); }\n .btn-stripe.disabled, .btn-stripe:disabled {\n background-color: #1275FF;\n border-color: #1275FF; }\n .btn-stripe:active, .btn-stripe.active, .show > .btn-stripe.dropdown-toggle {\n background-color: #0062eb;\n background-image: none;\n border-color: #005dde; }\n\n.btn-amazon {\n color: #232F3E;\n color: #111;\n background-color: #FF9900;\n border-color: #FF9900; }\n .btn-amazon:hover {\n color: #111;\n background-color: #d98200;\n border-color: #cc7a00; }\n .btn-amazon:focus, .btn-amazon.focus {\n box-shadow: 0 0 0 3px rgba(255, 153, 0, 0.5); }\n .btn-amazon.disabled, .btn-amazon:disabled {\n background-color: #FF9900;\n border-color: #FF9900; }\n .btn-amazon:active, .btn-amazon.active, .show > .btn-amazon.dropdown-toggle {\n background-color: #d98200;\n background-image: none;\n border-color: #cc7a00; }\n\n.btn-patreon {\n color: #052D49;\n color: #fff;\n background-color: #F96854;\n border-color: #F96854; }\n .btn-patreon:hover {\n color: #fff;\n background-color: #f8472f;\n border-color: #f73c23; }\n .btn-patreon:focus, .btn-patreon.focus {\n box-shadow: 0 0 0 3px rgba(249, 104, 84, 0.5); }\n .btn-patreon.disabled, .btn-patreon:disabled {\n background-color: #F96854;\n border-color: #F96854; }\n .btn-patreon:active, .btn-patreon.active, .show > .btn-patreon.dropdown-toggle {\n background-color: #f8472f;\n background-image: none;\n border-color: #f73c23; }\n\n.btn-untappd {\n color: #111;\n background-color: #ffc000;\n border-color: #ffc000; }\n .btn-untappd:hover {\n color: #111;\n background-color: #d9a300;\n border-color: #cc9a00; }\n .btn-untappd:focus, .btn-untappd.focus {\n box-shadow: 0 0 0 3px rgba(255, 192, 0, 0.5); }\n .btn-untappd.disabled, .btn-untappd:disabled {\n background-color: #ffc000;\n border-color: #ffc000; }\n .btn-untappd:active, .btn-untappd.active, .show > .btn-untappd.dropdown-toggle {\n background-color: #d9a300;\n background-image: none;\n border-color: #cc9a00; }\n\n.btn-gitlab {\n color: #fff;\n background-color: #de7e00;\n border-color: #de7e00; }\n .btn-gitlab:hover {\n color: #fff;\n background-color: #b86800;\n border-color: #ab6100; }\n .btn-gitlab:focus, .btn-gitlab.focus {\n box-shadow: 0 0 0 3px rgba(222, 126, 0, 0.5); }\n .btn-gitlab.disabled, .btn-gitlab:disabled {\n background-color: #de7e00;\n border-color: #de7e00; }\n .btn-gitlab:active, .btn-gitlab.active, .show > .btn-gitlab.dropdown-toggle {\n background-color: #b86800;\n background-image: none;\n border-color: #ab6100; }\n\n.btn-whatsapp {\n color: #fff;\n color: #fff;\n background-color: #25D366;\n border-color: #25D366; }\n .btn-whatsapp:hover {\n color: #fff;\n background-color: #1fb256;\n border-color: #1da851; }\n .btn-whatsapp:focus, .btn-whatsapp.focus {\n box-shadow: 0 0 0 3px rgba(37, 211, 102, 0.5); }\n .btn-whatsapp.disabled, .btn-whatsapp:disabled {\n background-color: #25D366;\n border-color: #25D366; }\n .btn-whatsapp:active, .btn-whatsapp.active, .show > .btn-whatsapp.dropdown-toggle {\n background-color: #1fb256;\n background-image: none;\n border-color: #1da851; }\n\n/*# sourceMappingURL=bootstrap-social.css.map */\n" }, { "path": "app/assets/stylesheets/general.css", "content": "body {\n padding-top: 70px;\n}\n" }, { "path": "app/assets/stylesheets/home.scss.erb", "content": "// Place all the styles related to the Home controller here.\n// They will automatically be included in application.css.\n// You can use Sass (SCSS) here: http://sass-lang.com/\n\n:root {\n --input-padding-x: .75rem;\n --input-padding-y: .75rem;\n}\n\nhtml,\nbody {\n height: 100%;\n}\n@import url(https://fonts.googleapis.com/css?family=Roboto:300);\n@import url(https://fonts.googleapis.com/css?family=Lato:300);\n\n.home {\n display: -ms-flexbox;\n display: -webkit-box;\n display: flex;\n -ms-flex-align: center;\n -ms-flex-pack: center;\n -webkit-box-align: center;\n align-items: center;\n -webkit-box-pack: center;\n justify-content: center;\n padding-top: 40px;\n padding-bottom: 40px;\n font-family: 'Roboto', sans-serif;\n font-size: 16px;\n font-weight: 300;\n color: white;\n line-height: 30px;\n text-align: center;\n background-image: image-url('bg.jpeg');\n background-size: cover;\n background-repeat: no-repeat;\n background-color: #444444;\n background-position: 50%;\n}\n\n.form-signin {\n width: 100%;\n max-width: 420px;\n padding: 15px;\n margin: 0 auto;\n}\n\n.token-qr table {\n border-width: 0;\n border-style: none;\n border-color: #0000ff;\n border-collapse: collapse;\n}\n\n.token-qr td {\n border-left: solid 5px #000;\n padding: 0; \n margin: 0; \n width: 0px; \n height: 5px; \n}\n\n.token-qr td.black { border-color: #000; }\n.token-qr td.white { border-color: #fff; }\n\n" }, { "path": "app/assets/stylesheets/profile.css", "content": "/* Everything but the jumbotron gets side spacing for mobile first views */\n\n.container-profile {\n max-width: 730px;\n min-width: 768px;\n}\n" }, { "path": "app/assets/stylesheets/scaffolds.scss", "content": "body {\n background-color: #fff;\n color: #333;\n font-family: verdana, arial, helvetica, sans-serif;\n font-size: 13px;\n line-height: 18px;\n}\n\np, ol, ul, td {\n font-family: verdana, arial, helvetica, sans-serif;\n font-size: 13px;\n line-height: 18px;\n}\n\npre {\n background-color: #eee;\n padding: 10px;\n font-size: 11px;\n}\n\na {\n color: #000;\n\n &:visited {\n color: #666;\n }\n\n &:hover {\n color: #fff;\n background-color: #000;\n }\n}\n\ndiv {\n &.field, &.actions {\n margin-bottom: 10px;\n }\n}\n\n#notice {\n color: green;\n}\n\n.field_with_errors {\n padding: 2px;\n background-color: red;\n display: table;\n}\n\n#error_explanation {\n width: 450px;\n border: 2px solid red;\n padding: 7px;\n padding-bottom: 0;\n margin-bottom: 20px;\n background-color: #f0f0f0;\n\n h2 {\n text-align: left;\n font-weight: bold;\n padding: 5px 5px 5px 15px;\n font-size: 12px;\n margin: -7px;\n margin-bottom: 0px;\n background-color: #c00;\n color: #fff;\n }\n\n ul li {\n font-size: 12px;\n list-style: square;\n }\n}\n" }, { "path": "app/clients/data_dog_client.rb", "content": "class DataDogClient\n include HTTParty\n base_uri 'https://api.datadoghq.com/api/v1'\n\n def initialize(app_key, api_key)\n @base_path = 'https://api.datadoghq.com/api/v1'\n @app_key = app_key\n @api_key = api_key\n @headers = {\n 'Content-Type' => 'application/json',\n 'Accept' => 'application/json',\n }\n end\n\n def get_user(email)\n url = append_auth(\"/user/#{email}\")\n response = self.class.get(url, headers: @headers)\n if response.success?\n JSON.parse(response.body)['user']\n else\n {}\n end\n end\n\n def new_user(email)\n url = append_auth('/user')\n response = self.class.post(url, body: { handle: email }.to_json, headers: @headers)\n if response.success?\n JSON.parse(response.body)['user']\n else\n {}\n end\n end\n\n def activate_user(email)\n url = append_auth(\"/user/#{email}\")\n response = self.class.put(url, body: { email: email, disabled: false }.to_json, headers: @headers)\n if response.success?\n JSON.parse(response.body)['user']\n else\n {}\n end\n end\n\n def deactivate_user(email)\n url = append_auth(\"/user/#{email}\")\n response = self.class.put(url, body: { email: email, disabled: true }.to_json, headers: @headers)\n if response.success?\n JSON.parse(response.body)['user']\n else\n {}\n end\n end\n\n private\n\n def append_auth(str)\n auth_str = \"api_key=#{@api_key}&application_key=#{@app_key}\"\n str += str.include?('?') ? \"&#{auth_str}\" : \"?#{auth_str}\"\n str\n end\nend\n" }, { "path": "app/controllers/admin_controller.rb", "content": "class AdminController < ApplicationController\n def index; end\nend\n" }, { "path": "app/controllers/api/v1/base_controller.rb", "content": "class ::Api::V1::BaseController < ActionController::Base\n protect_from_forgery with: :null_session\n before_action :authenticate_user_from_token!\n\n def authenticate_user_from_token!\n if get_token.nil? || !AccessToken.valid_token(get_token)\n raise_unauthorized\n end\n end\n\n protected\n\n def current_user\n access_token = AccessToken.find_token(get_token)\n access_token.user\n end\n\n private\n\n def get_token\n if params.key?(:access_token)\n params[:access_token]\n elsif params.key?(:token)\n params[:token]\n elsif request.headers.key?(:Authorization)\n request.headers[:Authorization].split(' ').last\n end\n end\n\n def raise_unauthorized\n head :unauthorized\n end\nend\n" }, { "path": "app/controllers/api/v1/endpoints_controller.rb", "content": "class ::Api::V1::EndpointsController < ::Api::V1::BaseController\n before_action :authorize_user\n\n def create\n endpoint = Endpoint.new(endpoint_param)\n if endpoint.save\n render json: {\n id: endpoint.id,\n path: endpoint.path,\n method: endpoint.method,\n }\n else\n render json: { status: endpoint.errors }, status: :unprocessable_entity\n end\n end\n\n def add_group\n endpoint = Endpoint.find_by(id: params[:id])\n if endpoint.nil?\n return head :not_found\n end\n\n group = Group.find_by(group_param)\n group_endpoint = GroupEndpoint.new(group: group, endpoint: endpoint)\n\n if group_endpoint.save\n render json: {}\n else\n head :unprocessable_entity\n end\n end\n\n private\n\n def authorize_user\n unless current_user.admin?\n head :forbidden\n end\n end\n\n def group_param\n params.require(:group).permit(:id)\n end\n\n def endpoint_param\n params.require(:endpoint).permit(:path, :method)\n end\nend\n" }, { "path": "app/controllers/api/v1/groups_controller.rb", "content": "class ::Api::V1::GroupsController < ::Api::V1::BaseController\n def create\n if current_user.admin?\n @group = Group.new(group_params)\n if @group.save\n render json: {\n id: @group.id,\n name: @group.name,\n }, status: :ok\n else\n is_taken = @group.errors.details[:name].select { |x| x[:error] == :taken }\n\n if !is_taken.blank?\n existing_group = Group.find_by(name: @group.name)\n render json: {\n status: 'group already exist',\n id: existing_group.id,\n name: existing_group.name,\n }, status: :unprocessable_entity\n else\n render json: {\n status: 'error',\n }, status: :unprocessable_entity\n end\n end\n end\n end\n\n def add_user\n @group = Group.find_by(id: params[:id])\n return head :not_found unless @group.present?\n\n return raise_unauthorized unless current_user.admin? || @group.admin?(current_user)\n\n user = User.find_by(id: params[:user_id])\n return head :unprocessable_entity unless user.present?\n\n expiration_date = params[:expiration_date]\n @group.add_user_with_expiration(params[:user_id], expiration_date)\n head :no_content\n end\n\n private\n\n def group_params\n params.require(:group).permit(:name)\n end\nend\n" }, { "path": "app/controllers/api/v1/users_controller.rb", "content": "class ::Api::V1::UsersController < ::Api::V1::BaseController\n before_action :set_user, only: %i[show update]\n\n def create\n return head :forbidden unless current_user.admin?\n\n user = user_params\n if User.add_temp_user user[:name], user[:email]\n render json: { status: 'created' }, status: :ok\n else\n render json: { status: 'error' }, status: :unprocessable_entity\n end\n end\n\n def show\n if @user.present?\n user_attrs = %w(\n email id uid name active admin home_dir shell public_key user_login_id\n product_name\n )\n data = @user.attributes.select { |k, _v| user_attrs.include?(k) }\n data['groups'] = @user.groups.map { |g| { 'id' => g.gid, 'name' => g.name } }\n render json: data\n else\n head :not_found\n end\n end\n\n def deactivate\n endpoint = Endpoint.find_by(path: api_v1_deactivate_user_path(':id'), method: 'PATCH')\n if !current_user.admin? && !current_user.permitted_endpoint?(endpoint)\n return head :forbidden\n end\n\n user = User.find_by(id: params[:id])\n return head :not_found if user.nil?\n\n user.active = false\n if user.save\n head :no_content\n else\n head :unprocessable_entity\n end\n end\n\n def update\n return raise_unauthorized unless current_user.admin? || current_user == @user\n\n render json: { success: @user.update_profile(user_params) }\n end\n\n private\n\n def set_user\n @user = if params.key?('email')\n User.find_by_email(params['email'])\n elsif params.key?('uid')\n User.find_by_uid(params['uid'])\n elsif params.key?('username')\n if params.key?('active')\n is_active = [1, true, '1', 'true'].include?(params['active'])\n User.where(user_login_id: params['username'], active: is_active).take\n else\n User.find_by_user_login_id(params['username'])\n end\n end\n end\n\n def user_params\n if params.key?(:user)\n params.require(:user).permit(:name, :email, :public_key, :product_name)\n else\n params.permit(:name, :email, :public_key, :product_name)\n end\n end\nend\n" }, { "path": "app/controllers/api/v1/vpns_controller.rb", "content": "class ::Api::V1::VpnsController < ::Api::V1::BaseController\n before_action :set_vpn, only: [:assign_group]\n\n def create\n if current_user.admin?\n @vpn = Vpn.new(vpn_params)\n @vpn.uuid = SecureRandom.uuid\n if @vpn.save\n render json: {\n id: @vpn.id,\n name: @vpn.name,\n host_name: @vpn.host_name,\n ip_address: @vpn.ip_address,\n }, status: :ok\n else\n render json: { status: 'error' }, status: :unprocessable_entity\n end\n end\n end\n\n def assign_group\n if current_user.admin?\n @vpn.groups.delete_all\n @vpn.groups << Group.where(id: params[:group_id]).first\n render json: { status: 'group assigned' }, status: :ok\n end\n end\n\n private\n\n def set_vpn\n @vpn = Vpn.find(params[:id])\n end\n\n def vpn_params\n params.require(:vpn).permit(:name, :host_name, :ip_address)\n end\nend\n" }, { "path": "app/controllers/api_resources_controller.rb", "content": "class ApiResourcesController < ApplicationController\n before_action :set_api_resource, only: %i[show edit update destroy regenerate_access_key]\n before_action :authenticate_user!, except: [:authenticate]\n before_action :authorize_user, only: %i[regenerate_access_key destroy update]\n\n # GET /api_resources\n # GET /api_resources.json\n def index\n @api_resources = ApiResource.where(user: current_user) if !current_user.admin\n @api_resources = ApiResource.all if current_user.admin\n end\n\n # GET /api_resources/1\n # GET /api_resources/1.json\n def show; end\n\n def authenticate\n # this authenticates and tells whether users is able to access this api or not\n if ApiResource.authenticate(params[:access_key], params[:access_token])\n render json: { result: 0 }, status: :ok\n else\n render json: { result: 1 }, status: 401\n end\n end\n\n # GET /api_resources/new\n def new\n @api_resource = ApiResource.new\n end\n\n # GET /api_resources/1/edit\n def edit; end\n\n # POST /api_resources\n # POST /api_resources.json\n def create\n @api_resource = ApiResource.new(api_resource_params)\n @api_resource.access_key = ROTP::Base32.random_base32\n @api_resource.user = current_user\n group = Group.create name: \"#{@api_resource.name}_api_group\"\n @api_resource.group = group\n group.add_admin current_user\n group.save!\n respond_to do |format|\n if @api_resource.save\n format.html { redirect_to api_resource_path(@api_resource.id), notice: 'Api resource was successfully created.', flash: { access_key: @api_resource.access_key } }\n format.json { render :show, status: :created, location: @api_resource }\n else\n format.html { render :new }\n format.json { render json: @api_resource.errors, status: :unprocessable_entity }\n end\n end\n end\n\n # PATCH/PUT /api_resources/1\n # PATCH/PUT /api_resources/1.json\n def update\n respond_to do |format|\n if @api_resource.update(api_resource_params)\n format.html { redirect_to api_resources_path, notice: 'Api resource was successfully updated.' }\n format.json { render :show, status: :ok, location: @api_resource }\n else\n format.html { render :edit }\n format.json { render json: @api_resource.errors, status: :unprocessable_entity }\n end\n end\n end\n\n # DELETE /api_resources/1\n # DELETE /api_resources/1.json\n def destroy\n @api_resource.group.destroy if @api_resource.group.present?\n @api_resource.destroy\n respond_to do |format|\n format.html { redirect_to api_resources_url, notice: 'Api resource was successfully destroyed.' }\n format.json { head :no_content }\n end\n end\n\n # GET /api_resources/q=.json\n def search\n if params[:exact]\n @api_resources = ApiResource.where('name LIKE ?', params[:q].to_s)\n else\n @api_resources = ApiResource.where('name LIKE ?', \"%#{params[:q]}%\")\n end\n @api_resources = @api_resources.order('name ASC').limit(20)\n data = @api_resources.map { |group| { id: group.id, name: group.name } }\n render json: data\n end\n\n # GET /api_resources/:id/regenerate_access_key\n def regenerate_access_key\n @api_resource.access_key = ROTP::Base32.random_base32\n respond_to do |format|\n if @api_resource.save\n format.html { redirect_to api_resource_path(@api_resource.id), notice: 'Access key regenerated.', flash: { access_key: @api_resource.access_key } }\n format.json { render :show, status: :ok, location: @api_resource }\n else\n format.html { redirect_to api_resource_path(@api_resource.id), notice: 'Access key failed to regenerate.' }\n format.json { render json: @api_resource.errors, status: :unprocessable_entity }\n end\n end\n end\n\n private\n\n # Use callbacks to share common setup or constraints between actions.\n def set_api_resource\n @api_resource = ApiResource.find(params[:id])\n end\n\n # Never trust parameters from the scary internet, only allow the white list through.\n def api_resource_params\n params.require(:api_resource).permit(:name, :access_key, :description, :user_id, :group_id)\n end\n\n def authorize_user\n unless current_user.admin? || current_user == @api_resource.user\n respond_to do |format|\n format.html { redirect_to api_resources_url, notice: 'Unauthorized access' }\n format.json { render json: {}, status: :unauthorized }\n end\n end\n end\nend\n" }, { "path": "app/controllers/application_controller.rb", "content": "class ApplicationController < ActionController::Base\n # Prevent CSRF attacks by raising an exception.\n # For APIs, you may want to use :null_session instead.\n protect_from_forgery with: :exception\n\n def render_404\n respond_to do |format|\n format.html { render file: \"#{Rails.root}/public/404\", layout: false, status: :not_found }\n format.xml { head :not_found }\n format.any { head :not_found }\n end\n end\n\n def authenticate_access_token!\n unless AccessToken.valid_token(params[:token])\n render_error(['Unauthorized'], :unauthorized)\n end\n end\n\n def render_error(errors, status = 400)\n render 'common/errors', locals: { errors: errors }, status: status\n end\nend\n" }, { "path": "app/controllers/concerns/.keep", "content": "" }, { "path": "app/controllers/groups_controller.rb", "content": "class GroupsController < ApplicationController\n before_action :set_group, only: %i[show edit update destroy\n add_user add_machine add_vpn add_admin\n remove_admin delete_user delete_vpn delete_machine]\n before_action :authenticate_user!\n\n def index\n @groups = []\n @group_search = params[:group_search]\n if current_user.admin && @group_search.present?\n @groups = Group.where('name LIKE ?', \"%#{@group_search}%\")\n elsif current_user.group_admin? && !current_user.admin\n @groups = GroupAdmin.where(user_id: current_user.id).map(&:group)\n end\n end\n\n def create\n if current_user.admin?\n @group = Group.new(group_params)\n respond_to do |format|\n if @group.save\n format.html { redirect_to group_path(@group), notice: 'Group was successfully created.' }\n format.json { render status: :created, json: \"#{@group.name}host created\" }\n else\n format.html { redirect_to groups_path, notice: \"Can't save '#{group_params[:name]}'\" }\n format.json { render status: :error, json: \"#{@group.name} not created\" }\n end\n end\n else\n format.html { redirect_to groups_path, notice: \"Can't save '#{group_params[:name]}'\" }\n format.json { render status: :error, json: \"#{@group.name} not created\" }\n end\n end\n\n def new\n @group = Group.new\n end\n\n def show\n @group_users = User.\n select(%Q{\n users.id AS id,\n name,\n email,\n active,\n group_associations.created_at AS join_date,\n group_associations.expiration_date AS group_expiration_date\n }).\n joins('LEFT OUTER JOIN group_associations ON users.id = group_associations.user_id').\n where('group_associations.group_id = ?', @group.id)\n end\n\n def delete_machine\n @machine = HostMachine.find(params[:host_machine_id])\n if current_user.admin?\n @machine.groups.delete(@group)\n end\n\n redirect_to group_path @group\n end\n\n def delete_user\n if current_user.admin? || @group.admin?(current_user)\n @user = User.find(params[:user_id])\n\n if @user.email.split('@').first != @group.name\n @group.remove_user @user\n end\n\n end\n redirect_to group_path(@group, anchor: 'group_members')\n end\n\n def add_user\n if current_user.admin? || @group.admin?(current_user)\n user = User.find(params[:user_id])\n begin\n expiration_date = expiration_date_param\n rescue ArgumentError\n return respond_to do |format|\n format.html { redirect_to group_path(@group), notice: 'Expiration date is wrong' }\n end\n end\n @group.add_user_with_expiration(user.id, expiration_date) if user.present?\n end\n\n respond_to do |format|\n format.html do\n redirect_to group_path(@group, anchor: 'group_members')\n end\n end\n end\n\n def add_machine\n if current_user.admin?\n machine = HostMachine.find(params[:machine_id])\n machine.groups << @group if machine.present? && machine.groups.find_by_id(@group.id).blank?\n machine.save!\n end\n\n respond_to do |format|\n format.html do\n redirect_to group_path @group\n end\n end\n end\n\n def add_admin\n if current_user.admin?\n GroupAdmin.find_or_create_by(group_id: @group.id, user_id: params[:user_id])\n end\n\n respond_to do |format|\n format.html do\n redirect_to group_path @group\n end\n end\n end\n\n def remove_admin\n if current_user.admin?\n GroupAdmin.delete(params[:group_admin_id])\n end\n\n respond_to do |format|\n format.html do\n redirect_to group_path @group\n end\n end\n end\n\n def add_vpn\n if current_user.admin?\n VpnGroupAssociation.find_or_create_by(group_id: @group.id, vpn_id: params[:vpn_id])\n end\n\n respond_to do |format|\n format.html do\n redirect_to group_path @group\n end\n end\n end\n\n def delete_vpn\n return unless current_user.admin? || @group.group_admin.user == current_user\n\n VpnGroupAssociation.where(group_id: @group.id, vpn_id: params[:vpn_id]).destroy_all\n VpnGroupUserAssociation.where(group_id: @group.id, vpn_id: params[:vpn_id]).destroy_all\n\n respond_to do |format|\n format.html do\n redirect_to group_path @group\n end\n end\n end\n\n def add_group\n user_id = params[:id]\n if current_user.admin?\n begin\n expiration_date = expiration_date_param\n rescue ArgumentError\n response_message = 'Expiration date is wrong'\n return redirect_to user_path, notice: response_message\n end\n group = Group.find(params[:group_id])\n group.add_user_with_expiration(user_id, expiration_date)\n end\n redirect_to user_path\n end\n\n def delete_group\n @user = User.find(params[:user_id])\n if current_user.admin?\n group = Group.find(params[:id])\n\n if @user.email.split('@').first != group.name\n @user.groups.delete(group)\n end\n\n end\n\n redirect_to user_path(@user)\n end\n\n def list\n @groups = []\n @group_search = params[:group_search]\n return unless @group_search.present?\n\n if current_user.admin?\n @groups = Group.where('name LIKE ?', \"%#{@group_search}%\")\n elsif current_user.group_admin?\n @groups = GroupAdmin.where(user_id: current_user.id).map(&:group)\n end\n end\n\n def search\n @groups = Group.\n where('name LIKE ?', \"%#{params[:q]}%\").\n order('name ASC').\n limit(20)\n data = @groups.map { |group| { id: group.id, name: group.name } }\n render json: data\n end\n\n private\n\n # Use callbacks to share common setup or constraints between actions.\n def set_group\n @group = Group.find(params[:id])\n end\n\n # Never trust parameters from the scary internet, only allow the white list through.\n def group_params\n params.require(:group).permit(:name)\n end\n\n def expiration_date_param\n expiration_date = params[:expiration_date]\n return nil if expiration_date.nil? || expiration_date.empty?\n\n Date.parse(expiration_date, '%Y-%m-%d')\n end\nend\n" }, { "path": "app/controllers/home_controller.rb", "content": "class HomeController < ApplicationController\n\n before_action :check_signed_in\n\n def check_signed_in\n redirect_to profile_path if signed_in?\n end\n\n def index; end\nend\n" }, { "path": "app/controllers/host_controller.rb", "content": "class HostController < ApplicationController\n before_action :authenticate_user!\n def add_host\n @user = User.find(params[:id])\n if current_user.admin?\n host = Host.new\n host.user = @user\n host.host_pattern = params[:host_pattern]\n host.save!\n\n end\n redirect_to user_path\n end\n\n def delete_host\n @user = User.find(params[:user_id])\n if current_user.admin?\n @host = Host.find(params[:id])\n @host.deleted_by = current_user.id\n @host.save!\n @host.destroy\n end\n\n redirect_to user_path(@user)\n end\nend\n" }, { "path": "app/controllers/host_machine_groups_controller.rb", "content": "class HostMachineGroupsController < ApplicationController\n def show\n @host_machines = HostMachine.all\n end\n\n def create\n @host_machine = HostMachine.new(host_machine_params)\n respond_to do |format|\n @host_machine.save\n format.html { redirect_to :show, notice: 'host_machine was successfully created.' }\n format.json { render status: :created, json: \"#{@host_machine.name}host created\" }\n end\n end\n\n private\n\n # Use callbacks to share common setup or constraints between actions.\n def set_host_machine\n @host_machine = host_machine.find(params[:id])\n end\n\n # Never trust parameters from the scary internet, only allow the white list through.\n def host_machine_params\n params.require(:host_machine).permit(:name)\n end\nend\n" }, { "path": "app/controllers/host_machines_controller.rb", "content": "class HostMachinesController < ApplicationController\n before_action :set_host_machine, only: %i[add_group show edit update destroy delete_group]\n before_action :authenticate_user!\n before_action :authorize_user, only: %i[delete_group update]\n\n def index\n @title = 'Host'\n @host_machines = HostMachine.all\n @host_machines = []\n @host_machine_search = params[:host_machine_search]\n if @host_machine_search.present?\n if current_user.admin?\n @host_machines = HostMachine.where('name LIKE ?', \"%#{@host_machine_search}%\")\n end\n end\n end\n\n def create\n @host_machine = HostMachine.new(host_machine_params)\n respond_to do |format|\n if @host_machine.save\n format.html { redirect_to host_machines_path, notice: 'Host was successfully created.' }\n format.json { render status: :created, json: \"#{@host_machine.name}host created\" }\n else\n format.html { redirect_to host_machines_path, notice: \"Can't save '#{host_machine_params[:name]}'\" }\n format.json { render status: :error, json: \"#{@host_machine.name} not created\" }\n end\n end\n end\n\n def show\n @machine = @host_machine\n @groups = Group.all\n end\n\n def update\n @host_machine.update(default_admins: params[:host_machine][:default_admins])\n redirect_to host_machine_path @host_machine\n end\n\n def add_group\n @machine = @host_machine\n if current_user.admin?\n group = Group.find(params[:group_id])\n @machine.groups << group if @machine.present? && @machine.groups.find_by_id(group.id).blank?\n @machine.save!\n end\n\n respond_to do |format|\n format.html do\n redirect_to host_machine_path @host_machine\n end\n end\n end\n\n def delete_group\n group = Group.find(params[:group_id])\n @host_machine.groups.delete(group)\n @host_machine.save!\n redirect_to host_machine_path @host_machine\n end\n\n def search\n @host_machines = HostMachine.\n where('name LIKE ?', \"%#{params[:q]}%\").\n order('name ASC').\n limit(20)\n data = @host_machines.map { |host_machine| { id: host_machine.id, name: host_machine.name } }\n render json: data\n end\n\n private\n\n # Use callbacks to share common setup or constraints between actions.\n def set_host_machine\n @host_machine = HostMachine.find(params[:id])\n end\n\n # Never trust parameters from the scary internet, only allow the white list through.\n def host_machine_params\n params.require(:host_machine).permit(:name)\n end\n\n def authorize_user\n unless current_user.admin?\n redirect_to host_machines_path, notice: 'Unauthorized access'\n end\n end\nend\n" }, { "path": "app/controllers/nss_controller.rb", "content": "class NssController < ApplicationController\n skip_before_action :verify_authenticity_token, only: %i[add_host add_user_to_group]\n before_action :authenticate_access_token!, only: %i[add_host]\n\n def host\n token = AccessToken.valid_token params[:token]\n @response = nil\n if token\n @response = HostMachine.get_group_response(params[:name]) if params[:name].present?\n render json: @response\n return\n end\n\n host_machine = HostMachine.find_by(access_key: params[:token])\n sysadmins = host_machine.sysadmins if host_machine.present?\n if sysadmins.present? && sysadmins.count.positive?\n @response = Group.get_sysadmins_and_groups sysadmins, host_machine.default_admins\n end\n render json: @response\n nil\n end\n\n def add_host\n if params[:name].present?\n host = HostMachine.find_or_create_by(name: params[:name])\n host.default_admins = params[:default_admins]\n host.save\n host.add_host_group(params[:name])\n host.add_group(params[:group_name])\n render 'add_host', locals: { host: host }, format: :json\n else\n errors = ['Name can\\'t be blank']\n if params.key?(:group_name) && params[:group_name].blank?\n errors << 'Group Name can\\'t be blank'\n end\n render_error(errors)\n end\n end\n\n def group\n @response = REDIS_CACHE.get(\"#{GROUP_RESPONSE}:#{params[:token]}\")\n @response = JSON.parse(@response) if @response.present?\n if @response.blank?\n host_machine = HostMachine.find_by(access_key: params[:token])\n sysadmins = host_machine.sysadmins if host_machine.present?\n if sysadmins.present? && sysadmins.count.positive?\n @response = Group.get_sysadmins_and_groups sysadmins, host_machine.default_admins\n REDIS_CACHE.set(\"#{GROUP_RESPONSE}:#{params[:token]}\", @response.to_json)\n REDIS_CACHE.expire(\"#{GROUP_RESPONSE}:#{params[:token]}\", REDIS_KEY_EXPIRY)\n end\n end\n\n render json: @response\n end\n\n def passwd\n @response = REDIS_CACHE.get(\"#{PASSWD_RESPONSE}:#{params[:token]}\")\n @response = JSON.parse(@response) if @response.present?\n if @response.blank?\n host_machine = HostMachine.find_by(access_key: params[:token])\n sysadmins = host_machine.sysadmins if host_machine.present?\n if sysadmins.present? && sysadmins.count.positive?\n @response = User.get_sysadmins sysadmins\n REDIS_CACHE.set(\"#{PASSWD_RESPONSE}:#{params[:token]}\", @response.to_json)\n REDIS_CACHE.expire(\"#{PASSWD_RESPONSE}:#{params[:token]}\", REDIS_KEY_EXPIRY)\n end\n end\n render json: @response\n end\n\n def shadow\n token = AccessToken.valid_token params[:token]\n @response = nil\n\n if token\n name = params[:name]\n\n if name.present?\n @response = REDIS_CACHE.get(SHADOW_NAME_RESPONSE + name)\n if @response.blank?\n @response = User.get_shadow_name_response(name).to_json\n REDIS_CACHE.set(SHADOW_NAME_RESPONSE + name, @response)\n REDIS_CACHE.expire(SHADOW_NAME_RESPONSE + name, REDIS_KEY_EXPIRY)\n end\n else\n @response = REDIS_CACHE.get(SHADOW_ALL_RESPONSE)\n if @response.blank?\n @response = User.get_all_shadow_response.to_json\n REDIS_CACHE.set(SHADOW_ALL_RESPONSE, @response)\n REDIS_CACHE.expire(SHADOW_ALL_RESPONSE, REDIS_KEY_EXPIRY)\n end\n end\n end\n render json: @response\n end\n\n def groups_list\n token = AccessToken.valid_token params[:token]\n if token\n user = User.get_user(params[:email].split('@').first)\n if user.blank?\n render json: { success: false }\n else\n groups = user.blank? ? [] : user.group_names_list\n render json: { success: true, groups: groups }\n end\n else\n render json: { success: false }\n end\n end\nend\n" }, { "path": "app/controllers/organisations_controller.rb", "content": "class OrganisationsController < ApplicationController\n before_action :authorize_user, except: [:index]\n before_action :load_org, only: %i(\n config_saml_app update show setup_saml save_config_saml_app\n remove_user_saml_app add_user_saml_app\n )\n before_action :validate_app_name, only: %i(\n config_saml_app save_config_saml_app\n remove_user_saml_app add_user_saml_app\n )\n\n def index\n render :index, locals: { org_list: Organisation.all }\n end\n\n def new\n render :new, locals: { org: Organisation.new }\n end\n\n def config_saml_app\n app_name = params[:app_name]\n saml_app = app_name.titleize.constantize.new(@org.id)\n config = saml_app.config\n users = config.persisted? ? config.group.users : []\n render :config_saml_app, locals: {\n org: @org,\n saml_config: config,\n app_name: app_name,\n users: users,\n }\n end\n\n def save_config_saml_app\n app_name = params[:app_name]\n saml_app_config = params[:saml_app_config]\n saml_app = app_name.titleize.constantize.new(@org.id)\n saml_app.save_config(saml_app_config[:sso_url], params[:config])\n flash[:success] = 'Configuration saved successfully'\n redirect_to organisation_config_saml_app_path(\n app_name: app_name,\n organisation_id: @org.id\n )\n end\n\n def remove_user_saml_app\n app_name = params[:app_name]\n saml_app = app_name.titleize.constantize.new(@org.id)\n if saml_app.remove_user(params[:email])\n flash[:success] = 'User removed successfullly'\n else\n flash[:error] = 'Issue removing the user'\n end\n redirect_to organisation_config_saml_app_path\n end\n\n def add_user_saml_app\n app_name = params[:app_name]\n saml_app = app_name.titleize.constantize.new(@org.id)\n if saml_app.add_user(params[:email])\n flash[:success] = 'User added successfullly'\n else\n flash[:error] = 'Issue adding the user'\n end\n redirect_to organisation_config_saml_app_path\n end\n\n def create\n org = Organisation.setup(organisation_params.to_h || {})\n if org.errors.blank?\n flash[:success] = 'Successfully created organisation'\n redirect_to organisations_path\n else\n flash[:errors] = org.errors.full_messages\n render :new, locals: { org: org }\n end\n end\n\n def update\n @org.update_profile(organisation_params.to_h || {})\n if @org.errors.blank?\n flash[:success] = 'Successfully updated organisation'\n redirect_to organisations_path\n else\n flash[:errors] = @org.errors.full_messages\n render :show, locals: { org: @org }\n end\n end\n\n def show\n render :show, locals: { org: @org }\n end\n\n def setup_saml\n if @org.saml_setup?\n flash[:errors] = 'SAML Certificates Already Setup'\n else\n @org.setup_saml_certs\n flash[:success] = 'Successfully setup SAML Certificates'\n end\n redirect_to organisations_path\n end\n\n private\n\n def authorize_user\n unless current_user.admin?\n respond_to do |format|\n format.html { redirect_to organisations_path, notice: 'Unauthorized access' }\n format.json { render json: {}, status: :unauthorized }\n end\n end\n end\n\n def load_org\n id = params[:id] || params[:organisation_id]\n @org = Organisation.where(id: id).first\n if @org.blank?\n redirect_to organisations_path\n end\n end\n\n def validate_app_name\n saml_apps = ENV['SAML_APPS'].split(',').map(&:downcase)\n unless saml_apps.include?(params[:app_name].downcase)\n redirect_to organisation_path(id: params[:organisation_id])\n end\n end\n\n def organisation_params\n params.require(:organisation).permit(\n :name, :website, :domain, :country, :state, :address, :admin_email_address,\n :slug, :unit_name\n )\n end\nend\n" }, { "path": "app/controllers/pings_controller.rb", "content": "class PingsController < ApplicationController\n def show\n render plain: 'pong'\n end\nend\n" }, { "path": "app/controllers/profile_controller.rb", "content": "class ProfileController < ApplicationController\n require 'vpn/mobileconfig'\n\n skip_before_action :verify_authenticity_token, if: Proc.new { |c| c.request.format == 'application/json' }\n before_action :authenticate_user!, except: %i[user_id verify authenticate authenticate_cas authenticate_ms_chap authenticate_pam public_key]\n\n def regen_auth\n current_user.generate_two_factor_auth(true)\n redirect_to profile_path\n end\n\n def show\n @token_qr = nil\n unless current_user.provisioning_uri.blank?\n @token_qr = RQRCode::QRCode.new(current_user.provisioning_uri, size: 10, level: :h)\n end\n end\n\n def user_admin\n @users = []\n @groups = []\n if !current_user.admin?\n redirect_to profile_path\n end\n\n @user_search = params[:user_search]\n if @user_search.present?\n @users = User.where('name LIKE ? OR email LIKE ?', \"%#{@user_search}%\", \"%#{@user_search}%\").\n take(5)\n redirect_to profile_list_path(user_search: params[:user_search]) if @users.count.positive?\n end\n\n @group_search = params[:group_search]\n if @group_search.present?\n @groups = Group.where('name LIKE ?', \"%#{@group_search}%\").take(5)\n redirect_to group_list_path(group_search: params[:group_search]) if @groups.count.positive?\n end\n end\n\n def group_admin\n @users = []\n @groups = []\n if !current_user.admin? && !current_user.group_admin?\n redirect_to profile_path\n end\n\n @user_search = params[:user_search]\n if @user_search.present?\n @users = User.where('name LIKE ? OR email LIKE ?', \"%#{@user_search}%\", \"%#{@user_search}%\").\n take(5)\n redirect_to profile_list_path(user_search: params[:user_search]) if @users.count.positive?\n end\n\n @group_search = params[:group_search]\n if @group_search.present?\n @groups = Group.where('name LIKE ?', \"%#{@group_search}%\").take(5)\n redirect_to group_list_path(group_search: params[:group_search]) if @groups.count >= 0\n end\n end\n\n def user_id\n token = AccessToken.valid_token params[:token]\n response = 0\n if token\n user = User.get_user(params[:name])\n response = user.uid if user.present?\n end\n render plain: response\n end\n\n def download_vpn\n if !Pathname.new(\"/opt/vpnkeys/#{current_user.email}.tar.gz\").exist?\n `cd /etc/openvpn/easy-rsa/ && bash /etc/openvpn/easy-rsa/gen-client-keys #{current_user.email}`\n else\n `cd /etc/openvpn/easy-rsa/ && bash /etc/openvpn/easy-rsa/gen-client-conf #{current_user.email}`\n end\n send_file(\n \"/opt/vpnkeys/#{current_user.email}.tar.gz\",\n type: 'application/zip',\n disposition: \"attachment; filename=#{current_user.email}.tar.gz\"\n )\n end\n\n def download_vpn_for_ios_and_mac\n mobileconfig = Mobileconfig.new\n vpns = Vpn.user_vpns current_user\n\n return render plain: \"you don't have access to any vpns\" unless vpns.present?\n\n mobileconfig_data = mobileconfig.generate(vpns, current_user)\n\n send_data(\n mobileconfig_data,\n filename: \"#{current_user.email}.mobileconfig\",\n type: 'application/x-apple-aspen-config'\n )\n end\n\n def download_vpn_for_user\n render plain: 'Please download vpn config from your homepage'\n end\n\n def authenticate\n response = User.authenticate params\n if response\n render plain: 0\n else\n render plain: 1\n end\n end\n\n def authenticate_ms_chap\n response = User.ms_chap_auth params\n render plain: response\n end\n\n def authenticate_cas\n username = User.authenticate_cas request.env['HTTP_AUTHORIZATION']\n\n ## cas-5.2.x expects {\"@c\":\".SimplePrincipal\",\"id\":\"casuser\",\"attributes\":{}}\n response_map = {\n '@class': 'org.apereo.cas.authentication.principal.SimplePrincipal',\n 'id': username,\n 'attributes': { 'backend': 'gate-sso' },\n }\n\n if username.present?\n render json: response_map, status: :ok\n else\n response_map['attributes'] = nil\n render json: response_map, status: 401\n end\n end\n\n def authenticate_pam\n response = User.authenticate_pam params\n if response\n render plain: 0\n else\n render plain: 1\n end\n end\n\n def verify\n token = AccessToken.valid_token params[:token]\n if token\n response = User.verify params\n if response\n render plain: 0\n else\n render plain: 1\n end\n else\n render plain: 1\n end\n end\n\n def list\n @users = []\n @user_search = params[:user_search]\n if @user_search.present?\n @users = User.where('name LIKE ? OR email LIKE ?', \"%#{@user_search}%\", \"%#{@user_search}%\").\n take(5)\n end\n end\n\n def admin\n @users = []\n @groups = []\n if !current_user.admin?\n redirect_to profile_path\n end\n\n @user_search = params[:user_search]\n if @user_search.present?\n @users = User.where('name LIKE ? OR email LIKE ?', \"%#{@user_search}%\", \"%#{@user_search}%\").\n take(5)\n redirect_to profile_list_path(user_search: params[:user_search]) if @users.count.positive?\n end\n\n @group_search = params[:group_search]\n if @group_search.present?\n @groups = Group.where('name LIKE ?', \"%#{@group_search}%\").take(5)\n redirect_to group_list_path(group_search: params[:group_search]) if @groups.count.positive?\n end\n end\n\n def update\n if current_user.admin?\n @user = User.find(params[:id])\n @user.update(admin_active)\n end\n redirect_to user_path\n end\n\n def user_edit; end\n\n def public_key_update\n @user = User.where(id: params[:id]).first\n if current_user.admin? || current_user.id == @user.id\n @user.public_key = params[:public_key]\n @user.save!\n end\n redirect_to user_path\n end\n\n def public_key\n public_key = ''\n @user = User.get_user(params[:name])\n public_key = @user.public_key if @user.present?\n render plain: public_key\n end\n\n def user\n @group = Group.all\n @user = User.where(id: params[:id]).first\n\n if !current_user.admin? && current_user.id != @user.id\n redirect_to profile_path\n end\n render_404 if @user.blank?\n if @user.present?\n # hack add blank text to public_key\n @user.public_key = 'Add public key' if @user.public_key.blank?\n respond_to do |format|\n format.html\n end\n end\n end\n\n protected\n\n def admin_active\n params.require(:user).permit(:active, :admin)\n end\nend\n" }, { "path": "app/controllers/saml_idp_controller.rb", "content": "#TODO rename back to SAMLController\n\n#class SamlIdpController < SamlIdp::IdpController\nclass SamlIdpController < ApplicationController\n layout false\n before_action :setup_saml_configuration\n\n def show\n xml_content = SamlIdp.metadata.signed\n if params.key?(:download)\n send_data xml_content,\n type: 'text/xml',\n filename: 'metadata.xml'\n else\n render xml: xml_content\n end\n end\n\n private\n\n def idp_authenticate(email, password)\n user = User.find_and_validate_saml_user(email, password, params[:app])\n user.present? ? user : nil\n end\n\n def idp_make_saml_response(found_user)\n encode_response found_user\n end\n\n def idp_logout\n # user = User.by_email(saml_request.name_id)\n # user.logout\n end\n\n def setup_saml_configuration\n slug = params[:slug]\n app = params[:app]\n org = Organisation.find_by_slug(slug)\n saml_url = \"#{ENV['GATE_SERVER_URL']}/#{slug}/#{app}/saml\"\n SamlIdp.configure do |config|\n config.x509_certificate = org.cert_key\n config.secret_key = org.cert_private_key\n config.organization_name = org.name\n config.organization_url = org.website\n config.base_saml_location = saml_url\n config.session_expiry = 86400\n config.name_id.formats = {\n email_address: ->(principal) { principal.email },\n transient: ->(principal) { principal.user_login_id },\n persistent: ->(principal) { principal.user_login_id },\n name: ->(principal) { principal.name },\n }\n config.attributes = {\n 'eduPersonPrincipalName' => {\n 'name' => 'urn:oid:1.3.6.1.4.1.5923.1.1.1.6',\n 'name_format' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',\n 'getter' => ->(principal) { principal.email },\n },\n }\n config.attribute_service_location = \"#{saml_url}/attributes\"\n config.single_service_post_location = \"#{saml_url}/auth\"\n config.single_logout_service_post_location = \"#{saml_url}/logout\"\n config.single_logout_service_redirect_location = \"#{saml_url}/logout\"\n end\n end\nend\n" }, { "path": "app/controllers/users/auth_controller.rb", "content": "class Users::AuthController < ApplicationController\n\n def log_in\n unless ENV['SIGN_IN_TYPE'] == 'form'\n return redirect_to root_path\n end\n\n email = params.require(:email)\n name = params.require(:name)\n\n unless User.valid_domain? email.split('@').last\n return render plain: 'Your domain is unauthorized', status: :unauthorized\n end\n\n user = User.create_user(name, email)\n user.generate_two_factor_auth\n sign_in_and_redirect user, event: :authentication\n end\nend\n" }, { "path": "app/controllers/users/omniauth_callbacks_controller.rb", "content": "class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController\n def google_oauth2\n # You need to implement the method below in your model (e.g. app/models/user.rb)\n #\n data = request.env['omniauth.auth']\n domain = data['info']['email'].split('@').last\n\n unless User.valid_domain? domain\n return render plain: 'Your domain is unauthorized', status: :unauthorized\n end\n\n @user = User.create_user(data.info['name'], data.info['email'])\n\n if @user.persisted?\n @user.generate_two_factor_auth\n sign_in_and_redirect @user, event: :authentication\n else\n session['devise.google_data'] = request.env['omniauth.auth']\n redirect_to new_user_registration_url\n end\n end\nend\n" }, { "path": "app/controllers/users_controller.rb", "content": "class UsersController < ApplicationController\n before_action :authenticate_user!, except: %i[user_id verify authenticate authenticate_cas authenticate_ms_chap authenticate_pam public_key]\n before_action :authorize_user, only: %i[create update]\n\n def index\n @user_search = params[:user_search]\n @users = []\n @users = User.where('name like ?', \"%#{@user_search}%\").take(20) if @user_search.present?\n end\n\n def show\n @user = User.where(id: params[:id]).first\n return render_404 if @user.blank?\n\n @user_groups = Group.\n select(%{\n groups.id AS id,\n gid,\n name,\n deleted_at,\n group_associations.expiration_date AS group_expiration_date\n }).\n joins('INNER JOIN group_associations ON groups.id = group_associations.group_id').\n where('group_associations.user_id = ?', @user.id)\n\n if @user.access_token.blank?\n access_token = AccessToken.new\n access_token.token = ROTP::Base32.random_base32\n access_token.user = @user\n access_token.save!\n end\n\n @vpns = Vpn.user_vpns @user\n\n return unless current_user.admin? || current_user == @user\n\n return unless @user.present? && (current_user.admin? || current_user.id == @user.id)\n\n respond_to do |format|\n format.html { render :show, flash: { token: access_token.try(:token) } }\n end\n end\n\n def new\n return redirect_to profile_path unless current_user.admin?\n\n render :new, locals: {\n roles: ENV['USER_ROLES'].split(','),\n domains: ENV['GATE_HOSTED_DOMAINS'].split(','),\n }\n end\n\n def create\n user = User.add_user(\n user_params[:first_name],\n user_params[:last_name],\n user_params[:user_role],\n params[:user_domain]\n )\n if user.errors.present?\n flash[:errors] = user.errors.full_messages\n redirect_to(new_user_path)\n else\n flash[:success] = 'Successfully Created User'\n redirect_to user_path(id: user.id)\n end\n end\n\n def update\n @user = User.find(params[:id])\n begin\n @user.update(product_name: product_name)\n response_message = 'product name updated successfully!!'\n rescue ActionController::ParameterMissing\n response_message = 'Params are missing'\n end\n\n form_response(response_message)\n end\n\n def search\n @users = User.\n where('name LIKE :q OR email LIKE :q', q: \"%#{params[:q]}%\").\n order('name ASC').\n limit(20)\n unless params[:include_inactive] == 'true'\n @users = @users.where(active: true)\n end\n data = @users.map do |user|\n {\n id: user.id,\n name: user.name,\n email: user.email,\n name_email: \"#{user.name} - #{user.email}\",\n }\n end\n render json: data\n end\n\n # GET /users/:id/regenerate_token\n def regenerate_token\n @user = User.find(params[:id])\n unless current_user.admin? || (current_user.id == @user.id)\n return respond_to do |format|\n format.html { redirect_to user_path(@user.id), notice: 'You cannot regenerate this token.' }\n format.json { render json: @user.errors, status: :unauthorized }\n end\n end\n\n @access_token = @user.access_token\n @access_token.token = ROTP::Base32.random_base32\n respond_to do |format|\n if @access_token.save\n format.html { redirect_to user_path(@user.id), notice: 'Token regenerated.', flash: { token: @access_token.token } }\n format.json { render :show, status: :ok, location: @user }\n else\n format.html { redirect_to user_path(@user.id), notice: 'Token failed to regenerate.' }\n format.json { render json: @user.errors, status: :unprocessable_entity }\n end\n end\n end\n\n private\n\n def user_params\n params.require(:user).permit(\n :first_name, :last_name, :user_role\n )\n end\n\n def form_response(message)\n respond_to do |format|\n format.html { redirect_to user_path, notice: message }\n end\n end\n\n def product_name\n params.require(:product_name)\n end\n\n def authorize_user\n unless current_user.admin?\n flash[:errors] = 'unauthorized access'\n redirect_to profile_path\n end\n end\nend\n" }, { "path": "app/controllers/vpn_domain_name_servers_controller.rb", "content": "class VpnsController < ApplicationController\n before_action :authorize_user\n before_action :set_vpn, only: %i[show edit update destroy user_associated_groups]\n\n def destroy; end\nend\n\n#TODO fix this in future. This is something not great.\nclass VpnDomainNameServersController < ApplicationController\nend\n" }, { "path": "app/controllers/vpns_controller.rb", "content": "class VpnsController < ApplicationController\n before_action :authorize_user, except: %i[create_group_associated_users show index\n user_associated_groups group_associated_users search]\n before_action :set_vpn, only: %i[show edit update destroy\n user_associated_groups add_dns_server remove_dns_server\n add_search_domain remove_search_domain\n add_supplemental_match_domain remove_supplemental_match_domain\n migrate_to_new_group assign_group]\n\n before_action :authenticate_user!\n\n require 'securerandom'\n\n def index\n @vpns = Vpn.order(:name)\n end\n\n def update\n if current_user.admin?\n @vpn = Vpn.find(params[:id])\n if @vpn.update(vpn_params)\n redirect_to vpn_path(@vpn), notice: 'Vpn was successfully updated.'\n end\n else\n redirect_to vpn_path(@vpn), notice: 'You can not update, not sufficient privileges.'\n end\n end\n\n def create\n @vpn = Vpn.new(vpn_params)\n @vpn.uuid = SecureRandom.uuid\n respond_to do |format|\n if @vpn.save\n format.html { redirect_to vpns_path, notice: 'Vpn was successfully added.' }\n format.json { render status: :created, json: \"#{@vpn.name}host created\" }\n else\n format.html { redirect_to vpns_path, notice: \"Can't save '#{vpn_params[:name]}'\" }\n format.json { render status: :error, json: \"#{@vpn.name} not created\" }\n end\n end\n end\n\n def new\n @vpn = Vpn.new\n end\n\n def add_dns_server\n if current_user.admin? && params[:server_address].present?\n VpnDomainNameServer.find_or_create_by(server_address: params[:server_address], vpn: @vpn)\n end\n redirect_to vpn_path(@vpn, anchor: 'dns_hosts')\n end\n\n def add_search_domain\n if current_user.admin? && params[:search_domain].present?\n VpnSearchDomain.find_or_create_by(search_domain: params[:search_domain], vpn: @vpn)\n end\n redirect_to vpn_path(@vpn, anchor: 'search_domains')\n end\n\n def add_supplemental_match_domain\n if current_user.admin? && params[:supplemental_match_domain].present?\n VpnSupplementalMatchDomain.find_or_create_by(\n supplemental_match_domain: params[:supplemental_match_domain],\n vpn: @vpn\n )\n end\n redirect_to vpn_path(@vpn, anchor: 'match_domains')\n end\n\n def remove_dns_server\n if current_user.admin?\n VpnDomainNameServer.delete(params[:vpn_domain_name_server_id])\n end\n redirect_to vpn_path(@vpn, anchor: 'dns_hosts')\n end\n\n def remove_search_domain\n if current_user.admin?\n VpnSearchDomain.delete(params[:vpn_search_domain_id])\n end\n redirect_to vpn_path(@vpn, anchor: 'search_domains')\n end\n\n def remove_supplemental_match_domain\n if current_user.admin?\n VpnSupplementalMatchDomain.delete(params[:vpn_supplemental_match_domain_id])\n end\n redirect_to vpn_path(@vpn, anchor: 'match_domains')\n end\n\n def assign_group\n if current_user.admin?\n @vpn.groups.delete_all\n @vpn.groups << Group.where(id: params[:group_id]).first\n end\n redirect_to vpn_path(@vpn, anchor: 'match_domains')\n end\n\n def show\n @vpn = Vpn.find(params[:id])\n @groups = Group.order(:name)\n end\n\n def user_associated_groups\n @groups_under_current_user = []\n @group_id = params[:group_id]\n @vpn_id = params[:id]\n if current_user.admin?\n @groups_under_current_user = Group.all\n else\n @vpn.groups.each do |vpn_group|\n if vpn_group.group_admin.try(:user) == current_user\n @groups_under_current_user << vpn_group\n end\n end\n end\n\n render 'show'\n end\n\n def group_associated_users\n @group = Group.find(params[:group_id])\n if current_user.admin? || @group.group_admin.try(:user) == current_user\n @users = @group.users\n @vpn_group_user_associations = VpnGroupUserAssociation.where(\n vpn_id: params[:vpn_id],\n group_id: params[:group_id]\n )\n @vpn_enabled_users = @vpn_group_user_associations.map(&:user)\n\n @vpn_disabled_users = @users - @vpn_enabled_users\n\n @vpn_enabled_users = @vpn_enabled_users.sort_by(&:email)\n @vpn_disabled_users = @vpn_disabled_users.sort_by(&:email)\n end\n respond_to do |format|\n format.json { render status: :ok, json: { enabled: @vpn_enabled_users, disabled: @vpn_disabled_users } }\n end\n end\n\n def create_group_associated_users\n if current_user.admin? ||\n VpnGroupAssociation.find_by_vpn_id_and_group_id(\n params[:vpn_id].to_i,\n params[:group_id]\n ).group.group_admin.user == current_user\n @users_selected = params[:users] || []\n @associations_made = []\n VpnGroupUserAssociation.where(\n vpn_id: params[:vpn_id].to_i,\n group_id: params[:group_id].to_i\n ).each do |vpn_association|\n unless @users_selected.include? vpn_association.user.id\n vpn_association.destroy\n end\n end\n @users_selected.each do |user|\n @associations_made << VpnGroupUserAssociation.find_or_create_by(\n vpn_id: params[:vpn_id],\n group_id: params[:group_id],\n user_id: user.to_i\n )\n end\n\n respond_to do |format|\n format.json { render status: :ok, json: @associations_made }\n end\n else\n respond_to do |format|\n format.json { render status: :unauthorized, json: 'not gonna happen' }\n end\n end\n end\n\n def destroy\n VpnGroupUserAssociation.where(vpn_id: params[:id]).destroy_all\n VpnGroupAssociation.where(vpn_id: params[:id]).destroy_all\n Vpn.destroy(params[:id])\n\n respond_to do |format|\n format.html { redirect_to vpns_path, notice: 'Vpn was successfully destroyed.' }\n format.json { render status: :ok, json: 'vpn destroyed' }\n end\n end\n\n def search\n @vpns = Vpn.\n where('name LIKE ?', \"%#{params[:q]}%\").\n order('name ASC').\n limit(20)\n data = @vpns.map { |vpn| { id: vpn.id, name: vpn.name } }\n render json: data\n end\n\n private\n\n def set_vpn\n @vpn = Vpn.find(params[:id])\n end\n\n def vpn_params\n params.require(:vpn).permit(:name, :host_name, :ip_address)\n end\n\n def authorize_user\n unless current_user.admin?\n redirect_to profile_path\n end\n end\nend\n" }, { "path": "app/helpers/admin_helper.rb", "content": "module AdminHelper\nend\n" }, { "path": "app/helpers/api_resources_helper.rb", "content": "module ApiResourcesHelper\nend\n" }, { "path": "app/helpers/application_helper.rb", "content": "module ApplicationHelper\n def add_placeholder_to_list(list, placeholder, string_convert: 'titleize')\n (list.map do |row|\n name = string_convert.present? ? row.send(string_convert.to_sym) : row\n [name, row]\n end).insert(0, [placeholder, ''])\n end\nend\n" }, { "path": "app/helpers/group_helper.rb", "content": "module GroupHelper\nend\n" }, { "path": "app/helpers/groups_helper.rb", "content": "module GroupsHelper\nend\n" }, { "path": "app/helpers/home_helper.rb", "content": "module HomeHelper\nend\n" }, { "path": "app/helpers/host_access_groups_helper.rb", "content": "module HostAccessGroupsHelper\nend\n" }, { "path": "app/helpers/host_machine_groups_helper.rb", "content": "module HostMachineGroupsHelper\nend\n" }, { "path": "app/helpers/host_machines_helper.rb", "content": "module HostMachinesHelper\nend\n" }, { "path": "app/helpers/nss_helper.rb", "content": "module NssHelper\nend\n" }, { "path": "app/helpers/omniauth_callbacks_helper.rb", "content": "module OmniauthCallbacksHelper\nend\n" }, { "path": "app/helpers/profile_helper.rb", "content": "module ProfileHelper\nend\n" }, { "path": "app/helpers/users_helper.rb", "content": "module UsersHelper\nend\n" }, { "path": "app/lib/datadog.rb", "content": "class Datadog < SamlApp\n\n def initialize(org_id)\n @app_name = 'datadog'\n super(org_id)\n if @config.persisted?\n @client = DataDogClient.new(\n @config.config['app_key'],\n @config.config['api_key']\n )\n else\n @config.config = { app_key: '', api_key: '' }\n end\n end\n\n def save_config(sso_url, config = {})\n @config.config = @config.config.merge(config)\n super(sso_url, config)\n end\n\n def add_user(email)\n user_detail_response = @client.get_user(email)\n response = if user_detail_response.eql?({})\n @client.new_user(email)\n else\n @client.activate_user(email)\n end\n super(email) unless response.eql?({})\n end\n\n def remove_user(email)\n response = @client.deactivate_user(email)\n super(email) unless response.eql?({})\n end\nend\n" }, { "path": "app/lib/saml_app.rb", "content": "class SamlApp\n\n attr_accessor :config, :app_name\n\n def initialize(org_id)\n @config = SamlAppConfig.find_or_initialize_by(\n app_name: @app_name, organisation_id: org_id\n )\n end\n\n def save_config(sso_url, config = {})\n unless @config.persisted?\n group_name = \"#{@config.organisation.slug}_saml_#{app_name}_users\"\n @config.group = Group.find_or_create_by(name: group_name)\n end\n @config.sso_url = sso_url\n @config.save\n end\n\n def add_user(email)\n user = User.where(email: email).first\n unless user.blank?\n @config.group.add_user(user.id)\n return true\n end\n false\n end\n\n def remove_user(email)\n user = User.where(email: email).first\n unless user.blank?\n @config.group.remove_user(user.id)\n return true\n end\n false\n end\nend\n" }, { "path": "app/mailers/.keep", "content": "" }, { "path": "app/models/.keep", "content": "" }, { "path": "app/models/access_token.rb", "content": "class AccessToken < ApplicationRecord\n attr_accessor :token\n\n\n belongs_to :user\n\n before_save :hash_token!\n\n def self.find_token challenge_token\n AccessToken.where(hashed_token: Digest::SHA512.hexdigest(challenge_token)).first\n end\n\n def self.valid_token challenge_token\n find_token(challenge_token).present?\n end\n\n private\n\n def hash_token!\n self.hashed_token = Digest::SHA512.hexdigest self.token unless self.token.blank?\n end\nend\n" }, { "path": "app/models/api_resource.rb", "content": "class ApiResource < ApplicationRecord\n attr_accessor :access_key\n\n validates :name, format: { with: /\\A[a-zA-Z0-9_-]+\\Z/ }, uniqueness: true, presence: true\n validates :access_key, presence: true, on: :create\n belongs_to :user\n belongs_to :group\n\n before_save :hash_access_key!\n\n def self.authenticate access_key, access_token\n api_resource = ApiResource.find_by(hashed_access_key: Digest::SHA512.hexdigest(access_key))\n user = AccessToken.find_by(hashed_token: Digest::SHA512.hexdigest(access_token)).user\n api_resource.group.member? user\n end\n\n private\n\n def hash_access_key!\n self.hashed_access_key = Digest::SHA512.hexdigest self.access_key unless self.access_key.blank?\n end\nend\n" }, { "path": "app/models/application_record.rb", "content": "class ApplicationRecord < ActiveRecord::Base\n self.abstract_class = true\nend\n" }, { "path": "app/models/concerns/.keep", "content": "" }, { "path": "app/models/concerns/ms_chap_auth.rb", "content": "module MsChapAuth\n\n def hexlify(msg)\n msg.unpack('H*').first\n end\n\n def unhexlify(msg)\n msg.scan(/../).collect { |c| c.to_i(16).chr }.join\n end\n\n def test_key key, challenge\n des = OpenSSL::Cipher::DES.new('ECB')\n des.encrypt\n des.key = key\n des.update challenge\n #need to do it twice, don't know why!!! :-(\n des.update challenge\n end\n\n def ntlm_challenge_response word, challenge\n\n uword = word.encode('iso-8859-1').encode('utf-16le')\n ntlmhash = md4_hash uword\n\n response = []\n\n response.push(test_key(key56_to_key64(ntlmhash[0...14]), challenge))\n response.push(test_key(key56_to_key64(ntlmhash[14...28]), challenge))\n response.push(test_key(key56_to_key64(ntlmhash[28...ntlmhash.length] + '0000000000'), challenge))\n hexlify(response[0]) + hexlify(response[1]) + hexlify(response[2])\n end\n\n\n def md4_hash word\n md4 = OpenSSL::Digest::MD4.new\n return md4.hexdigest(word)\n end\n\n def set_key_odd_parity key\n for pos in 0..key.length - 1\n for k in 0..6\n bit = 0\n t = key[pos] >> k\n bit = (t ^ bit) & 0x1\n end\n key[pos] = (key[pos] & 0xFE) | bit\n end\n return key\n end\n\n def key56_to_key64 key_raw\n key_raw = unhexlify(key_raw)\n key_56 = []\n key_raw.split(\"\").each {|c| key_56.push(c.ord)}\n\n key = []\n (0..7).to_a.each {|i| key.push(0)}\n\n key[0] = key_56[0]\n key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1);\n key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2);\n key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3);\n key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4);\n key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5);\n key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6);\n key[7] = (key_56[6] << 1) & 0xFF;\n\n key = set_key_odd_parity(key)\n\n keyout = ''\n key.each {|k| keyout += k.chr}\n return keyout\n\n end\n\n def nt_password_hash password\n md4 = OpenSSL::Digest::MD4.new\n md4.digest(password)\n end\n\n def get_nt_key password\n unicode_pwd = password.encode('iso-8859-1').encode('utf-16le')\n pwd_hash = nt_password_hash(unicode_pwd)\n nt_key = nt_password_hash(pwd_hash)\n return hexlify(nt_key)\n end\n\n def authenticate_ms_chap password, challenge, response\n if ntlm_challenge_response(password, unhexlify(challenge)) == response\n return \"NT_KEY: \" + get_nt_key(password).upcase\n end\n return (\"NT_STATUS_UNSUCCESSFUL: Failure (0xC0000001)\")\n end\n\n def authenticate_ms_chap_with_drift passwords, challenge, response\n passwords.each do |password|\n if ntlm_challenge_response(password, unhexlify(challenge)) == response\n return \"NT_KEY: \" + get_nt_key(password).upcase\n end\n end\n return (\"NT_STATUS_UNSUCCESSFUL: Failure (0xC0000001)\")\n end\n\n end\n\n\n" }, { "path": "app/models/endpoint.rb", "content": "class Endpoint < ApplicationRecord\n\n\n has_many :group_endpoints\n has_many :groups, through: :group_endpoints\n\n validates_presence_of :path\n validates_presence_of :method\n validates :method, inclusion: { in: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE'] }\n validates_format_of :path, with: /\\A((\\/(([0-9, a-z,\\-,_]+)|(:[a-z]+))+)+|\\/)\\Z/i\nend\n" }, { "path": "app/models/group.rb", "content": "class Group < ApplicationRecord\n\n has_many :group_admins, dependent: :destroy\n has_many :group_associations\n has_many :users, through: :group_associations\n\n has_many :vpn_group_associations\n has_many :vpns, through: :vpn_group_associations\n\n has_many :host_access_groups\n has_many :host_machines, through: :host_access_groups\n belongs_to :vpn\n\n has_many :group_endpoints\n has_many :endpoints, through: :group_endpoints\n\n validates_uniqueness_of :name, case_sensitive: false\n validates :name, presence: true\n\n before_create :set_lower_case_name\n acts_as_paranoid\n\n after_create :add_gid\n\n GID_CONSTANT = 9000\n\n def burst_host_cache\n if host_machines.count.positive?\n host_machines.each do |host|\n if host.access_key.present?\n REDIS_CACHE.del \"#{GROUP_RESPONSE}:#{host.access_key}\"\n REDIS_CACHE.del \"#{PASSWD_RESPONSE}:#{host.access_key}\"\n Rails.logger.info \"hello #{host.name} #{host.access_key}\"\n end\n end\n end\n end\n\n def add_admin(user)\n GroupAdmin.find_or_create_by(group_id: id, user: user)\n end\n\n def set_lower_case_name\n self.name = name.downcase\n end\n\n def add_gid\n self.gid = id + GID_CONSTANT\n save!\n end\n\n def self.get_name_response(name)\n response = REDIS_CACHE.get(GROUP_NSS_RESPONSE + name)\n if response.blank?\n group = Group.where(name: name).first\n group = [] if group.blank?\n response = group.group_response.to_json\n REDIS_CACHE.set(GROUP_NSS_RESPONSE + name, response)\n REDIS_CACHE.expire(GROUP_NSS_RESPONSE + name, REDIS_KEY_EXPIRY)\n end\n JSON.parse(response, symbolize_names: true)\n end\n\n def self.get_all_response\n response = REDIS_CACHE.get(GROUP_ALL_RESPONSE)\n if response.blank?\n response_array = []\n Group.all.includes(:users).each do |group|\n response_array << group.group_response\n end\n response = response_array.to_json\n REDIS_CACHE.set(GROUP_ALL_RESPONSE, response)\n REDIS_CACHE.expire(GROUP_ALL_RESPONSE, REDIS_KEY_EXPIRY)\n end\n response\n end\n\n def self.get_gid_response(gid)\n group = Group.where(gid: gid).first\n return [] if group.blank?\n\n group.group_response\n end\n\n def admin?(user)\n GroupAdmin.where(group_id: self, user_id: user).first.present?\n end\n\n def member?(user)\n users.exists? user.id\n end\n\n def self.generate_group_response(name, gid, members)\n {\n gr_name: name,\n gr_passwd: 'x',\n gr_gid: gid,\n gr_mem: members,\n }\n end\n\n def group_response\n Group.group_nss_response name\n end\n\n def self.group_nss_response(name)\n group_response = REDIS_CACHE.get(\"#{GROUP_NSS_RESPONSE}:#{name}\")\n group_response = JSON.parse(group_response) if group_response.present?\n\n if group_response.blank?\n group = Group.find_by(name: name)\n if group.present?\n members = group.users.map(&:user_login_id)\n response_hash = Group.generate_group_response(group.name, group.gid, members)\n REDIS_CACHE.set(\"#{GROUP_NSS_RESPONSE}:#{group.name}\", response_hash.to_json)\n REDIS_CACHE.expire(\"#{GROUP_NSS_RESPONSE}:#{group.name}\", REDIS_KEY_EXPIRY)\n group_response = response_hash\n end\n end\n group_response\n end\n\n def self.get_sysadmins_and_groups(sysadmins, default_admins = true)\n sysadmins_login_ids = User.\n select(:user_login_id).\n where('id IN (?)', sysadmins).\n map(&:user_login_id)\n\n # TODO: extract to query object\n groups = Group.\n select(%(\n id,\n name,\n gid,\n (\n SELECT GROUP_CONCAT(user_login_id)\n FROM users\n INNER JOIN group_associations\n ON users.id = group_associations.user_id\n WHERE group_associations.group_id = groups.id\n ) AS members\n )).\n where('name IN (?)', sysadmins_login_ids).\n map do |group|\n members = (group.members || '').split(',')\n Group.generate_group_response(group.name, group.gid, members)\n end\n groups << Group.get_default_sysadmin_group_for_host(sysadmins_login_ids, default_admins)\n groups.to_json\n end\n\n def get_user_ids\n user_ids = REDIS_CACHE.get(\"#{GROUP_UID_RESPONSE}:#{name}\")\n user_ids = JSON.parse(user_ids) if user_ids.present?\n\n if user_ids.blank?\n user_ids = users.map(&:user_login_id)\n REDIS_CACHE.set(\"#{GROUP_UID_RESPONSE}:#{name}\", user_ids.to_json)\n REDIS_CACHE.expire(\"#{GROUP_UID_RESPONSE}:#{name}\", REDIS_KEY_EXPIRY)\n end\n user_ids\n end\n\n def self.get_default_sysadmin_group_for_host(sysadmins_login_ids, default_admins = true)\n sysadmins = sysadmins_login_ids\n\n if default_admins\n group = Group.find_by(name: 'sysadmins')\n\n if group.present?\n sysadmins = sysadmins + group.get_user_ids\n end\n end\n group_id = group.blank? ? 8999 : group.id\n\n sysadmin_group = Group.generate_group_response('sysadmins', group_id, sysadmins.uniq)\n sysadmin_group\n end\n\n def add_user(user_id)\n add_user_with_expiration(user_id, nil)\n end\n\n def add_user_with_expiration(user_id, expiration_date)\n remove_user user_id\n group_associations.create(user_id: user_id, expiration_date: expiration_date)\n end\n\n def remove_user(user_id)\n group_associations.where(user_id: user_id).destroy_all\n burst_host_cache\n end\nend\n" }, { "path": "app/models/group_admin.rb", "content": "class GroupAdmin < ApplicationRecord\n belongs_to :user\n belongs_to :group\nend\n" }, { "path": "app/models/group_association.rb", "content": "class GroupAssociation < ApplicationRecord\n belongs_to :user\n belongs_to :group\n\n def self.revoke_expired(date = Date.today)\n where('expiration_date < ?', date).destroy_all\n end\nend\n" }, { "path": "app/models/group_endpoint.rb", "content": "class GroupEndpoint < ApplicationRecord\n\n\n belongs_to :group\n belongs_to :endpoint\n\n validates :group, uniqueness: { scope: :endpoint }\n validates_presence_of :group\n validates_presence_of :endpoint\nend\n" }, { "path": "app/models/host.rb", "content": "class Host < ApplicationRecord\n belongs_to :user\n acts_as_paranoid\nend\n" }, { "path": "app/models/host_access_group.rb", "content": "class HostAccessGroup < ApplicationRecord\n belongs_to :host_machine\n belongs_to :group\nend\n" }, { "path": "app/models/host_machine.rb", "content": "class HostMachine < ApplicationRecord\n\n has_many :host_access_groups\n has_many :groups, through: :host_access_groups\n validates_uniqueness_of :name, case_sensitive: false\n validates :name, presence: true\n\n before_create :set_lower_case_name\n before_create :set_host_access_key\n\n def set_host_access_key\n self.access_key = ROTP::Base32.random_base32\n end\n\n def set_lower_case_name\n self.name = self.name.downcase\n end\n\n def self.get_group_response name\n host_machine = HostMachine.find_by_name(name)\n response = {}\n return response if host_machine.blank?\n response[:host_name] = name\n response[:groups] = host_machine.groups.collect { |g| g.name }\n response\n end\n\n def sysadmins\n users = GroupAssociation.\n select(:user_id).\n distinct.\n joins(:user).\n where(\"group_id IN (?)\", groups.collect(&:id)).\n collect(&:user_id)\n end\n\n def add_host_group(name)\n name = name.squish\n if name.present?\n name = \"#{name}_host_group\"\n self.add_group(name.downcase)\n end\n end\n\n def add_group(name)\n name = name.squish\n if name.present?\n group = Group.find_or_initialize_by(name: name.downcase)\n self.groups << group unless self.groups.include? group\n self.save\n end\n end\nend\n" }, { "path": "app/models/ip_address.rb", "content": "class IpAddress < ApplicationRecord\nend\n" }, { "path": "app/models/organisation.rb", "content": "class Organisation < ApplicationRecord\n validates :name, :website, :domain, :country, :state, :address,\n :admin_email_address, :slug, presence: true\n validates :address, format: {\n with: /\\A[a-zA-Z0-9\\s]+\\z/,\n message: 'Invalid - Only Alphabets, Space and Numbers Allowed',\n }\n validates :admin_email_address, email: true\n validates :slug, uniqueness: true\n\n attr_accessor :cert, :rsa_key\n\n UPDATE_KEYS = %w(\n name website domain country state address admin_email_address slug unit_name\n ).freeze\n\n def self.find_by_slug(slug)\n Organisation.where(slug: slug).first\n end\n\n def self.setup(attrs = {})\n attrs = attrs.stringify_keys\n attrs = attrs.select { |k, _v| UPDATE_KEYS.include?(k) }\n org = Organisation.new(attrs)\n org.save if org.valid?\n org\n end\n\n def update_profile(attrs = {})\n attrs = attrs.stringify_keys\n attrs = attrs.select { |k, _v| UPDATE_KEYS.include?(k) }\n assign_attributes(attrs)\n save if valid?\n end\n\n def saml_setup?\n cert_fingerprint.present? && cert_key.present? && cert_private_key.present?\n end\n\n def setup_saml_certs\n return false unless persisted?\n require 'openssl'\n self.rsa_key = OpenSSL::PKey::RSA.new(2048)\n private_key = rsa_key.to_pem\n public_key = rsa_key.public_key\n subject = \"/C=#{country}/ST=#{state}/L=#{address}/O=#{name}/OU=#{unit_name}/CN=#{domain}\"\n self.cert = OpenSSL::X509::Certificate.new\n cert.subject = cert.issuer = OpenSSL::X509::Name.parse(subject)\n cert.not_before = Time.now\n cert.not_after = Time.now + 365 * 24 * 60 * 60\n cert.public_key = public_key\n cert.serial = SecureRandom.random_number(10)\n cert.version = 2\n ef = OpenSSL::X509::ExtensionFactory.new\n ef.subject_certificate = cert\n ef.issuer_certificate = cert\n cert.extensions = [\n ef.create_extension('basicConstraints', 'CA:TRUE', true),\n ef.create_extension('subjectKeyIdentifier', 'hash'),\n ]\n cert.add_extension ef.create_extension(\n 'authorityKeyIdentifier', 'keyid:always,issuer:always'\n )\n cert.sign rsa_key, OpenSSL::Digest::SHA1.new\n update_attributes(\n cert_fingerprint: OpenSSL::Digest::SHA256.hexdigest(cert.to_der).scan(/../).join(':'),\n cert_key: cert.to_pem,\n cert_private_key: private_key\n )\n end\nend\n" }, { "path": "app/models/saml_app_config.rb", "content": "class SamlAppConfig < ApplicationRecord\n belongs_to :group\n belongs_to :organisation\n\n serialize :config, JSON\n\n def self.get_config(app_name, org_id)\n SamlAppConfig.find_or_initialize_by(\n app_name: app_name, organisation_id: org_id\n )\n end\nend\n" }, { "path": "app/models/user.rb", "content": "class User < ApplicationRecord\n\n\n include MsChapAuth\n devise :timeoutable, :omniauthable, omniauth_providers: [:google_oauth2]\n has_many :hosts\n has_many :group_associations\n has_many :groups, through: :group_associations\n has_many :group_admin, dependent: :destroy\n has_one :access_token\n\n # TODO: Need to add the validations for the user model, right now a lot of tests fail due to enabling this\n # validates :first_name, :last_name, :mobile, :user_role, presence: true\n # validates :first_name, :last_name, format: { with: /[a-zA-Z]/}, allow_blank: true\n # validates :user_role, inclusion: { in: ENV['USER_ROLES'].split(',') }\n # validate :validate_email_domain\n \n \n validates :email, uniqueness: true\n\n # TODO: Need to enable these again after rails 7 update\n # validate :remove_default_admin, on: :update\n\n # before_save :revoke_admin_when_inactive, on: :update\n # before_save :set_deactivated_at_when_inactive, on: :update\n\n HOME_DIR = '/home'.freeze\n USER_SHELL = '/bin/bash'.freeze\n\n def self.add_user(first_name, last_name, user_role, domain)\n user = User.new(first_name: first_name, last_name: last_name, user_role: user_role)\n user.assign_attributes(\n user_login_id: \"#{first_name.downcase}.#{last_name.downcase}\",\n uid: user.generate_uid,\n email: \"#{first_name.downcase}.#{last_name.downcase}@#{domain}\",\n name: \"#{first_name} #{last_name}\"\n )\n user.save\n user.initialise_host_and_group if user.persisted?\n user\n end\n\n def generate_login_id\n email.split('@').first\n end\n\n def generate_uid(uid_buffer = 5000)\n uid_buffer = ENV['UID_BUFFER'].present? ? ENV['UID_BUFFER'].to_i : uid_buffer\n User.last.blank? ? uid_buffer : User.last.id.to_i + uid_buffer\n end\n\n def initialise_host_and_group\n host = Host.find_or_initialize_by(user: self)\n unless ENV['DEFAULT_HOST_PATTERN'].blank?\n host.host_pattern = ENV['DEFAULT_HOST_PATTERN']\n end\n hosts << host\n groups << Group.find_or_initialize_by(name: user_login_id)\n end\n\n def generate_two_factor_auth(force_create = false)\n if persisted? && (force_create || (!force_create && auth_key.blank?))\n self.auth_key = ROTP::Base32.random_base32\n totp = ROTP::TOTP.new(auth_key)\n self.provisioning_uri = totp.provisioning_uri \"GoJek-C #{email}\"\n save!\n end\n end\n\n def self.create_user(name, email)\n user = User.find_or_initialize_by(email: email)\n unless user.persisted?\n user.assign_attributes(\n name: name, user_login_id: user.generate_login_id, uid: user.generate_uid\n )\n user.admin = User.first.blank?\n user.initialise_host_and_group\n user.save! if user.valid?\n end\n user\n end\n\n def self.add_temp_user(name, email)\n email += \"@#{ENV['GATE_HOSTED_DOMAIN']}\"\n user = User.create_user(name, email)\n user.generate_two_factor_auth\n user.auth_key\n end\n\n def update_profile(attrs = {})\n allowed_keys = %w(public_key name product_name admin active)\n attrs = attrs.stringify_keys\n attrs = attrs.select { |k, v| allowed_keys.include?(k) && (v.present? || v.eql?(false)) }\n assign_attributes(attrs)\n if active.eql?(false) && deactivated_at.blank?\n self.deactivated_at = Time.current\n end\n save! if valid?\n end\n\n def name_email\n \"#{name} (#{email})\"\n end\n\n def self.get_sysadmins user_ids\n users = User.\n select(%Q(\n id,\n name,\n uid,\n user_login_id,\n (\n SELECT gid\n FROM groups\n INNER JOIN group_associations\n ON groups.id = group_associations.group_id\n WHERE group_associations.user_id = users.id\n AND groups.name = users.user_login_id\n LIMIT 1\n ) AS gid,\n (\n SELECT COUNT(gid)\n FROM groups\n INNER JOIN group_associations\n ON groups.id = group_associations.group_id\n WHERE group_associations.user_id = users.id\n AND groups.name = users.user_login_id\n LIMIT 1\n ) AS gid_count\n )).\n where(id: user_ids)\n users.map(&:user_passwd_response)\n end\n\n def purge!\n if !self.active\n self.group_associations.each{ |g| g.destroy }\n end\n end\n\n def self.includes_restricted_characters? input_string\n return false if input_string.include?('@') == false\n restricted_characters = [ ' ', '-', '*']\n status = false\n\n restricted_characters.each do |char|\n break if status\n status = input_string.include?(char)\n end\n\n status\n end\n\n def self.check_email_address email_address\n !includes_restricted_characters?(email_address) && email_address.split(\"@\").count == 2 ? true : false\n end\n\n def self.valid_domain? domain\n hosted_domains = ENV['GATE_HOSTED_DOMAINS'].split(',')\n hosted_domains.include?(domain)\n end\n\n def self.verify params\n addresses = params[:addresses]\n return false if addresses.empty?\n address_array = addresses.split\n\n\n user = User.get_user params[:user]\n return false if user.blank?\n\n return user.permitted_hosts? address_array\n end\n\n def self.authenticate_pam params\n addresses = params[:addresses]\n return false if addresses.empty?\n address_array = addresses.split\n\n email, token = get_user_pass_attributes params\n return false if email.blank? || token.blank?\n\n user_auth = find_and_check_user email, token\n return check_user_host(email, address_array) if user_auth\n\n return user_auth\n end\n\n def self.check_user_host email, address_array\n user = User.get_user email\n return user.permitted_hosts? address_array\n end\n\n def permitted_vpns? address_array\n address_array.each do |host_address|\n Vpn.user_vpns(self).each do |vpn|\n return true if vpn.ip_address == host_address\n end\n end\n return false\n end\n\n def permitted_hosts? address_array\n address_array.each do |host_address|\n host_name = nil\n begin\n host_name = Resolv.getname(host_address)\n rescue\n Rails.logger.info \"Can't resolve name\"\n end\n host_name = host_address if host_name.blank?\n hosts.each do |host|\n return true if /^#{host.host_pattern}/.match(host_name).to_s.present?\n end\n end\n return false\n end\n\n def self.authenticate_cas encoded_string\n username_password = Base64.decode64 encoded_string.split(\" \")[1]\n username = username_password.split(':').first\n password = username_password.split(':').last\n\n if User.find_and_check_user username, password\n return username\n else\n return nil\n end\n end\n\n\n def self.authenticate params\n email, token = User.get_user_pass_attributes params\n return false if email.blank? || token.blank?\n return User.find_and_check_user email, token\n end\n\n def self.get_user user_login_id\n return User.where(user_login_id: user_login_id, active: true).first\n end\n\n def self.find_and_validate_saml_user(email, password, app_name)\n query = 'users.email = ? and users.active = ? and groups.name = ?'\n users = User.joins(:groups).where(query, email, true, app_name)\n if users.present?\n users.first.valid_otp?(password) ? users.first : false\n else\n false\n end\n end\n\n def valid_otp?(password)\n user_key = \"#{id}:#{Time.now.hour}\"\n request_count = REDIS_CACHE.incrby user_key, 1\n REDIS_CACHE.expire user_key, 3600\n return false if request_count > RATE_LIMIT\n password.eql?(ROTP::TOTP.new(self.auth_key).now)\n end\n\n def self.find_and_check_user email, token\n user = User.get_user email\n return false if user.blank?\n return false if !user.active\n user_key = \"#{user.id}:#{Time.now.hour}\"\n request_count = REDIS_CACHE.incrby user_key, 1\n REDIS_CACHE.expire user_key, 3600\n return false if request_count > RATE_LIMIT\n token == ROTP::TOTP.new(user.auth_key).now\n end\n\n def self.get_user_pass_attributes params\n token = params[:token].present? ? params[:token] : params[:password]\n email = params[:email].present? ? params[:email] : params[:user]\n return [nil, nil] if email.blank? || token.blank?\n [email, token]\n end\n\n\n def self.get_shadow_name_response name\n user = User.where(name: name).first\n return nil if user.blank?\n\n user.get_shadow_hash\n end\n\n def get_shadow_hash\n shadow_hash = {}\n shadow_hash[:sp_namp] = user_login_id\n shadow_hash[:sp_pwdp] = \"X\"\n shadow_hash[:sp_lstchg] = updated_at.to_i\n shadow_hash[:sp_min] = 0\n shadow_hash[:sp_max] = 99999\n shadow_hash[:sp_warn] = 7\n shadow_hash[:sp_inact]= nil\n shadow_hash[:sp_expire] = nil\n shadow_hash[:sp_flag] = nil\n shadow_hash\n end\n\n def self.get_all_shadow_response\n user_array = []\n User.all.each do |user|\n user_array << user.get_shadow_hash\n end\n user_array\n end\n\n def self.get_all_passwd_response\n user_array = []\n User.all.each do |user|\n user_array << user.user_passwd_response\n end\n user_array\n end\n\n def self.get_passwd_name_response name\n user = User.where(\"email like ?\", \"#{name}@%\").first\n return [] if user.blank?\n user.user_passwd_response\n end\n\n def self.response_array response\n user_response = []\n user_response << response\n user_response\n end\n\n def self.find_active_user_by_email(email)\n User.where(email: email, active: true).first\n end\n\n def group_names_list\n self.groups.map(&:name)\n end\n\n def reset_login_limit\n user_key = \"#{self.id}:#{Time.now.hour}\"\n REDIS_CACHE.set user_key, 0\n end\n\n def within_limits?\n user_key = \"#{self.id}:#{Time.now.hour}\"\n request_count = REDIS_CACHE.incrby user_key, 1\n REDIS_CACHE.expire user_key, 3600\n request_count < RATE_LIMIT\n end\n\n def self.ms_chap_auth params\n auth_failed_message = \"NT_STATUS_UNSUCCESSFUL: Failure (0xC0000001)\"\n\n addresses = params[:addresses]\n user_name = params[:user]\n challenge_string = params[:challenge]\n response_string = params[:response]\n\n return auth_failed_message if user_name.blank? || challenge_string.blank? || response_string.blank? || addresses.blank?\n\n address_array = addresses.split\n\n user = User.get_user user_name\n if user.present? && user.permitted_vpns?(address_array)\n drift_interval = 30\n t = Time.now\n otps = []\n otps.push(user.get_user_otp_at(t))\n otps.push(user.get_user_otp_at(t - drift_interval))\n otps.push(user.get_user_otp_at(t + drift_interval))\n return user.authenticate_ms_chap_with_drift otps, challenge_string, response_string\n else\n return auth_failed_message\n end\n end\n\n #this method is here because we need to mock/stub for testing\n def get_user_otp\n return ROTP::TOTP.new(self.auth_key).now\n end\n\n def get_user_otp_at time\n return ROTP::TOTP.new(self.auth_key).at time\n end\n\n def user_passwd_response\n user_hash = {}\n user_hash[:pw_name] = user_login_id\n user_hash[:pw_passwd] = 'x'\n user_hash[:pw_uid] = uid.to_i\n\n # If gid is supplied (avoid N+1)\n if respond_to?(:gid) && gid\n user_hash[:pw_gid] = gid.to_i\n elsif respond_to?(:gid_count)\n if gid_count.positive?\n user_hash[:pw_gid] = groups.where(name: user_login_id).first.gid\n end\n elsif groups.where(name: user_login_id).count.positive?\n user_hash[:pw_gid] = groups.where(name: user_login_id).first.gid\n end\n\n user_hash[:pw_gecos] = name.to_s\n user_hash[:pw_dir] = \"#{HOME_DIR}/#{user_login_id}\"\n user_hash[:pw_shell] = '/bin/bash'\n user_hash\n end\n\n def group_admin?\n GroupAdmin.find_by_user_id(self.id).present?\n end\n\n def permitted_endpoint?(endpoint)\n return false if endpoint.nil?\n\n user_groups_id = group_associations.select(:group_id)\n endpoint.\n group_endpoints.\n where('group_id IN (?)', user_groups_id).\n select(:endpoint_id).present?\n end\n\n private\n\n def remove_default_admin\n admin_users = User.where('active = ? and admin = ? and id <> ?', true, true, id)\n if (!admin || !active) && admin_users.blank?\n errors.add(:admin, 'You cannot remove or make inactive the default admin account')\n end\n end\n\n def validate_email_domain\n domain_list = ENV['GATE_HOSTED_DOMAINS'].split(',')\n domain = email.split('@').last\n errors.add(:email, \"Invalid Domain for Email Address\") unless domain_list.include?(domain)\n end\n\n def revoke_admin_when_inactive\n self.admin = false unless active\n end\n\n def set_deactivated_at_when_inactive\n if active.eql?(false) && deactivated_at.blank?\n self.deactivated_at = Time.current\n end\n end\nend\n" }, { "path": "app/models/vpn.rb", "content": "class Vpn < ApplicationRecord\n belongs_to :user\n belongs_to :group\n\n has_many :vpn_group_associations\n has_many :groups, through: :vpn_group_associations\n\n has_many :vpn_group_user_associations\n has_many :users, through: :vpn_group_user_associations\n\n has_many :vpn_domain_name_servers\n has_many :vpn_search_domains\n has_many :vpn_supplemental_match_domains\n\n def self.administrator?(user)\n vpn_group_ids = VpnGroupAssociation.select(:group_id).collect(&:group_id)\n managed_group_vpns = user.group_admin.where(group_id: vpn_group_ids)\n !managed_group_vpns.empty?\n end\n\n def self.managed_vpns(user)\n\n vpn_group_ids = VpnGroupAssociation.select(:group_id).collect(&:group_id)\n managed_group_vpn_ids = user.\n group_admin.\n select(:group_id).\n where(group_id: vpn_group_ids).\n collect(&:group_id)\n VpnGroupAssociation.where(group_id: managed_group_vpn_ids).collect(&:vpn).uniq\n end\n\n def self.user_vpns user\n\n vpn_group_ids = VpnGroupAssociation.select(:group_id).collect(&:group_id)\n user_group_vpn_ids = user.\n group_associations.\n select(:group_id).\n where(group_id: vpn_group_ids).\n collect(&:group_id)\n VpnGroupAssociation.where(group_id: user_group_vpn_ids).collect(&:vpn).uniq\n end\n\n def migrate_to_new_group\n group_name = \"#{name}_vpn_group\".downcase.squish.gsub(' ', '_')\n group = Group.where(name: group_name).first\n if group.blank?\n # create a new group for VPN\n group = Group.create(name: group_name, description: \"#{name} VPN Access group\")\n # Assign VPN to group\n # get all vpn administrators\n admins = []\n groups.each do |admin_group|\n admin_group.group_admins.each do |group_admin|\n group.add_admin group_admin.user\n end\n end\n\n # get all vpn users\n # add all vpn users to new group\n users.each do |user|\n user.groups << group\n end\n group.save!\n group.vpns << self\n end\n end\nend\n" }, { "path": "app/models/vpn_domain_name_server.rb", "content": "class VpnDomainNameServer < ApplicationRecord\n belongs_to :vpn\nend\n" }, { "path": "app/models/vpn_group_association.rb", "content": "class VpnGroupAssociation < ApplicationRecord\n belongs_to :vpn\n belongs_to :group\nend\n\n" }, { "path": "app/models/vpn_group_user_association.rb", "content": "class VpnGroupUserAssociation < ApplicationRecord\n belongs_to :vpn\n belongs_to :user\nend\n\n\n" }, { "path": "app/models/vpn_search_domain.rb", "content": "class VpnSearchDomain < ApplicationRecord\n belongs_to :vpn\nend\n" }, { "path": "app/models/vpn_supplemental_match_domain.rb", "content": "class VpnSupplementalMatchDomain < ApplicationRecord\n belongs_to :vpn\nend\n" }, { "path": "app/validators/email_validator.rb", "content": "class EmailValidator < ActiveModel::EachValidator\n def validate_each(record, attribute, value)\n unless value.to_s.match?(/\\A([^@\\s]+)@((?:[-a-z0-9]+\\.)+[a-z]{2,})\\z/i)\n record.errors[attribute] << (options[:message] || 'is not an email')\n end\n end\nend\n" }, { "path": "app/views/admin/index.html.slim", "content": "h1 hello\n" }, { "path": "app/views/api/v1/users/show.json.jbuilder", "content": "json.(@user, :email, :uid, :name, :active, :admin, :home_dir, :shell, :public_key, :user_login_id, :product_name)\njson.groups @user.groups, :gid, :name\n" }, { "path": "app/views/api_resources/_api_resource.json.jbuilder", "content": "json.extract! api_resource, :id, :name, :description, :access_key, :created_at, :updated_at\njson.url api_resource_url(api_resource, format: :json)\n" }, { "path": "app/views/api_resources/_form.html.slim", "content": "= form_for @api_resource, :class => 'form-horizontal', html: {novalidate: 'true'} do |f|\n - if @api_resource.errors.any?\n #error_explanation\n h2 = \"#{pluralize(@api_resource.errors.count, \"error\")} prohibited this api_resource from being saved:\"\n ul\n - @api_resource.errors.full_messages.each do |message|\n li = message\n\n hr\n .mb-3\n label for=\"name\"\n | API Name\n = f.text_field :name, required: true, class: \"form-control\", placeholder: \"API Name\"\n .invalid-feedback\n .mb-3\n label for=\"description\" \n | Description\n = f.text_field :description, required: true, class: \"form-control\", placeholder: \"Description\"\n .invalid-feedback\n .mb-4\n = f.submit \"Save\", class: \"btn btn-primary pull-right\"\n" }, { "path": "app/views/api_resources/edit.html.slim", "content": "h1 Editing api_resource\n\n== render 'form'\n\n=> link_to 'Show', @api_resource\n'|\n=< link_to 'Back', api_resources_path\n\n" }, { "path": "app/views/api_resources/index.html.slim", "content": ".container-fluid.col-md-8\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n\n\n h4 API Keys\n\n table.table.responsive\n thead\n tr\n th Name\n th Description\n th Access key\n th Owner\n th Access Group\n th\n\n tbody\n - @api_resources.each do |api_resource|\n tr\n td = api_resource.name\n td = api_resource.description\n td = link_to 'Regenerate', regenerate_access_key_api_resource_path(api_resource), data: { confirm: 'Are you sure?' }\n td = link_to api_resource.user.name, api_resource.user if api_resource.user.present?\n td = link_to api_resource.group.name, api_resource.group if api_resource.group.present?\n td = link_to 'Destroy', api_resource, data: { confirm: 'Are you sure?' }, method: :delete\n\n br\n\njavascript:\n $(\"#apiresource-index\").addClass(\"active\");\n" }, { "path": "app/views/api_resources/index.json.jbuilder", "content": "json.array! @api_resources, partial: 'api_resources/api_resource', as: :api_resource\n" }, { "path": "app/views/api_resources/new.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n br\n h5 Create new API\n\n == render 'form'\n\n = link_to 'Back', api_resources_path\n\n\njavascript:\n $(\"#apiresource-index\").addClass(\"active\");\n" }, { "path": "app/views/api_resources/show.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n br\n h5 Show API\n\n hr\n .mb-3\n label for=\"name\"\n | API Name\n p.form-control-static\n = @api_resource.name\n .mb-3\n label for=\"description\"\n | Description\n p.form-control-static\n = @api_resource.description\n - if flash[:access_key]\n .mb-3\n label for=\"access_key\"\n | Access Key\n .alert.alert-warning role=\"alert\"\n | Important! please make note of this access key, you will see it only this once.\n = text_field_tag :access_key, flash[:access_key], class: 'form-control', readonly: \"\"\n .mb-4\n => link_to 'Edit', edit_api_resource_path(@api_resource)\n '|\n => link_to 'Regenerate Access Key', regenerate_access_key_api_resource_path(@api_resource), :data => {:confirm => 'Are you sure?'}\n '|\n =< link_to 'Back', api_resources_path\n" }, { "path": "app/views/api_resources/show.json.jbuilder", "content": "json.partial! \"api_resources/api_resource\", api_resource: @api_resource\n" }, { "path": "app/views/application/_admin.html.slim", "content": "div\n ul.navbar-nav\n li.nav-item.active\n a.nav-link href=\"#\" Users\n li.nav-item\n a.nav-link href=\"#\" Groups\n" }, { "path": "app/views/application/_groups_header.html.slim", "content": "#notice\n = notice\n- if current_user.admin?\n = form_tag groups_path, method: 'post' do\n .row\n .col-md-8\n = text_field_tag \"group[name]\", \"\", class: \"form-control\", autofocus: true\n .col-md-4\n = submit_tag \"Add Group\", class: \"form-control btn btn-sm btn-primary\", name: nil\n\nbr\n= form_tag groups_path, method: 'get' do\n .row\n .col-md-8\n = text_field_tag :group_search, params[:group_search], class: \"form-control\" , autofocus: true\n .col-md-4\n = submit_tag \"Search groups\", class: \"form-control btn btn-sm btn-primary\", name: nil\n\nhr\n\n" }, { "path": "app/views/application/_host_header.html.slim", "content": "ul.nav.nav-tabs\n li#host_machine role=\"presentation\" \n = link_to \"MyHosts\", host_machines_path\n li#group role=\"presentation\" \n = link_to \"Groups\", groups_path\n li#host_machine_search role=\"presentation\" \n a href=\"#\" Search Host \n li#host_machine_group_search role=\"presentation\" \n a href=\"#\" Search Host Groups\np\n br\n\n" }, { "path": "app/views/common/errors.json.jbuilder", "content": "json.success false\njson.errors errors\n" }, { "path": "app/views/groups/_form.html.slim", "content": "" }, { "path": "app/views/groups/index.html.slim", "content": ".container-fluid.col.container-profile\n - if current_user.admin?\n = form_tag groups_path, method: 'get', class: \"p-2\" do\n .input-group\n = text_field_tag :group_search, params[:group_search], class: \"form-control\" , autofocus: true, placeholder: \"Search group name...\"\n .input-group-append\n = submit_tag \"Search\", class: \"button btn btn-secondary\", name: nil\n\n \n - if @groups.count > 0\n h5 Your managed groups\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Name\n th Gid\n th Group Admin\n tbody\n - @groups.each do |group|\n tr\n td\n = link_to \"#{group.name}\", group_path(group)\n td\n = \"#{group.gid}\"\n td\n - if group.group_admins.present?\n - group.group_admins.each do |admin| \n .row\n = \"#{admin.user.try(:name)}\"\n \n\njavascript:\n $(\"#group-index\").addClass(\"active\");\n\n" }, { "path": "app/views/groups/new.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n h5 Add new group\n = form_for @group, :class => 'form-horizontal' do |f|\n - if @group.errors.any?\n #error_explanation\n h2 = \"#{pluralize(@group.errors.count, \"error\")} prohibited this vpn from being saved:\"\n ul\n - @group.errors.full_messages.each do |message|\n li = message\n\n hr\n .mb-3\n label for=\"name\" \n | Name\n = f.text_field :name, required: true, class: \"form-control\", placeholder: \"Group Name\"\n .invalid-feedback\n | Please enter a name\n\n .mb-4\n = f.submit \"Add Group\", class: \"btn btn-primary pull-right\"\n\n" }, { "path": "app/views/groups/show.html.slim", "content": ".container.col-md-8\n h5.mb-3 Group Details\n hr\n .row\n .col \n = \"Group Name: #{@group.name}\"\n .col\n = \"Group ID: #{@group.gid}\"\n br\n - if current_user.admin? or @group.admin?(current_user)\n = form_tag add_admin_to_group_path(@group.id), method: :post do\n .row\n .col\n | Group Administrator\n .col\n - if @group.group_admins.present?\n - @group.group_admins.each do |admin| \n .row\n .col\n = \"#{admin.user.try(:name)}\"\n .col\n = \"#{admin.user.try(:email)}\"\n .col \n - if (current_user.admin?)\n = link_to \"Remove?\", [@group, admin], method: :delete, data: {confirm: \"Are you sure to remove #{admin.user.try(:name)} ?\"}\n - if (current_user.admin?)\n .row\n .col-8\n = text_field_tag \"user_id\", \"\", id: \"assign_admin_user_id\", class: \"form-control\"\n .col\n = submit_tag \"Assign admin\", class: \"form-control btn btn-md btn-primary\", disabled: true\n .row\n .col-8\n = check_box_tag \"assign_admin_include_inactive_user\", \"true\", false\n = \" Include Inactive User\"\n .col\n a name=\"group_members\"\n br\n .card\n .card-body\n h6.card-title Groups Members (#{@group_users.length})\n .table-responsive\n table.table.table-striped\n thead\n tr\n th User Details\n th Email Address\n th Join Date\n th Expiration Date\n th\n tbody\n - @group_users.sort_by{ |user| user.email}.each do |user|\n tr\n td\n - if user.active?\n = link_to \"#{user.name}\", user_path(user)\n - else\n = link_to \"#{user.name} (inactive)\", user_path(user)\n td\n = \"#{user.email}\"\n td\n = \"#{user.join_date.strftime(\"%v\")}\"\n td\n = \"#{user.group_expiration_date}\"\n td\n = link_to \"Delete\", [@group, user], method: :delete, data: {confirm: 'Are you sure to remove this user from the group?'} if current_user.admin or @group.admin?(current_user)\n\n br\n = \"*This group does not have any group members\" if @group_users.length == 0\n br\n - if current_user.admin or @group.admin?(current_user)\n .h7 Assign members\n = form_tag add_user_to_group_path(@group.id), method: :post do\n .row\n .col\n .form_group\n label\n | User\n = text_field_tag \"user_id\", \"\", id: \"add_user_user_id\", class: \"form-control\"\n = check_box_tag \"add_user_include_inactive_user\", \"true\", false\n = \" Include Inactive User\"\n .col\n .form_group\n label\n | Assignment Expiration date\n = date_field_tag \"expiration_date\", \"\", id: \"expiration_date\", class: \"form-control\"\n | * expiration date is optional (unspecified means permanent)\n .col\n br\n = submit_tag \"Add User\", class: \"form-control btn-md btn-primary\", disabled: true \n br\n .card\n .card-body\n h6.card-title VPN Access\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Vpn Details\n th Vpn name\n th Vpn Host name\n th\n tbody\n - @group.vpns.sort_by{ |vpn| vpn.name}.uniq{|vpn| vpn.id}.each do |vpn|\n tr\n td\n = link_to \"#{vpn.name}\", vpn_path(vpn)\n td\n = \"#{vpn.name}\"\n td\n = \"#{vpn.host_name}\"\n td\n - if current_user.admin?\n = link_to \"Delete\", [@group, vpn], method: :delete, data: {confirm: 'Are you sure to remove this vpn from the group?'}\n br\n = \"*This group does not have any VPNs associated with it\" if @group.vpns.count == 0\n br\n - if current_user.admin? \n = form_tag add_vpn_to_group_path(@group.id), method: :post do\n .row\n .col \n | Assign VPNs\n .col\n .col\n = text_field_tag \"vpn_id\", \"\", id: \"add_vpn_vpn_id\", class: \"form-control\"\n .col\n = submit_tag \"Add Vpn\", class: \"form-control btn-md btn-primary\", disabled: true\n br\n .card\n .card-body\n h6.card-title Group access hosts\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Host Name\n th \n tbody\n - @group.host_machines.each do |machine|\n tr\n td\n = link_to \"#{machine.name}\", host_machine_path(machine)\n td\n = link_to \"Delete\", [@group, machine], method: :delete, data: {confirm: 'Are you sure to remove this machine from the group??'} if current_user.admin?\n br\n = \"*This group does not have any host access\" if @group.host_machines.count == 0\n br\n hr\n - if current_user.admin?\n = form_tag add_machine_to_group_path(@group.id), method: :post do\n .row\n .col \n | Assign Hosts\n .col\n .col\n = text_field_tag \"machine_id\", \"\", id: \"add_machine_machine_id\", class: \"form-control\"\n .col\n = submit_tag \"Add Host\", class: \"form-control btn-md btn-primary\", disabled: true\n\njavascript:\n $(\"#group-index\").addClass(\"active\");\n" }, { "path": "app/views/home/index.html.slim", "content": ".form-signin\n .row\n .col\n h1 Gate-SSO \n br\n .row\n .col\n h3 Single Sign-On\n br\n br\n br\n br\n - case ENV['SIGN_IN_TYPE']\n - when 'form'\n = form_tag user_sign_in_path, method: :post do\n .row\n .col-sm-10.offset-sm-1\n = text_field_tag :name, '', class: 'form-control', placeholder: 'Name', required: true\n = text_field_tag :email, '', class: 'form-control', placeholder: 'Email', required: true, type: 'email'\n = submit_tag 'Sign in', class: 'form-control btn-md btn-primary'\n - else\n .row\n .col\n .col\n a.btn.btn-block.btn-social.btn-google href=\"#{url_for user_google_oauth2_omniauth_authorize_path}\"\n span.fa.fa-google\n | Sign in with Google\n .col\n \n" }, { "path": "app/views/host_machines/index.html.slim", "content": ".container-fluid.col-md-6.col-md-offset-2\n = form_tag host_machines_path, method: 'get', class: \"p-2\" do\n .input-group\n = text_field_tag :host_machine_search, params[:host_machine_search], class: \"form-control\" , autofocus: true, placeholder: \"Search host...\"\n .input-group-append\n = submit_tag \"Search\", class: \"button btn btn-secondary\", name: nil\n\n\n\n\n.container-fluid.col-md-6.col-md-offset-2\n - if @host_machines.count > 0\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Name\n tbody\n - @host_machines.each do |host_machine|\n tr\n td\n = link_to \"#{host_machine.name}\", host_machine\n br\n\njavascript:\n $(\"#hostmachine-index\").addClass(\"active\");\n" }, { "path": "app/views/host_machines/new.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n = form_tag host_machines_path, method: 'post' do\n .input-group \n = text_field_tag \"host_machine[name]\", \"\", class: \"form-control\", autofocus: true\n .input-group\n = submit_tag \"Add Host machine\", class: \"form-control btn btn-sm btn-primary\", name: nil\n\n" }, { "path": "app/views/host_machines/show.html.slim", "content": ".container.col-md-8\n h5.mb-3 Host Details\n hr\n .row\n .col \n = @host_machine.name\n - if current_user.admin?\n .card\n .card-body\n h6.card-title Configurations \n hr\n = form_tag \"/host_machines/#{@host_machine.id}\", method: 'put' do\n .row\n .col\n .custom-control.custom-checkbox\n = check_box \"host_machine\", \"default_admins\", class: \"custom-control-input\", id: \"admin-checkbox\" \n label.custom-control-label for=\"admin-checkbox\" Default Admins?\n .col\n = submit_tag \"Update\", class: \"form-control btn-md btn-primary\"\n br\n\n .card\n .card-body\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Group Name\n th \n tbody\n - @host_machine.groups.each do |group|\n tr\n td\n = link_to \"#{group.name}\", group_path(group)\n td\n = link_to \"Delete\", [@machine, group], method: :delete, data: {confirm: 'Are you sure to remove this machine from the group??'} if current_user.admin?\n br\n = \"*This host does not have any group\" if @host_machine.groups.count == 0\n br\n hr\n - if current_user.admin?\n = form_tag add_group_to_machine_path, method: :post do\n .row\n .col \n | Assign group\n .col\n .col\n = text_field_tag \"group_id\", \"\", class: \"form-control\"\n .col\n = submit_tag \"Add group\", class: \"form-control btn-md btn-primary\", disabled: true\n\n" }, { "path": "app/views/layouts/application.html.slim", "content": "doctype html\nhtml lang=\"en\"\n head\n meta charset=\"utf-8\"\n meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge,chrome=1\"\n meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"\n title= content_for?(:title) ? yield(:title) : \"Gate\"\n = csrf_meta_tags\n = stylesheet_link_tag \"application\", :media => \"all\"\n = stylesheet_link_tag \"general\", :media => \"all\"\n = stylesheet_link_tag \"//cdnjs.cloudflare.com/ajax/libs/selectize.js/0.12.4/css/selectize.bootstrap3.min.css\"\n = javascript_include_tag \"application\"\n = javascript_include_tag \"//cdnjs.cloudflare.com/ajax/libs/selectize.js/0.12.4/js/standalone/selectize.min.js\"\n /! Le HTML5 shim, for IE6-8 support of HTML elements\n /[if lt IE 9]\n = javascript_include_tag \"//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js\"\n\n body\n /! Fixed navbar\n nav.navbar.navbar-expand-md.navbar-dark.fixed-top.bg-dark\n a.navbar-brand href=\"/profile\" gate\n button.navbar-toggler aria-controls=\"navbarsExampleDefault\" aria-expanded=\"false\" aria-label=(\"Toggle navigation\") data-target=\"#main-navigation\" data-toggle=\"collapse\" type=\"button\"\n span.navbar-toggler-icon\n #main-navigation.collapse.navbar-collapse\n ul.navbar-nav.mr-auto\n - if current_user.admin?\n li#user-index.nav-item\n = link_to(\"Users\", users_path, class: \"nav-link\")\n li#hostmachine-index.nav-item\n = link_to \"Hosts\", host_machines_path, class: \"nav-link\"\n li#organisation-index.nav-item\n = link_to \"Organisations\", organisations_path, class: \"nav-link\"\n - if current_user.admin? || current_user.group_admin?\n li#group-index.nav-item\n = link_to \"Groups\", groups_path, class: \"nav-link\"\n li#apiresource-index.nav-item\n = link_to \"APIs\", api_resources_path, class: \"nav-link\"\n li#vpn-index.nav-item\n = link_to \"VPNs\", vpns_path, class: \"nav-link\"\n li.nav-item.dropdown\n a#dropdown01.nav-link.dropdown-toggle aria-expanded=\"false\" aria-haspopup=\"true\" data-toggle=\"dropdown\" href=\"http://example.com\" New\n .dropdown-menu aria-labelledby=\"dropdown01\"\n = link_to \"API\", new_api_resource_path, class: \"dropdown-item\"\n - if current_user.admin?\n = link_to \"Group\", new_group_path, class: \"dropdown-item\"\n = link_to \"VPN\", new_vpn_path, class: \"dropdown-item\"\n = link_to \"Organisation\", new_organisation_path, class: \"dropdown-item\"\n = link_to \"User\", new_user_path, class: \"dropdown-item\"\n ul.nav.navbar-nav.navbar-right\n li.nav-link\n = link_to \"Sign out\", users_sign_out_path,:method => :delete , class: \"nav-link\"\n li.nav-link.active\n = link_to current_user.name, user_path(current_user.id), class: \"nav-link\"\n /! /.nav-collapse\n .container-fluid\n = yield\n" }, { "path": "app/views/layouts/home.html.slim", "content": "doctype html\nhtml lang=\"en\"\n head\n link href='https://fonts.googleapis.com/css?family=Roboto' rel='stylesheet' type='text/css'\n meta charset=\"utf-8\"\n meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge,chrome=1\"\n meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"\n title= content_for?(:title) ? yield(:title) : \"Gate\"\n = csrf_meta_tags\n = stylesheet_link_tag \"application\", :media => \"all\"\n = favicon_link_tag 'apple-touch-icon-144x144-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '144x144'\n = favicon_link_tag 'apple-touch-icon-72x72-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png', :sizes => '72x72'\n = favicon_link_tag 'apple-touch-icon-precomposed.png', :rel => 'apple-touch-icon-precomposed', :type => 'image/png'\n = favicon_link_tag 'favicon.ico', :rel => 'shortcut icon'\n = javascript_include_tag \"application\"\n /! Le HTML5 shim, for IE6-8 support of HTML elements\n /[if lt IE 9]\n = javascript_include_tag \"//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js\"\n\n\n body.home\n = yield\n" }, { "path": "app/views/layouts/profile.html.slim.disabled", "content": "doctype html\nhtml lang=\"en\"\n head\n meta charset=\"utf-8\"\n meta http-equiv=\"X-UA-Compatible\" content=\"IE=Edge,chrome=1\"\n meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\"\n title= content_for?(:title) ? yield(:title) : \"Gate\"\n = csrf_meta_tags\n = stylesheet_link_tag \"application\", :media => \"all\"\n = stylesheet_link_tag 'profile'\n = stylesheet_link_tag \"general\", :media => \"all\"\n = javascript_include_tag \"application\"\n /! Le HTML5 shim, for IE6-8 support of HTML elements\n /[if lt IE 9]\n = javascript_include_tag \"//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.2/html5shiv.min.js\"\n\n body.profile_page\n .container.container-profile\n .header.clearfix\n nav\n ul.nav.nav-pills.pull-right\n li role=\"presentation\" \n = link_to \"Administration\", admin_path if current_user.admin?\n li role=\"presentation\" \n = link_to current_user.name, user_path(current_user.id)\n li.active role=\"presentation\" \n = link_to \"Sign out\", users_sign_out_path,:method => :delete \n h3.text-muted Gate - Single Sign On\n = yield\n\n footer.footer\n p © 2015 Gate-SSO\n" }, { "path": "app/views/nss/add_host.json.jbuilder", "content": "json.success true\njson.access_key host.access_key\njson.host host.name\njson.groups host.groups.map(&:name)\n" }, { "path": "app/views/organisations/_form.html.slim", "content": "- if flash.key?(:errors)\n .alert.alert-danger#organisation_form_errors\n b Issue creating application\n br\n - flash[:errors].each do |msg|\n = \"- #{msg}\"\n br\n.form-group\n = f.label :name\n = f.text_field :name, class: 'form-control'\n.form-group\n = f.label :website\n = f.text_field :website, class: 'form-control'\n.form-group\n = f.label :domain\n = f.text_field :domain, class: 'form-control'\n.form-group\n = f.label :country\n = f.collection_select :country, Country.all.sort_by(&:name), :gec, :name, {}, class: 'form-control'\n.form-group\n = f.label :state\n = f.text_field :state, class: 'form-control'\n.form-group\n = f.label :address\n = f.text_field :address, class: 'form-control'\n.form-group\n = f.label :admin_email_address\n = f.text_field :admin_email_address, class: 'form-control'\n.form-group\n = f.label :slug\n = f.text_field :slug, class: 'form-control'\n.form-group\n = f.label :unit_name\n = f.text_field :unit_name, class: 'form-control'\n" }, { "path": "app/views/organisations/config_saml_app.html.slim", "content": ".container.col-md-8\n .row.mb-3.mt-2\n .col-md-12\n h5 Configure #{app_name.titleize}\n .row.mb-3.mt-2\n .col-md-12\n = render partial: \"organisations/saml_apps/#{app_name}\", locals: {org: org, app_name: app_name, saml_config: saml_config, users: users}\n" }, { "path": "app/views/organisations/index.html.slim", "content": ".container.col-md-8\n .row.mb-3.mt-2\n .col-md-8\n h5 Organisations\n .col-md-4.text-right\n = link_to \"New Organisation\", new_organisation_path, class: \"btn btn-primary\", id: 'new_organisation_btn'\n - if flash.key?(:success)\n .alert.alert-success#organisation_form_success\n = flash[:success]\n - if flash.key?(:errors)\n .alert.alert-danger#organisation_form_errors\n = flash[:errors]\n #organisation_list.table-responsive\n table.table.table-striped\n thead\n tr\n th Name\n th URL\n th Email Domain\n th Actions\n tbody\n - if org_list.present?\n - org_list.each do |org|\n tr\n td = link_to org.name, organisation_path(org)\n td = link_to org.website, org.website\n td = org.domain\n td\n - if org.saml_setup?\n .dropdown.position-relative#configureAppDropDownMenuContainer\n button.btn.btn-primary.btn-sm.dropdown-toggle type=\"button\" id=\"configureAppDropDownMenu\" data-toggle=\"dropdown\" aria-haspopup=\"true\" aria-expanded=\"false\" data-boundary=\"configureAppDropDownMenuContainer\"\n = \"Configure App\"\n .dropdown-menu aria-labelledby=\"configureAppDropDownMenu\"\n = link_to \"Datadog\", organisation_config_saml_app_path(organisation_id: org.id, app_name: 'datadog'), class: 'dropdown-item'\n - else\n = link_to \"Setup SAML\", organisation_setup_saml_path(org)\n - else\n td.text-center colspan='3'\n p There are no organisations yet, why don't you create an organisation\n" }, { "path": "app/views/organisations/new.html.slim", "content": ".container.col-md-8\n .row.mb-3.mt-2\n .col-md-12\n h5 Create Organisation\n hr\n = form_for(org) do |f|\n = render partial: 'form', locals: {f: f}\n = f.submit 'Create Organisation', class: 'btn btn-primary mb-2'\n" }, { "path": "app/views/organisations/saml_apps/_datadog.html.erb", "content": "\n
\n
\n
Pre Requisites
\n
    \n
  1. You need to have a valid account @ datadog.com
    2. \n
  2. You need to be an administrator of the datadog account
    3. \n
\n
Instruction Steps
\n
    \n
  1. Configuration Steps on DataDog
    2. \n
  2. Configuration Steps on Gate
    3. \n
  3. Manage Users on Gate
    4. \n
\n
Configuration Steps on Datadog
\n
    \n
  1. Login to Datadog as an administrator
    2. \n
  2. \n

    \n Click on in the bottom left, then select Configure SAML\n

    \n <%= image_tag(\"saml_configure_datadog_01.png\") %>\n
    3. \n
  3. Download the IdP Metadata by clicking <%= link_to \"here\", metadata_path(slug: org.slug, app: 'datadog', download: true) %>
    4. \n
  4. \n

    Click Choose file, locate the metadata.xml you just saved, and then click Upload File

    \n <%= image_tag(\"saml_configure_datadog_02.png\") %>\n
    5. \n
  5. \n

    Click Enable

    \n <%= image_tag(\"saml_configure_datadog_03.png\") %>\n
    6. \n
  6. Make a copy of your Single Sign-on URL value
    7. \n
  7. \n

    For the below image follow the following steps:

    \n
      \n
    1. Enable Identity Provider (IdP) Initiated Login
      2. \n
    2. Enable SAML Strict Mode
      3. \n
    3. Note: We will not be using JIT, instead managing users will be done via a different panel
      4. \n
    4. Hit Save
      5. \n
    \n <%= image_tag(\"saml_configure_datadog_04.png\") %>\n
    8. \n
\n
Configuration Steps on Gate
\n
    \n
  1. \n

    Copy the entity Id from the below picture after setting up SAML using the previous Instructions

    \n <%= image_tag(\"saml_configure_datadog_03.png\") %>\n
    2. \n
  2. Navigate to Datadog API Setup to setup your API and App Keys
    3. \n
  3. \n

    Refer the below image, to add the API Key

    \n <%= image_tag(\"saml_configure_datadog_05.png\") %>\n
    4. \n
  4. \n

    Refer the below image, to add the App Key

    \n <%= image_tag(\"saml_configure_datadog_06.png\") %>\n
    5. \n
  5. \n

    Update the SSO Url, Application Key, API Key from the previous steps by refering the below image

    \n <%= image_tag(\"saml_configure_datadog_07.png\") %>\n
    6. \n
  6. As a part of this process a group will be auto generated to add and remove users for accessing Datadog. The group created would be called saml_datadog_users
    7. \n
\n
Manage Users on Gate
\n
    \n
  1. Click on Manage Users to add/remove users
    2. \n
  2. \n

    Enter the email address in the below box to add users to datadog

    \n <%= image_tag(\"saml_configure_datadog_08.png\") %>\n
    3. \n
  3. \n

    When you click on the page, you will get a list of users with a remove button. You can click remove to remove users from accessing datadog

    \n <%= image_tag(\"saml_configure_datadog_09.png\") %>\n
    4. \n
\n
\n
\n <%= form_for saml_config, url: organisation_save_config_saml_app_path(organisation_id: org.id, app_name: app_name), method: :post do |f| %>\n
\n <%= label_tag :datadog_sso_url %>\n <%= f.text_field :sso_url, class: 'form-control' %>\n
\n
\n <%= label_tag :application_key %>\n <%= text_field_tag 'config[app_key]', saml_config.config['app_key'], class: 'form-control' %>\n
\n
\n <%= label_tag :api_key %>\n <%= text_field_tag 'config[api_key]', saml_config.config['api_key'], class: 'form-control' %>\n
\n <%= f.submit 'Update Configuration', class: 'btn btn-primary mb-2'%>\n <% end %>\n
\n
\n <%= form_tag organisation_add_user_saml_app_path(organisation_id: org.id, app_name: app_name), method: :post do %>\n
\n <%= label_tag :email_address %>\n <%= text_field_tag 'email', '', class: 'form-control' %>\n
\n <%= submit_tag 'Add User', class: 'btn btn-primary mb-2', id: 'add_user_to_app' %>\n <% end %>\n
\n \n \n \n \n \n \n \n \n \n <% users.each do |user| %>\n \n \n \n \n \n <% end %>\n \n
NameEmailActions
<%= link_to user.name, user_path(id: user.id) %><%= user.email %><%= link_to \"Remove\", organisation_remove_user_saml_app_path(organisation_id: org.id, app_name: app_name, email: user.email), method: :delete, data: { confirm: 'Are you sure?' }, class: 'btn btn-sm btn-danger', id: \"saml_user_remove_#{user.id}\" %>
\n
\n
\n
\n" }, { "path": "app/views/organisations/show.html.slim", "content": ".container.col-md-8\n .row.mb-3.mt-2\n .col-md-12\n h5 Update Organisation\n hr\n = form_for(org) do |f|\n = render partial: 'form', locals: {f: f}\n = f.submit 'Update Organisation', class: 'btn btn-primary mb-2'\n" }, { "path": "app/views/profile/_group_search.html.slim", "content": ".container.container-profile\n = form_tag profile_group_admin_path, method: 'get' do\n .row \n .col-md-8\n = text_field_tag :group_search, params[:group_search], class: \"form-control\" , autofocus: true\n .col-md-4\n = submit_tag \"Search groups\", class: \"form-control btn btn-sm btn-primary\", name: nil\n\n hr\n\n" }, { "path": "app/views/profile/_user_search.html.slim", "content": ".container.container-profile\n = form_tag profile_user_admin_path, method: 'get' do\n .row \n .col-md-8\n = text_field_tag :user_search, params[:user_search], class: \"form-control\" , autofocus: true\n .col-md-4\n = submit_tag \"Search Users\", class: \"form-control btn btn-sm btn-primary\", name: nil\n\n hr\n" }, { "path": "app/views/profile/group_admin.html.slim", "content": "= render partial: \"group_search\"\n" }, { "path": "app/views/profile/list.html.slim", "content": "= render partial: \"user_search\"\n- if @users.count > 0\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Name\n th Email\n th Is Active?\n th Is Admin?\n tbody\n - @users.each do |user|\n tr\n td\n = link_to \"#{user.name}\", user_path(user)\n td\n = \"#{user.email}\"\n td\n = \"#{user.active.to_s.camelcase}\"\n td\n = \"#{user.admin.to_s.camelcase}\"\n" }, { "path": "app/views/profile/public_key.html.slim", "content": "" }, { "path": "app/views/profile/show.html.slim", "content": ".container.container-profile\n .row.mt-3\n .jumbotron\n .row.marketing\n .col-lg-6\n .row\n .col-lg-12 \n strong Use Google Authenticator to scan this QR Code\n .row.mt-2\n .row\n .col-lg-12\n .token-qr\n - unless @token_qr.blank?\n = raw @token_qr.as_html\n .row\n .col-lg-12\n small Note: If you can't see the QR Code, please logout and login again.\n .col-lg-6\n .row\n .col-lg-12 Or use this token for the authenticator\n .row.mt-2\n .row\n .col-lg-12\n pre\n h5 #{current_user.auth_key}\n .row\n .col-lg-12\n a.btn.btn-warning.btn-sm href=\"/regenerate_authentication\" role=\"button\" data-turbolinks=\"false\" (Re)generate Token\n .row.mt-4\n .row\n .col-lg-12 Download Profiles\n .row.mt-3\n .row\n .col-lg-12\n a.btn.btn-success.btn-sm href=\"/download_vpn\" role=\"button\" data-turbolinks=\"false\" Download OpenVPN profile\n .row.mt-3\n .row\n .col-lg-12\n a.btn.btn-success.btn-sm href=\"/download_vpn_for_ios_and_mac\" role=\"button\" data-turbolinks=\"false\" Download IPSec profile for iOS/Mac\n .row.mt-4\n .row\n .col-lg-12 Google Authenticator\n .row\n .col-lg-12\n a href=\"https://itunes.apple.com/us/app/google-authenticator/id388497605\" target=\"_blank\"\n = image_tag \"app_store_en_badge.png\", width: 120, alt: \"Apple App Store\"\n a href=\"https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en\" target=\"_blank\"\n = image_tag \"google_play_en_badge.png\", width: 120, alt: \"Google Play Store\"\n .row.marketing\n .col-lg-6\n h4\n strong OpenVPN\n h5\n strong Step 1\n p\n | Download OpenVPN client. For Mac, use \n a href=\"https://tunnelblick.net/\" target=\"_blank\" TunnelBlick.\n h5\n strong Step 2\n p Download your OpenVPN profile and install to OpenVPN client.\n h5\n strong Step 3\n p Launch OpenVPN client, connect to your profile and enter token code shown on Google Authenticator.\n .col-lg-6\n h4\n strong IPSec VPN\n h5\n strong Step 1\n p Download your IPSec VPN profile and install by double-clicking on it.\n h5\n strong Step 2\n p \n | Open \n code System Preferences >> Network \n | , you will see list of VPNs that you can connect to.\n h5\n strong Step 3\n p Connect to any VPN and enter token code shown on Google Authenticator.\n" }, { "path": "app/views/profile/user.html.slim", "content": ".container.container-profile\n .row\n .col-md-4.text-primary Name\n .col-md-8\n = @user.name\n .row\n .col-md-4.text-primary Email\n .col-md-8\n = @user.email\n .row\n .col-md-4.text-primary MFA Auth String\n .col-md-8\n = @user.auth_key\n - if current_user.admin?\n = form_tag user_update_path, method: 'post' do\n .row\n .col-md-4.text-primary Active?\n .col-md-8\n = check_box \"user\", \"active\"\n .row\n .col-md-4.text-primary Administrator?\n .col-md-8\n = check_box \"user\", \"admin\"\n .row\n .col-md-4\n .col-md-2\n = submit_tag \"Update\", class: \"form-control btn-sm btn-primary\"\n hr\n .row\n .col-md-4.text-primary\n = link_to \"Groups\", groups_path\n .col-md-8\n - @user.groups.each do |group|\n - unless group.deleted?\n .row\n .col-md-8\n = \"#{group.name} (#{group.gid})\"\n .col-md-4\n = link_to \"Delete\", [@user, group], method: :delete, data: {confirm: 'Are you sure to delete this group?'} if current_user.admin?\n = \"No groups are associated with this user\" if @user.groups.count == 0\n .row\n .col-md-4\n .col-md-8\n .row\n - if current_user.admin?\n = form_tag add_group_path, method: :post do\n .col-sm-8\n = select_tag \"group_id\", options_from_collection_for_select(@group.sort_by {|group| group.name}, \"id\", \"name\"), class: \"form-control\"\n .col-sm-4\n = submit_tag \"Add Group\", class: \"form-control btn-sm btn-primary\"\n hr\n .row\n .col-md-4.text-primary Permitted Host Patterns\n .col-md-8\n - @user.hosts.each do |host|\n - unless host.deleted?\n .row\n .col-md-8\n = host.host_pattern\n .col-md-4\n = link_to \"Delete\", [host.user, host], method: :delete, data: {confirm: 'Are you sure to delete this pattern?'} if current_user.admin?\n\n = \"No host patterns are associated with this user\" if @user.hosts.count == 0\n .row\n .col-md-4\n .col-md-8\n .row\n - if current_user.admin?\n = form_tag add_host_path, method: :post do\n .col-sm-8\n = text_field_tag :host_pattern, \"\", class: \"form-control\"\n .col-sm-4\n = submit_tag \"Add host pattern\", class: \"form-control btn-sm btn-primary\"\n\n br\n hr\n .row\n .col-md-4.text-primary Public Key\n .col-md-8\n = form_tag user_public_key_update_path, method: :post do\n .row\n .col-sm-12\n = text_area_tag \"public_key\", @user.public_key, class: \"form-contol\", style: \"font-family:monospace;\", rows: 15, cols: 35\n .row\n .col-sm-8\n .col-sm-4\n = submit_tag \"Update key\", class: \"form-control btn-sm btn-primary\"\n\n hr\n .row\n .col-md-4.text-primary\n = link_to \"Vpns\", vpns_path\n .col-md-8\n - @user.vpns.each do |vpn|\n .row\n .col-md-8\n = \"#{vpn.name}\"\n\n hr\n .row\n .col-md-4.text-primary VPN Profile\n .col-md-8\n .col-sm-12\n .row\n .col-sm-8\n .col-sm-4\n a.btn.btn-primary.btn-sm href=\"/download_vpn/#{@user.id}\" role=\"button\" Download VPN Profile\n br\n\n\n" }, { "path": "app/views/profile/user_admin.html.slim", "content": "= render partial: \"user_search\"\n" }, { "path": "app/views/saml_idp/idp/new.html.erb", "content": "\n\n\n \n \n GoJek – Single Sign on\n \n \n \n\n\n
\n
\n
\n <%= image_tag(\"logo.png\") %>\n

Single Sign-on Multifactor Authentication.

\n
\n\t
\n\t\t

Login

\n \t\t\n\t\t \n \t\t \n\t\t \n\t
\n\t <%= form_tag auth_path, class: 'text-left' do %>\n\t\t <%= hidden_field_tag(\"SAMLRequest\", params[:SAMLRequest]) %>\n \t\t<%= hidden_field_tag(\"RelayState\", params[:RelayState]) %>\n\t\t
\n \t\t <%= label_tag :email %>\n\t\t <%= text_field_tag :email, params[:email], :autocapitalize => \"off\", :autocorrect => \"off\", :autofocus => \"autofocus\", :spellcheck => \"false\", :size => 30, :class => \"email_pwd txt form-control\" %>\n\t\t
\n\t\t
\n\t\t <%= label_tag \"Google Authenticator Code\" %>\n\t\t <%= password_field_tag :password, params[:password], :autocapitalize => \"off\", :autocorrect => \"off\", :spellcheck => \"false\", :size => 30, :class => \"email_pwd txt form-control\" %>\n\t\t
\n\t\t <%= submit_tag \"Sign in\", :class => \"button big blueish btn btn-primary\" %>\n\t <% end %>\n
\n
\n
\n
\n\n\n" }, { "path": "app/views/users/_search.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n = form_tag users_path, method: 'get', class: \"p-2\" do\n .input-group\n = text_field_tag :user_search, params[:user_search], class: \"form-control\" , autofocus: true, placeholder: \"Search user name...\"\n .input-group-append\n = submit_tag \"Search\", class: \"button btn btn-secondary\", name: nil\n\n" }, { "path": "app/views/users/index.html.slim", "content": "= render partial: \"search\"\n- if @users.count > 0\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Name\n th Email\n th Is Active?\n th Is Admin?\n tbody\n - @users.each do |user|\n tr\n td\n = link_to \"#{user.name}\", user_path(user)\n td\n = \"#{user.email}\" \n td\n = \"#{user.active.to_s.camelcase}\"\n td\n = \"#{user.admin.to_s.camelcase}\"\n\njavascript:\n $(\"#user-index\").addClass(\"active\");\n" }, { "path": "app/views/users/new.html.erb", "content": "
\n
\n
\n
Create User
\n
\n <%= form_for(User.new) do |f| %>\n <% if flash.key?(:errors) %>\n
\n Issue Creating User
\n <%= flash[:errors].map { |msg| \"- #{msg}\".html_safe }.join(\"
\").html_safe %>\n
\n <% end %>\n
\n <%= f.label :first_name %>\n <%= f.text_field :first_name, class: 'form-control' %>\n
\n
\n <%= f.label :last_name %>\n <%= f.text_field :last_name, class: 'form-control' %>\n
\n
\n <%= f.label :mobile %>\n <%= f.text_field :mobile, class: 'form-control' %>\n
\n
\n <%= f.label :alternate_email %>\n <%= f.text_field :alternate_email, class: 'form-control' %>\n
\n
\n <%= f.label :user_role %>\n <%= f.select :user_role, add_placeholder_to_list(roles, \"Select A Role\"), {}, class: 'form-control' %>\n
\n
\n <%= label_tag :domain %>\n <%= select_tag :user_domain, options_for_select(add_placeholder_to_list(domains, \"Select A Domain\", string_convert: '')), class: 'form-control' %>\n
\n <%= f.submit 'Create User', class: 'btn btn-primary mb-2' %>\n <% end %>\n
\n
\n
" }, { "path": "app/views/users/show.html.slim", "content": ".container.col-md-8\n h5.mb-3 User Profile \n hr\n - if flash.key?(:success)\n .alert.alert-success\n = flash[:success]\n form.needs-validation novalidate=\"\" \n .form-row.mb-3\n .col\n label for=\"Name\" \n b\n = @user.name\n .col\n .input-group\n .input-group-prepend\n span.input-group-text @\n input#email.form-control placeholder=\"you@example.com\" readonly=\"\" type=\"email\" value=\"#{@user.email}\"\n\n - if (current_user.admin? or (current_user.id == @user.id))\n form.needs-validation novalidate=\"\" \n .form-row.mb-3\n .col\n b Your Access Token\n .col\n - if flash[:token]\n .alert.alert-warning role=\"alert\"\n | Important! please make note of this token, you will see it only this once.\n pre\n = flash[:token]\n - else\n = link_to 'Regenerate Token', regenerate_token_user_path(@user), :data => {:confirm => 'Are you sure?'}\n\n - if current_user.admin?\n .card\n .card-body\n h6.card-title Access and Permissions \n hr\n = form_tag user_update_path, method: 'post' do\n .row\n .col\n .custom-control.custom-checkbox\n = check_box \"user\", \"active\", class: \"custom-control-input\", id: \"active-checkbox\" \n label.custom-control-label for=\"active-checkbox\" Active?\n .col\n .custom-control.custom-checkbox\n = check_box \"user\", \"admin\", class: \"custom-control-input\", id: \"admin-checkbox\" \n label.custom-control-label for=\"admin-checkbox\" Adminstrator?\n .col\n = submit_tag \"Update\", class: \"form-control btn-md btn-primary\"\n br\n .card\n .card-body\n h6.card-title Groups\n hr\n .table-responsive\n table.table.table-striped\n thead\n tr\n th Group Name\n th Expiration Date\n th Action\n tbody\n - @user_groups.each do |group|\n - unless group.deleted?\n tr\n td\n = \"#{group.name} (#{group.gid})\"\n td\n = \"#{group.group_expiration_date}\"\n td\n = link_to \"Remove group\", [@user, group], method: :delete, data: {confirm: 'Are you sure to delete this group?'} if current_user.admin?\n br\n - if current_user.admin?\n = form_tag add_group_path, method: :post do\n .row\n .col\n = text_field_tag \"group_id\", \"\", class: \"form-control\"\n .col\n .row\n .col\n = submit_tag \"Add Group\", class: \"form-control btn-md btn-primary pull-right\", disabled: true\n .col\n = \"No groups are associated with this user\" if @user.groups.count == 0\n br\n .card\n .card-body\n - if (current_user.admin? or (current_user.id == @user.id))\n h6.card-title Public Key\n = form_tag user_public_key_update_path, method: :post do\n .row\n .col\n = text_area_tag \"public_key\", @user.public_key, class: \"form-contol text-align-top\", style: \"height:200px;width:100%;\", placeholder: \"Your public key here...\"\n br\n .row\n .col-md-3\n = submit_tag \"Update key\", class: \"form-control btn-md btn-primary\"\n - else\n h6.card-title Public Key\n .row\n .col\n = @user.public_key\n\n br\n .card\n .card-body\n h6.card-title VPN Access\n table.table.responsive\n thead\n tr\n th=\"Name\"\n th=\"Hostname\"\n th=\"IP Address\"\n th\n\n tbody\n - @vpns.each do |vpn|\n tr\n td=link_to vpn.name, vpn\n td=vpn.host_name\n td=vpn.ip_address\n\n\n = \"No vpns are associated with this user\" if @vpns.count == 0\n \n - if current_user.admin?\n br\n .card\n .card-body\n h6.card-title SAML Product Access\n hr\n - if @user.product_name.nil?\n = form_tag user_path, method: :patch do\n .col-md-6\n = select_tag :product_name, options_for_select(ENV['PRODUCT_LIST'].split(\",\")), class: \"form-control\"\n .col-md-2\n = submit_tag \"Assign\", class: \"form-control btn-md btn-primary\"\n - else\n .row\n .col-md-4.text-primary\n .col-md-6\n = @user.product_name\n br\n .col-md-4\n .col-md-8\n .row\n = form_tag user_path, method: :patch do\n .col-sm-8\n = select_tag :product_name, options_for_select(ENV['PRODUCT_LIST'].split(\",\")), class: \"form-control\"\n .col-sm-4\n = submit_tag \"Modify\", class: \"form-control btn-md btn-primary\"\n\njavascript:\n $(\"#user-index\").addClass(\"active\");\n" }, { "path": "app/views/vpns/_form.html.slim", "content": " = form_for @vpn, :class => 'form-horizontal' do |f|\n - if @vpn.errors.any?\n #error_explanation\n h2 = \"#{pluralize(@vpn.errors.count, \"error\")} prohibited this vpn from being saved:\"\n ul\n - @vpn.errors.full_messages.each do |message|\n li = message\n\n hr\n .mb-3\n label for=\"name\" \n | Name\n = f.text_field :name, required: true, class: \"form-control\", placeholder: \"VPN Name\"\n .mb-3\n label for=\"host_name\" \n | Host name\n = f.text_field :host_name, required: true, class: \"form-control\", placeholder: \"Host name\"\n .invalid-feedback\n | Please enter host name.\n .mb-3\n label for=\"ip_address\" \n | IP Address\n = f.text_field :ip_address, required: true, class: 'form-control', placeholder: \"IP address\"\n .invalid-feedback\n | Please enter IP address.\n\n .mb-4\n = f.submit \"Save\", class: \"btn btn-primary pull-right\"\n\n" }, { "path": "app/views/vpns/edit.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n br\n h5 Edit VPN Details\n = render \"form\"\n\njavascript:\n $(\"#vpn-index\").addClass(\"active\");\n\n" }, { "path": "app/views/vpns/index.html.slim", "content": ".container-fluid.col-md-8.col-md-offset-4\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n\n - if Vpn.administrator? current_user\n h5 Managed VPNs \n table.table.responsive\n thead\n tr\n th=\"Name\"\n th=\"Hostname\"\n th=\"IP Address\"\n - Vpn.managed_vpns(current_user).each do |vpn|\n tbody\n tr\n td= link_to vpn.name, vpn\n td= vpn.host_name\n td= vpn.ip_address\n\n h5 \n b Listing VPNs\n table.table.responsive\n thead\n tr\n th=\"Name\"\n th=\"Hostname\"\n th=\"IP Address\"\n th\n\n tbody\n - @vpns.each do |vpn|\n tr\n td= link_to vpn.name, vpn\n td= vpn.host_name\n td= vpn.ip_address\n td= link_to \"Delete\", vpn, method: :delete, data: {confirm: 'Are you sure to remove this vpn from gate?'} if current_user.admin?\n\njavascript:\n $(\"#vpn-index\").addClass(\"active\");\n" }, { "path": "app/views/vpns/new.html.slim", "content": ".container-fluid.col-md-4.col-md-offset-4\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n br\n h5 Add new VPN\n = render \"form\"\n\njavascript:\n $(\"#vpn-index\").addClass(\"active\");\n" }, { "path": "app/views/vpns/show.html.slim", "content": ".container.container-profile\n - if notice.present?\n .alert.alert-primary role=\"alert\"\n #notice\n = notice\n br\n .row\n .col\n h5.mb-3 \n = @vpn.name\n .col\n .col\n = link_to \"Manage this vpn\", @vpn.groups.first if @vpn.groups.count > 0\n\n hr\n .row\n .col\n label for=\"VPN Host : \" \n b\n = @vpn.host_name\n .col\n label for=\"VPN Host IP : \" \n b\n = @vpn.ip_address\n .col\n = link_to \"Edit VPN Details\", edit_vpn_path, class: \"form-control btn-sm btn-primary\" if current_user.admin?\n\n br\n\n a name=\"dns_hosts\"\n .card\n .card-body\n h6.card-title DNS Hosts\n hr\n - @vpn.vpn_domain_name_servers.each do |dns_server|\n .row\n .col\n = \"#{dns_server.server_address}\"\n .col.append\n = link_to \"Remove server\", remove_dns_from_vpn_path(@vpn, dns_server), method: :delete, data: {confirm: 'Are you sure to delete this DNS host?'} if current_user.admin?\n br\n = \"*This VPN does not have any domain name servers associated with it\" if @vpn.vpn_domain_name_servers.count == 0\n br\n hr\n - if current_user.admin? \n = form_tag add_dns_to_vpn_path, method: :post do\n .row\n .col\n = text_field_tag :server_address, \"\", class: \"form-control\", placeholder: 'dns server...', required: true\n .col\n = submit_tag \"Add DNS Server\", class: \"form-control btn-md btn-primary\"\n \n \n br\n a name=\"search_domains\"\n .card\n .card-body\n h6.card-title Search Domains\n hr\n - @vpn.vpn_search_domains.each do |search_domain|\n .row\n .col\n = \"#{search_domain.search_domain}\"\n .col.append\n = link_to \"Remove search domain\", remove_search_domain_from_vpn_path(@vpn, search_domain), method: :delete, data: {confirm: 'Are you sure to delete this search domain string?'} if current_user.admin?\n br\n = \"*This VPN does not have any search domain strings\" if @vpn.vpn_search_domains.count == 0\n br\n hr\n - if current_user.admin? \n = form_tag add_search_domain_to_vpn_path, method: :post do\n .row\n .col\n = text_field_tag :search_domain, \"\", class: \"form-control\", placeholder: 'dns search string...', required: true\n .col\n = submit_tag \"Add search domain\", class: \"form-control btn-md btn-primary\"\n \n br\n a name=\"match_domains\"\n .card\n .card-body\n h6.card-title Supplemental match domain\n hr\n - @vpn.vpn_supplemental_match_domains.each do |match_domain|\n .row\n .col\n = \"#{match_domain.supplemental_match_domain}\"\n .col.append\n = link_to \"Remove supplemental search domain\", remove_supplemental_match_domain_from_vpn_path(@vpn, match_domain), method: :delete, data: {confirm: 'Are you sure to delete this Supplemental match domain?'} if current_user.admin?\n br\n = \"*This VPN does not have any search domain strings\" if @vpn.vpn_search_domains.count == 0\n br\n hr\n - if current_user.admin? \n = form_tag add_supplemental_match_domain_to_vpn_path, method: :post do\n .row\n .col\n = text_field_tag :supplemental_match_domain, \"\", class: \"form-control\", placeholder: 'Supplemental match domain...', required: true\n .col\n = submit_tag \"Add Supplemental match domain\", class: \"form-control btn-md btn-primary\"\n \n br\n .card\n .card-body\n .row \n .col\n h6.card-title VPN Access Group:\n - @vpn.groups.each do |group|\n - unless group.deleted?\n .col\n = link_to group.name, group\n = \"No groups are associated with this VPN, Goto Groups page to add VPN\" if @vpn.groups.count == 0\njavascript:\n $(\"#vpn-index\").addClass(\"active\");\n" }, { "path": "bin/bundle", "content": "#!/usr/bin/env ruby\nENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)\nload Gem.bin_path('bundler', 'bundle')\n" }, { "path": "bin/rails", "content": "#!/usr/bin/env ruby\nAPP_PATH = File.expand_path(\"../config/application\", __dir__)\nrequire_relative \"../config/boot\"\nrequire \"rails/commands\"\n" }, { "path": "bin/rake", "content": "#!/usr/bin/env ruby\nrequire_relative \"../config/boot\"\nrequire \"rake\"\nRake.application.run\n" }, { "path": "bin/setup", "content": "#!/usr/bin/env ruby\nrequire \"fileutils\"\n\n# path to your application root.\nAPP_ROOT = File.expand_path(\"..\", __dir__)\n\ndef system!(*args)\n system(*args) || abort(\"\\n== Command #{args} failed ==\")\nend\n\nFileUtils.chdir APP_ROOT do\n # This script is a way to set up or update your development environment automatically.\n # This script is idempotent, so that you can run it at any time and get an expectable outcome.\n # Add necessary setup steps to this file.\n\n puts \"== Installing dependencies ==\"\n system! \"gem install bundler --conservative\"\n system(\"bundle check\") || system!(\"bundle install\")\n\n # puts \"\\n== Copying sample files ==\"\n # unless File.exist?(\"config/database.yml\")\n # FileUtils.cp \"config/database.yml.sample\", \"config/database.yml\"\n # end\n\n puts \"\\n== Preparing database ==\"\n system! \"bin/rails db:prepare\"\n\n puts \"\\n== Removing old logs and tempfiles ==\"\n system! \"bin/rails log:clear tmp:clear\"\n\n puts \"\\n== Restarting application server ==\"\n system! \"bin/rails restart\"\nend\n" }, { "path": "bin/update", "content": "#!/usr/bin/env ruby\nrequire 'pathname'\nrequire 'fileutils'\ninclude FileUtils\n\n# path to your application root.\nAPP_ROOT = Pathname.new File.expand_path('../../', __FILE__)\n\ndef system!(*args)\n system(*args) || abort(\"\\n== Command #{args} failed ==\")\nend\n\nchdir APP_ROOT do\n # This script is a way to update your development environment automatically.\n # Add necessary update steps to this file.\n\n puts '== Installing dependencies =='\n system! 'gem install bundler --conservative'\n system('bundle check') || system!('bundle install')\n\n puts \"\\n== Updating database ==\"\n system! 'bin/rails db:migrate'\n\n puts \"\\n== Removing old logs and tempfiles ==\"\n system! 'bin/rails log:clear tmp:clear'\n\n puts \"\\n== Restarting application server ==\"\n system! 'bin/rails restart'\nend\n" }, { "path": "config/application.rb", "content": "require_relative \"boot\"\n\nrequire \"rails/all\"\n\n# Require the gems listed in Gemfile, including any gems\n# you've limited to :test, :development, or :production.\nBundler.require(*Rails.groups)\n\nmodule Gate\n class Application < Rails::Application\n # Initialize configuration defaults for originally generated Rails version.\n config.load_defaults 5.0\n\n # Configuration for the application, engines, and railties goes here.\n #\n # These settings can be overridden in specific environments using the files\n # in config/environments, which are processed later.\n #\n # config.time_zone = \"Central Time (US & Canada)\"\n # config.eager_load_paths << Rails.root.join(\"extras\")\n end\nend\n" }, { "path": "config/boot.rb", "content": "ENV[\"BUNDLE_GEMFILE\"] ||= File.expand_path(\"../Gemfile\", __dir__)\n\nrequire \"bundler/setup\" # Set up gems listed in the Gemfile.\n" }, { "path": "config/cable.yml", "content": "development:\n adapter: async\n\ntest:\n adapter: async\n\nproduction:\n adapter: redis\n url: redis://localhost:6379/1\n" }, { "path": "config/database.yml", "content": "default: &default\n adapter: mysql2\n pool: 5\n timeout: 5000\n host: <%= ENV['GATE_DB_HOST'] %>\n port: <%= ENV['GATE_DB_PORT'] %>\n username: <%= ENV['GATE_DB_USER'] %>\n password: <%= ENV['GATE_DB_PASSWORD'] %>\n\n\ndevelopment:\n <<: *default\n database: gate_development\n host: localhost\n post: 3306\n username: gate_development\n password: password\n properties:\n useSSL: false\n\ntest:\n <<: *default\n database: gate_test\n host: localhost\n post: 3306\n username: gate_test\n password: password\n properties:\n useSSL: false\n\nintegration:\n <<: *default\n database: <%= ENV['GATE_DB_NAME'] %>\n\nproduction:\n <<: *default\n pool: 16\n database: <%= ENV['GATE_DB_NAME'] %>\n" }, { "path": "config/environment.rb", "content": "# Load the Rails application.\nrequire_relative \"application\"\n\n# Initialize the Rails application.\nRails.application.initialize!\n" }, { "path": "config/environments/development.rb", "content": "require \"active_support/core_ext/integer/time\"\n\nRails.application.configure do\n # Settings specified here will take precedence over those in config/application.rb.\n\n # In the development environment your application's code is reloaded any time\n # it changes. This slows down response time but is perfect for development\n # since you don't have to restart the web server when you make code changes.\n config.cache_classes = false\n\n # Do not eager load code on boot.\n config.eager_load = false\n\n # Show full error reports.\n config.consider_all_requests_local = true\n\n # Enable server timing\n config.server_timing = true\n\n # Enable/disable caching. By default caching is disabled.\n # Run rails dev:cache to toggle caching.\n if Rails.root.join(\"tmp/caching-dev.txt\").exist?\n config.action_controller.perform_caching = true\n config.action_controller.enable_fragment_cache_logging = true\n\n config.cache_store = :memory_store\n config.public_file_server.headers = {\n \"Cache-Control\" => \"public, max-age=#{2.days.to_i}\"\n }\n else\n config.action_controller.perform_caching = false\n\n config.cache_store = :null_store\n end\n\n # Store uploaded files on the local file system (see config/storage.yml for options).\n config.active_storage.service = :local\n\n # Don't care if the mailer can't send.\n config.action_mailer.raise_delivery_errors = false\n\n config.action_mailer.perform_caching = false\n\n # Print deprecation notices to the Rails logger.\n config.active_support.deprecation = :log\n\n # Raise exceptions for disallowed deprecations.\n config.active_support.disallowed_deprecation = :raise\n\n # Tell Active Support which deprecation messages to disallow.\n config.active_support.disallowed_deprecation_warnings = []\n\n # Raise an error on page load if there are pending migrations.\n config.active_record.migration_error = :page_load\n\n # Highlight code that triggered database queries in logs.\n config.active_record.verbose_query_logs = true\n\n # Suppress logger output for asset requests.\n config.assets.quiet = true\n\n # Raises error for missing translations.\n # config.i18n.raise_on_missing_translations = true\n\n # Annotate rendered view with file names.\n # config.action_view.annotate_rendered_view_with_filenames = true\n\n # Uncomment if you wish to allow Action Cable access from any origin.\n # config.action_cable.disable_request_forgery_protection = true\n config.legacy_connection_handling = false\nend\n" }, { "path": "config/environments/integration.rb", "content": "Rails.application.configure do\n # Settings specified here will take precedence over those in config/application.rb.\n\n # Code is not reloaded between requests.\n config.cache_classes = true\n\n # Eager load code on boot. This eager loads most of Rails and\n # your application in memory, allowing both threaded web servers\n # and those relying on copy on write to perform better.\n # Rake tasks automatically ignore this option for performance.\n config.eager_load = true\n\n # Full error reports are disabled and caching is turned on.\n config.consider_all_requests_local = false\n config.action_controller.perform_caching = true\n\n # Enable Rack::Cache to put a simple HTTP cache in front of your application\n # Add `rack-cache` to your Gemfile before enabling this.\n # For large-scale production use, consider using a caching reverse proxy like\n # NGINX, varnish or squid.\n # config.action_dispatch.rack_cache = true\n\n # Disable serving static files from the `/public` folder by default since\n # Apache or NGINX already handles this.\n config.serve_static_files = ENV['RAILS_SERVE_STATIC_FILES'] == 'true'\n\n # Compress JavaScripts and CSS.\n config.assets.js_compressor = :uglifier\n # config.assets.css_compressor = :sass\n\n # Do not fallback to assets pipeline if a precompiled asset is missed.\n config.assets.compile = false\n\n # Asset digests allow you to set far-future HTTP expiration dates on all assets,\n # yet still be able to expire them through the digest params.\n config.assets.digest = true\n\n # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb\n\n # Specifies the header that your server uses for sending files.\n # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache\n # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX\n\n # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.\n # config.force_ssl = true\n\n # Use the lowest log level to ensure availability of diagnostic information\n # when problems arise.\n config.logger = Logger.new(STDOUT)\n config.log_level = :DEBUG\n\n # Prepend all log lines with the following tags.\n # config.log_tags = [ :subdomain, :uuid ]\n\n # Use a different logger for distributed setups.\n # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)\n\n # Use a different cache store in production.\n # config.cache_store = :mem_cache_store\n\n # Enable serving of images, stylesheets, and JavaScripts from an asset server.\n # config.action_controller.asset_host = 'http://assets.example.com'\n\n # Ignore bad email addresses and do not raise email delivery errors.\n # Set this to true and configure the email server for immediate delivery to raise delivery errors.\n # config.action_mailer.raise_delivery_errors = false\n\n # Enable locale fallbacks for I18n (makes lookups for any locale fall back to\n # the I18n.default_locale when a translation cannot be found).\n config.i18n.fallbacks = true\n\n # Send deprecation notices to registered listeners.\n config.active_support.deprecation = :notify\n\n # Use default logging formatter so that PID and timestamp are not suppressed.\n config.log_formatter = ::Logger::Formatter.new\n\n # Do not dump schema after migrations.\n config.active_record.dump_schema_after_migration = false\nend\n" }, { "path": "config/environments/production.rb", "content": "require \"active_support/core_ext/integer/time\"\n\nRails.application.configure do\n # Settings specified here will take precedence over those in config/application.rb.\n\n # Code is not reloaded between requests.\n config.cache_classes = true\n\n # Eager load code on boot. This eager loads most of Rails and\n # your application in memory, allowing both threaded web servers\n # and those relying on copy on write to perform better.\n # Rake tasks automatically ignore this option for performance.\n config.eager_load = true\n\n # Full error reports are disabled and caching is turned on.\n config.consider_all_requests_local = false\n config.action_controller.perform_caching = true\n\n # Ensures that a master key has been made available in either ENV[\"RAILS_MASTER_KEY\"]\n # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).\n # config.require_master_key = true\n\n # Disable serving static files from the `/public` folder by default since\n # Apache or NGINX already handles this.\n config.public_file_server.enabled = ENV[\"RAILS_SERVE_STATIC_FILES\"].present?\n\n # Compress CSS using a preprocessor.\n # config.assets.css_compressor = :sass\n\n # Do not fallback to assets pipeline if a precompiled asset is missed.\n config.assets.compile = false\n\n # Enable serving of images, stylesheets, and JavaScripts from an asset server.\n # config.asset_host = \"http://assets.example.com\"\n\n # Specifies the header that your server uses for sending files.\n # config.action_dispatch.x_sendfile_header = \"X-Sendfile\" # for Apache\n # config.action_dispatch.x_sendfile_header = \"X-Accel-Redirect\" # for NGINX\n\n # Store uploaded files on the local file system (see config/storage.yml for options).\n config.active_storage.service = :local\n\n # Mount Action Cable outside main process or domain.\n # config.action_cable.mount_path = nil\n # config.action_cable.url = \"wss://example.com/cable\"\n # config.action_cable.allowed_request_origins = [ \"http://example.com\", /http:\\/\\/example.*/ ]\n\n # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.\n # config.force_ssl = true\n\n # Include generic and useful information about system operation, but avoid logging too much\n # information to avoid inadvertent exposure of personally identifiable information (PII).\n config.log_level = :info\n\n # Prepend all log lines with the following tags.\n config.log_tags = [ :request_id ]\n\n # Use a different cache store in production.\n # config.cache_store = :mem_cache_store\n\n # Use a real queuing backend for Active Job (and separate queues per environment).\n # config.active_job.queue_adapter = :resque\n # config.active_job.queue_name_prefix = \"gate_production\"\n\n config.action_mailer.perform_caching = false\n\n # Ignore bad email addresses and do not raise email delivery errors.\n # Set this to true and configure the email server for immediate delivery to raise delivery errors.\n # config.action_mailer.raise_delivery_errors = false\n\n # Enable locale fallbacks for I18n (makes lookups for any locale fall back to\n # the I18n.default_locale when a translation cannot be found).\n config.i18n.fallbacks = true\n\n # Don't log any deprecations.\n config.active_support.report_deprecations = false\n\n # Use default logging formatter so that PID and timestamp are not suppressed.\n config.log_formatter = ::Logger::Formatter.new\n\n # Use a different logger for distributed setups.\n # require \"syslog/logger\"\n # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new \"app-name\")\n\n if ENV[\"RAILS_LOG_TO_STDOUT\"].present?\n logger = ActiveSupport::Logger.new(STDOUT)\n logger.formatter = config.log_formatter\n config.logger = ActiveSupport::TaggedLogging.new(logger)\n end\n\n # Do not dump schema after migrations.\n config.active_record.dump_schema_after_migration = false\n config.legacy_connection_handling = false\nend\n" }, { "path": "config/environments/test.rb", "content": "require \"active_support/core_ext/integer/time\"\n\n# The test environment is used exclusively to run your application's\n# test suite. You never need to work with it otherwise. Remember that\n# your test database is \"scratch space\" for the test suite and is wiped\n# and recreated between test runs. Don't rely on the data there!\n\nRails.application.configure do\n # Settings specified here will take precedence over those in config/application.rb.\n\n # Turn false under Spring and add config.action_view.cache_template_loading = true.\n config.cache_classes = true\n\n # Eager loading loads your whole application. When running a single test locally,\n # this probably isn't necessary. It's a good idea to do in a continuous integration\n # system, or in some way before deploying your code.\n config.eager_load = ENV[\"CI\"].present?\n\n # Configure public file server for tests with Cache-Control for performance.\n config.public_file_server.enabled = true\n config.public_file_server.headers = {\n \"Cache-Control\" => \"public, max-age=#{1.hour.to_i}\"\n }\n\n # Show full error reports and disable caching.\n config.consider_all_requests_local = true\n config.action_controller.perform_caching = false\n config.cache_store = :null_store\n\n # Raise exceptions instead of rendering exception templates.\n config.action_dispatch.show_exceptions = false\n\n # Disable request forgery protection in test environment.\n config.action_controller.allow_forgery_protection = false\n\n # Store uploaded files on the local file system in a temporary directory.\n config.active_storage.service = :test\n\n config.action_mailer.perform_caching = false\n\n # Tell Action Mailer not to deliver emails to the real world.\n # The :test delivery method accumulates sent emails in the\n # ActionMailer::Base.deliveries array.\n config.action_mailer.delivery_method = :test\n\n # Print deprecation notices to the stderr.\n config.active_support.deprecation = :stderr\n\n # Raise exceptions for disallowed deprecations.\n config.active_support.disallowed_deprecation = :raise\n\n # Tell Active Support which deprecation messages to disallow.\n config.active_support.disallowed_deprecation_warnings = []\n\n # Raises error for missing translations.\n # config.i18n.raise_on_missing_translations = true\n\n # Annotate rendered view with file names.\n # config.action_view.annotate_rendered_view_with_filenames = true\n config.active_record.legacy_connection_handling = false\nend\n" }, { "path": "config/initializers/application_controller_renderer.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# ApplicationController.renderer.defaults.merge!(\n# http_host: 'example.org',\n# https: false\n# )\n" }, { "path": "config/initializers/assets.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Version of your assets, change this if you want to expire all your assets.\nRails.application.config.assets.version = \"1.0\"\n\n# Add additional assets to the asset load path.\n# Rails.application.config.assets.paths << Emoji.images_path\n\n# Precompile additional assets.\n# application.js, application.css, and all non-JS/CSS in the app/assets\n# folder are already added.\n# Rails.application.config.assets.precompile += %w( admin.js admin.css )\n" }, { "path": "config/initializers/backtrace_silencers.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.\n# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }\n\n# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.\n# Rails.backtrace_cleaner.remove_silencers!\n" }, { "path": "config/initializers/content_security_policy.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Define an application-wide content security policy.\n# See the Securing Rails Applications Guide for more information:\n# https://guides.rubyonrails.org/security.html#content-security-policy-header\n\n# Rails.application.configure do\n# config.content_security_policy do |policy|\n# policy.default_src :self, :https\n# policy.font_src :self, :https, :data\n# policy.img_src :self, :https, :data\n# policy.object_src :none\n# policy.script_src :self, :https\n# policy.style_src :self, :https\n# # Specify URI for violation reports\n# # policy.report_uri \"/csp-violation-report-endpoint\"\n# end\n#\n# # Generate session nonces for permitted importmap and inline scripts\n# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }\n# config.content_security_policy_nonce_directives = %w(script-src)\n#\n# # Report violations without enforcing the policy.\n# # config.content_security_policy_report_only = true\n# end\n" }, { "path": "config/initializers/cookies_serializer.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Specify a serializer for the signed and encrypted cookie jars.\n# Valid options are :json, :marshal, and :hybrid.\nRails.application.config.action_dispatch.cookies_serializer = :json\n" }, { "path": "config/initializers/devise.rb", "content": "# Use this hook to configure devise mailer, warden hooks and so forth.\n# Many of these configuration options can be set straight in your model.\nDevise.setup do |config|\n # The secret key used by Devise. Devise uses this key to generate\n # random tokens. Changing this key will render invalid all existing\n # confirmation, reset password and unlock tokens in the database.\n # Devise will use the `secret_key_base` as its `secret_key`\n # by default. You can change it below and use your own secret key.\n # config.secret_key = 'ffd38086f1b74e9ba7fe5876d3536949b4c1e93a50f3ad16f0c50dc1ecb48262c350f819a83ac3482ea51f6aefbd4aa3cd52cd9b6c666ca5f8cbb6f29d760aae'\n\n config.stretches = Rails.env.test? ? 1 : 10\n # ==> Mailer Configuration\n # Configure the e-mail address which will be shown in Devise::Mailer,\n # note that it will be overwritten if you use your own mailer class\n # with default \"from\" parameter.\n\n config.omniauth :google_oauth2, ENV['GATE_OAUTH_CLIENT_ID'], ENV['GATE_OAUTH_CLIENT_SECRET'], { hd: ENV['GATE_HOSTED_DOMAINS'].split(','), site: ENV['GATE_SERVER_URL'] }\n config.mailer_sender = 'please-change-me-at-config-initializers-devise@example.com'\n config.secret_key = ENV['GATE_CONFIG_SECRET']\n\n # Configure the class responsible to send e-mails.\n # config.mailer = 'Devise::Mailer'\n\n # Configure the parent class responsible to send e-mails.\n # config.parent_mailer = 'ActionMailer::Base'\n\n # ==> ORM configuration\n # Load and configure the ORM. Supports :active_record (default) and\n # :mongoid (bson_ext recommended) by default. Other ORMs may be\n # available as additional gems.\n require 'devise/orm/active_record'\n\n # ==> Configuration for any authentication mechanism\n # Configure which keys are used when authenticating a user. The default is\n # just :email. You can configure it to use [:username, :subdomain], so for\n # authenticating a user, both parameters are required. Remember that those\n # parameters are used only when authenticating and not when retrieving from\n # session. If you need permissions, you should implement that in a before filter.\n # You can also supply a hash where the value is a boolean determining whether\n # or not authentication should be aborted when the value is not present.\n # config.authentication_keys = [:email]\n\n # Configure parameters from the request object used for authentication. Each entry\n # given should be a request method and it will automatically be passed to the\n # find_for_authentication method and considered in your model lookup. For instance,\n # if you set :request_keys to [:subdomain], :subdomain will be used on authentication.\n # The same considerations mentioned for authentication_keys also apply to request_keys.\n # config.request_keys = []\n\n # Configure which authentication keys should be case-insensitive.\n # These keys will be downcased upon creating or modifying a user and when used\n # to authenticate or find a user. Default is :email.\n config.case_insensitive_keys = [:email]\n\n # Configure which authentication keys should have whitespace stripped.\n # These keys will have whitespace before and after removed upon creating or\n # modifying a user and when used to authenticate or find a user. Default is :email.\n config.strip_whitespace_keys = [:email]\n\n # Tell if authentication through request.params is enabled. True by default.\n # It can be set to an array that will enable params authentication only for the\n # given strategies, for example, `config.params_authenticatable = [:database]` will\n # enable it only for database (email + password) authentication.\n # config.params_authenticatable = true\n\n # Tell if authentication through HTTP Auth is enabled. False by default.\n # It can be set to an array that will enable http authentication only for the\n # given strategies, for example, `config.http_authenticatable = [:database]` will\n # enable it only for database authentication. The supported strategies are:\n # :database = Support basic authentication with authentication key + password\n # config.http_authenticatable = false\n\n # If 401 status code should be returned for AJAX requests. True by default.\n # config.http_authenticatable_on_xhr = true\n\n # The realm used in Http Basic Authentication. 'Application' by default.\n # config.http_authentication_realm = 'Application'\n\n # It will change confirmation, password recovery and other workflows\n # to behave the same regardless if the e-mail provided was right or wrong.\n # Does not affect registerable.\n # config.paranoid = true\n\n # By default Devise will store the user in session. You can skip storage for\n # particular strategies by setting this option.\n # Notice that if you are skipping storage for all authentication paths, you\n # may want to disable generating routes to Devise's sessions controller by\n # passing skip: :sessions to `devise_for` in your config/routes.rb\n config.skip_session_storage = [:http_auth]\n\n # By default, Devise cleans up the CSRF token on authentication to\n # avoid CSRF token fixation attacks. This means that, when using AJAX\n # requests for sign in and sign up, you need to get a new CSRF token\n # from the server. You can disable this option at your own risk.\n # config.clean_up_csrf_token_on_authentication = true\n\n # ==> Configuration for :database_authenticatable\n # For bcrypt, this is the cost for hashing the password and defaults to 11. If\n # using other algorithms, it sets how many times you want the password to be hashed.\n #\n # Limiting the stretches to just one in testing will increase the performance of\n # your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use\n # a value less than 10 in other environments. Note that, for bcrypt (the default\n # algorithm), the cost increases exponentially with the number of stretches (e.g.\n # a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).\n config.stretches = Rails.env.test? ? 1 : 11\n\n # Set up a pepper to generate the hashed password.\n # config.pepper = '16f08c87da9835ae3ac2cc84ba3ce339d6820771cfb4dfdd79360036bbace40ee9b74a691f26aa2eeb17cbc449cfda195e09874a792df258a2abe9d696f4a98b'\n\n # Send a notification email when the user's password is changed\n # config.send_password_change_notification = false\n\n # ==> Configuration for :confirmable\n # A period that the user is allowed to access the website even without\n # confirming their account. For instance, if set to 2.days, the user will be\n # able to access the website for two days without confirming their account,\n # access will be blocked just in the third day. Default is 0.days, meaning\n # the user cannot access the website without confirming their account.\n # config.allow_unconfirmed_access_for = 2.days\n\n # A period that the user is allowed to confirm their account before their\n # token becomes invalid. For example, if set to 3.days, the user can confirm\n # their account within 3 days after the mail was sent, but on the fourth day\n # their account can't be confirmed with the token any more.\n # Default is nil, meaning there is no restriction on how long a user can take\n # before confirming their account.\n # config.confirm_within = 3.days\n\n # If true, requires any email changes to be confirmed (exactly the same way as\n # initial account confirmation) to be applied. Requires additional unconfirmed_email\n # db field (see migrations). Until confirmed, new email is stored in\n # unconfirmed_email column, and copied to email column on successful confirmation.\n config.reconfirmable = true\n\n # Defines which key will be used when confirming an account\n # config.confirmation_keys = [:email]\n\n # ==> Configuration for :rememberable\n # The time the user will be remembered without asking for credentials again.\n # config.remember_for = 2.weeks\n\n # Invalidates all the remember me tokens when the user signs out.\n config.expire_all_remember_me_on_sign_out = true\n\n # If true, extends the user's remember period when remembered via cookie.\n # config.extend_remember_period = false\n\n # Options to be passed to the created cookie. For instance, you can set\n # secure: true in order to force SSL only cookies.\n # config.rememberable_options = {}\n\n # ==> Configuration for :validatable\n # Range for password length.\n config.password_length = 6..128\n\n # Email regex used to validate email formats. It simply asserts that\n # one (and only one) @ exists in the given string. This is mainly\n # to give user feedback and not to assert the e-mail validity.\n config.email_regexp = /\\A[^@]+@[^@]+\\z/\n\n # ==> Configuration for :timeoutable\n # The time you want to timeout the user session without activity. After this\n # time the user will be asked for credentials again. Default is 30 minutes.\n # config.timeout_in = 30.minutes\n\n # ==> Configuration for :lockable\n # Defines which strategy will be used to lock an account.\n # :failed_attempts = Locks an account after a number of failed attempts to sign in.\n # :none = No lock strategy. You should handle locking by yourself.\n # config.lock_strategy = :failed_attempts\n\n # Defines which key will be used when locking and unlocking an account\n # config.unlock_keys = [:email]\n\n # Defines which strategy will be used to unlock an account.\n # :email = Sends an unlock link to the user email\n # :time = Re-enables login after a certain amount of time (see :unlock_in below)\n # :both = Enables both strategies\n # :none = No unlock strategy. You should handle unlocking by yourself.\n # config.unlock_strategy = :both\n\n # Number of authentication tries before locking an account if lock_strategy\n # is failed attempts.\n # config.maximum_attempts = 20\n\n # Time interval to unlock the account if :time is enabled as unlock_strategy.\n # config.unlock_in = 1.hour\n\n # Warn on the last attempt before the account is locked.\n # config.last_attempt_warning = true\n\n # ==> Configuration for :recoverable\n #\n # Defines which key will be used when recovering the password for an account\n # config.reset_password_keys = [:email]\n\n # Time interval you can reset your password with a reset password key.\n # Don't put a too small interval or your users won't have the time to\n # change their passwords.\n config.reset_password_within = 6.hours\n\n # When set to false, does not sign a user in automatically after their password is\n # reset. Defaults to true, so a user is signed in automatically after a reset.\n # config.sign_in_after_reset_password = true\n\n # ==> Configuration for :encryptable\n # Allow you to use another hashing or encryption algorithm besides bcrypt (default).\n # You can use :sha1, :sha512 or algorithms from others authentication tools as\n # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20\n # for default behavior) and :restful_authentication_sha1 (then you should set\n # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).\n #\n # Require the `devise-encryptable` gem when using anything other than bcrypt\n # config.encryptor = :sha512\n\n # ==> Scopes configuration\n # Turn scoped views on. Before rendering \"sessions/new\", it will first check for\n # \"users/sessions/new\". It's turned off by default because it's slower if you\n # are using only default views.\n # config.scoped_views = false\n\n # Configure the default scope given to Warden. By default it's the first\n # devise role declared in your routes (usually :user).\n # config.default_scope = :user\n\n # Set this configuration to false if you want /users/sign_out to sign out\n # only the current scope. By default, Devise signs out all scopes.\n # config.sign_out_all_scopes = true\n\n # ==> Navigation configuration\n # Lists the formats that should be treated as navigational. Formats like\n # :html, should redirect to the sign in page when the user does not have\n # access, but formats like :xml or :json, should return 401.\n #\n # If you have any extra navigational formats, like :iphone or :mobile, you\n # should add them to the navigational formats lists.\n #\n # The \"*/*\" below is required to match Internet Explorer requests.\n # config.navigational_formats = ['*/*', :html]\n\n # The default HTTP method used to sign out a resource. Default is :delete.\n config.sign_out_via = :delete\n\n # ==> OmniAuth\n # Add a new OmniAuth provider. Check the wiki for more information on setting\n # up on your models and hooks.\n # config.omniauth :github, 'APP_ID', 'APP_SECRET', scope: 'user,public_repo'\n\n # ==> Warden configuration\n # If you want to use other strategies, that are not supported by Devise, or\n # change the failure app, you can configure them inside the config.warden block.\n #\n # config.warden do |manager|\n # manager.intercept_401 = false\n # manager.default_strategies(scope: :user).unshift :some_external_strategy\n # end\n\n # ==> Mountable engine configurations\n # When using Devise inside an engine, let's call it `MyEngine`, and this engine\n # is mountable, there are some extra configurations to be taken into account.\n # The following options are available, assuming the engine is mounted as:\n #\n # mount MyEngine, at: '/my_engine'\n #\n # The router that invoked `devise_for`, in the example above, would be:\n # config.router_name = :my_engine\n #\n # When using OmniAuth, Devise cannot automatically set OmniAuth path,\n # so you need to do it manually. For the users scope, it would be:\n # config.omniauth_path_prefix = '/my_engine/users/auth'\n end\n" }, { "path": "config/initializers/dotenv.rb", "content": "begin\n Dotenv.require_keys('GATE_DB_HOST',\n 'GATE_DB_PORT',\n 'GATE_DB_USER',\n 'GATE_DB_PASSWORD',\n 'CACHE_HOST',\n 'CACHE_PORT',\n 'GATE_HOSTED_DOMAINS',\n 'GATE_HOSTED_DOMAIN')\nrescue => exception\n puts exception.to_s\n exit(-1)\nend\n" }, { "path": "config/initializers/filter_parameter_logging.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Configure parameters to be filtered from the log file. Use this to limit dissemination of\n# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported\n# notations and behaviors.\nRails.application.config.filter_parameters += [\n :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn\n]\n" }, { "path": "config/initializers/inflections.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Add new inflection rules using the following format. Inflections\n# are locale specific, and you may define rules for as many different\n# locales as you wish. All of these examples are active by default:\n# ActiveSupport::Inflector.inflections(:en) do |inflect|\n# inflect.plural /^(ox)$/i, \"\\\\1en\"\n# inflect.singular /^(ox)en/i, \"\\\\1\"\n# inflect.irregular \"person\", \"people\"\n# inflect.uncountable %w( fish sheep )\n# end\n\n# These inflection rules are supported but not enabled by default:\n# ActiveSupport::Inflector.inflections(:en) do |inflect|\n# inflect.acronym \"RESTful\"\n# end\n" }, { "path": "config/initializers/mime_types.rb", "content": "# Be sure to restart your server when you modify this file.\n\n# Add new mime types for use in respond_to blocks:\n# Mime::Type.register \"text/richtext\", :rtf\n" }, { "path": "config/initializers/new_framework_defaults.rb", "content": "# Be sure to restart your server when you modify this file.\n#\n# This file contains migration options to ease your Rails 5.0 upgrade.\n#\n# Once upgraded flip defaults one by one to migrate to the new default.\n#\n# Read the Rails 5.0 release notes for more info on each option.\n\n# Enable per-form CSRF tokens. Previous versions had false.\n#Rails.application.config.action_controller.per_form_csrf_tokens = false\n\n# Enable origin-checking CSRF mitigation. Previous versions had false.\n#Rails.application.config.action_controller.forgery_protection_origin_check = false\n\n# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`.\n# Previous versions had false.\n#ActiveSupport.to_time_preserves_timezone = false\n\n# Require `belongs_to` associations by default. Previous versions had false.\n#Rails.application.config.active_record.belongs_to_required_by_default = false\n\n" }, { "path": "config/initializers/new_framework_defaults_7_0.rb", "content": "# Be sure to restart your server when you modify this file.\n#\n# This file eases your Rails 7.0 framework defaults upgrade.\n#\n# Uncomment each configuration one by one to switch to the new default.\n# Once your application is ready to run with all new defaults, you can remove\n# this file and set the `config.load_defaults` to `7.0`.\n#\n# Read the Guide for Upgrading Ruby on Rails for more info on each option.\n# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html\n\n# `button_to` view helper will render `