2 |
404
3 |
File Not Found
4 |
Sorry, an error has occurred. Requested page not found!
5 |
2 |
3 |
4 | {{getGistName(claObj.gistObj)}}
5 |
6 |
9 |
3 |
4 | EXPOSE 5000
5 |
6 | COPY . /cla-assistant
7 | WORKDIR /cla-assistant
8 |
9 | RUN \
10 | apk add --update nodejs su-exec git curl bzip2 patch make g++ && \
11 | addgroup -S cla-assistant && \
12 | adduser -S -D -G cla-assistant cla-assistant && \
13 | chown -R cla-assistant:cla-assistant /cla-assistant && \
14 | su-exec cla-assistant /bin/sh -c 'cd /cla-assistant && npm install && node_modules/grunt-cli/bin/grunt build && rm -rf /home/cla-assistant/.npm .git' && \
15 | apk del git curl bzip2 patch make g++ && \
16 | rm -rf /var/cache/apk/*
17 |
18 | USER cla-assistant
19 | CMD npm start
20 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | sudo: false
2 | language: node_js
3 | node_js:
4 | - 12
5 | cache:
6 | directories:
7 | - src/bower
8 | notifications:
9 | slack: sap-pi-tools:$SLACK_TOKEN
10 | before_script:
11 | - bower install
12 | after_script:
13 | - grunt uglify && grunt mocha_istanbul && grunt coveralls
14 | - if [[ $TRAVIS_PULL_REQUEST == 'false']]; then npm run snyk-monitor; fi
15 | - if [[ $TRAVIS_PULL_REQUEST == 'false' && $TRAVIS_BRANCH == 'release-green' ]]; then ./.cf.sh cla-assistant-green; fi
16 | - if [[ $TRAVIS_PULL_REQUEST == 'false' && $TRAVIS_BRANCH == 'master' ]]; then ./.cf.sh cla-assistant-staging; fi
17 | - if [[ $TRAVIS_PULL_REQUEST == 'false' && $TRAVIS_BRANCH == 'release' ]]; then ./.cf.sh cla-assistant; fi
18 |
--------------------------------------------------------------------------------
/src/client/assets/images/nervous_remove/nervous_eye2-39.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
11 |
12 |
--------------------------------------------------------------------------------
/app.js:
--------------------------------------------------------------------------------
1 | //////////////////////////////////////////////////////////////////////////////////////////////
2 | // Initialize server
3 | //////////////////////////////////////////////////////////////////////////////////////////////
4 |
5 | let app = require('./src/server/app.js')
6 | // let http = require('http')
7 |
8 | // // eslint-disable-next-line no-console
9 | // console.log("App is initialized")
10 | // let server = http.createServer(app)
11 | // // eslint-disable-next-line no-console
12 | // console.log("Server is created")
13 | // const listener = server.listen(config.server.localport, function () {
14 | // // eslint-disable-next-line no-console
15 | // console.log('Listening on port ' + listener.address().port)
16 | // });
--------------------------------------------------------------------------------
/.github/settings.yml:
--------------------------------------------------------------------------------
1 | repository:
2 | name: cla-assistant
3 | description: Contributor License Agreement assistant (CLA assistant)
4 | homepage: https://cla-assistant.io/
5 | private: false
6 | has_issues: true
7 | has_wiki: false
8 | has_downloads: true
9 | default_branch: master
10 | allow_squash_merge: true
11 | allow_merge_commit: true
12 | allow_rebase_merge: true
13 |
14 | labels:
15 | - name: architecture
16 | color: 5319e7
17 | - name: bug
18 | color: d93f0b
19 | - name: design
20 | color: 009800
21 | - name: feature
22 | color: 84b6eb
23 | - name: greenkeeper
24 | color: 00c775
25 | - name: help wanted
26 | color: 006b75
27 | - name: wontfix
28 | color: eeeeee
29 |
--------------------------------------------------------------------------------
/src/client/modals/versionView.js:
--------------------------------------------------------------------------------
1 | module.controller('VersionViewCtrl', function($scope, $rootScope, $modalInstance, cla, $location, noCLA, showCLA, $window) {
2 | $scope.claObj = cla;
3 | $scope.noCLA = noCLA;
4 | $scope.showCLA = showCLA;
5 | $scope.cla = null;
6 | $scope.modalInstance = $modalInstance;
7 | $scope.newCLA = null;
8 |
9 | $scope.openNewCla = function () {
10 | $modalInstance.dismiss('Link opened');
11 | $window.location.href = '/' + $scope.claObj.owner + '/' + $scope.claObj.repo;
12 | };
13 |
14 | $scope.openRevision = function () {
15 | $window.open($scope.claObj.gist_url + '/revisions');
16 | };
17 |
18 | $scope.cancel = function () {
19 | $modalInstance.dismiss('cancel');
20 | };
21 | });
22 |
--------------------------------------------------------------------------------
/src/client/assets/images/browser.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
7 |
12 |
--------------------------------------------------------------------------------
/codecept.json:
--------------------------------------------------------------------------------
1 | {
2 | "tests": "./src/tests/acceptance_tests/*spec.js",
3 | "timeout": 10000,
4 | "output": "./src/tests/acceptance_tests/output",
5 | "helpers": {
6 | "WebDriverIO": {
7 | "url": "/",
8 | "browser": "chrome",
9 | "windowSize": "maximize",
10 | "smartWait": 5000,
11 | "restart": false,
12 | "keepCookies": true,
13 | "desiredCapabilities": {
14 | "chromeOptions": {
15 | "args": [
16 | "--disable-gpu",
17 | "--window-size=800,600"
18 | ]
19 | }
20 | }
21 | }
22 | },
23 | "include": {},
24 | "bootstrap": false,
25 | "debug": true,
26 | "mocha": {},
27 | "name": "cla-assistant"
28 | }
--------------------------------------------------------------------------------
/src/tests/acceptance_tests/authorize_claowner.spec.js:
--------------------------------------------------------------------------------
1 | const github = require('./githubUtils')
2 |
3 | let testUserName = process.env.TEST_USER_NAME
4 | let testUserPass = process.env.TEST_USER_PASS
5 |
6 | Feature('Authorize claowner1')
7 |
8 |
9 | Scenario('Authorize cla assistant for claowner1', (I) => {
10 | github.login(I, testUserName, testUserPass)
11 | I.amOnPage('https://preview.cla-assistant.io/')
12 | I.click('Sign in')
13 | I.seeInCurrentUrl('/login/oauth/authorize')
14 | I.waitForEnabled('button#js-oauth-authorize-btn', 5)
15 | I.click('button#js-oauth-authorize-btn')
16 | I.wait(1)
17 | I.seeInCurrentUrl('/login/oauth/authorize')
18 | I.waitForEnabled('button#js-oauth-authorize-btn', 5)
19 | I.click('button#js-oauth-authorize-btn')
20 | I.seeInCurrentUrl('https://preview.cla-assistant.io/')
21 | })
22 |
--------------------------------------------------------------------------------
/src/client/assets/images/nervous_remove/nervous_drop-38.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
13 |
14 |
--------------------------------------------------------------------------------
/src/client/assets/images/nervous_remove/nervous_drop-382.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
13 |
14 |
--------------------------------------------------------------------------------
/src/client/modals/templates/info_gist.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
How can I create a CLA Gist?
6 |
7 | At
gist.github.com enter a file name and paste the content of your CLA.
8 |
9 |
10 |
11 |
12 |
What happens if I edit the Gist file?
13 |
14 | CLA assistant will always show you the current version of your Gist file. Users who accept your CLA sign the current version. If you change the content of your CLA, each contributor has to accept the new version when they create a new pull request.
15 |
16 |
17 |
18 |
2 |
3 |
4 |
What happens if I choose to share the gist with multiple repos or orgs?
5 |
6 | Contributors will simply need to sign only once for any of the repos or orgs linked with the same shared gist.
7 |
8 |
9 |
10 |
Are previous CLA signatures still valid after I choose to share the gist with multiple repos or orgs?
11 |
12 | Yes, but the scope of the previous signatures are still limited to the previous repo or org.
13 |
14 |
15 |
16 |
What happens if I uncheck the box and choose NOT to share the gist any more?
17 |
18 | Previous contributors that have signed the shared gist will have to sign again.
19 |
20 |
21 |
4 |
5 |
6 | Oops, something went wrong...
7 |
8 |
9 |
14 |
15 |
What could be the problem?
16 |
17 | The Gist has been deleted
18 | The Webhook in your repository could not be found
19 |
20 |
21 |
22 | OK
23 |
24 |
4 |
5 |
10 |
15 | CLA
16 | CLA
17 | signed
18 | signed
19 |
20 |
21 |
--------------------------------------------------------------------------------
/src/server/templates/badge_signed.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
15 | CLA
16 | CLA
17 | signed
18 | signed
19 |
20 |
21 |
--------------------------------------------------------------------------------
/src/server/documents/repo.js:
--------------------------------------------------------------------------------
1 | const mongoose = require('mongoose')
2 | const utils = require('./utils')
3 | // const logger = require('../services/logger')
4 |
5 | const RepoSchema = mongoose.Schema({
6 | repoId: String,
7 | repo: String,
8 | owner: String,
9 | gist: String,
10 | token: String,
11 | sharedGist: Boolean,
12 | minFileChanges: Number,
13 | minCodeChanges: Number,
14 | whiteListPattern: String,
15 | privacyPolicy: String,
16 | updated_at: Date
17 | })
18 |
19 | const index = {
20 | repoId: 1,
21 | repo: 1,
22 | owner: 1
23 | }
24 | const indexOptions = {
25 | unique: true
26 | }
27 |
28 | RepoSchema.methods.isUserWhitelisted = function (user) {
29 | return utils.checkPatternWildcard(this.whiteListPattern, user)
30 | }
31 |
32 | const Repo = mongoose.model('Repo', RepoSchema)
33 |
34 | // Repo.collection.dropAllIndexes(function (err, results) {
35 | // if (err) {
36 | // logger.warn('Repo collection dropAllIndexes error: ', err)
37 | // logger.warn('dropAllIndexes results: ', results)
38 | // }
39 | // })
40 |
41 | Repo.collection.createIndex(index, indexOptions)
42 |
43 | module.exports = {
44 | Repo: Repo
45 | }
--------------------------------------------------------------------------------
/src/server/templates/badge_not_signed.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
15 | CLA
16 | CLA
17 | not signed yet
18 | not signed yet
19 |
20 |
21 |
--------------------------------------------------------------------------------
/src/client/modals/templates/add_scope.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
Why link organizations?
6 |
7 | If you link an organization with your CLA, CLA assistant sets a web hook on your organization and listens to Pull Requests of all repositories in the organization. That means that your CLA becomes active for each existing and future repositories of your organization.
8 |
9 |
10 |
11 |
12 |
How can I link an organization?
13 |
14 | CLA assistant needs an additional authorization from you to be able to create web hooks for organizations. To grant CLA assistant appropriate rights just click on the button below. For more information on Authorization scopes see
github documentation
15 |
16 |
17 |
18 |
19 |
20 | Yes, let's go for it!
21 |
22 |
23 |
24 |
5 |
15 |
--------------------------------------------------------------------------------
/src/client/modals/templates/confirmLink.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
5 |
6 | Would you like to link this CLA
8 |
9 |
10 |
11 |
12 |
{{gist.name}}
13 |
{{item.full_name ? item.full_name : item.login}}
14 |
15 |
16 |
17 |
18 | CLA assistant will...
19 |
20 | Create a webhook in your {{item.full_name ? 'repository' : 'organization'}} and listen for pull requests
21 | Set a pull request CLA status
22 | Comment on pull requests
23 |
24 |
25 |
26 |
27 | Cancel
28 | Yes, let's do this!
29 |
30 |
2 |
3 |
4 | Get your badge url
5 |
6 |
7 |
20 |
21 |
22 | {{selectedType.type.url}}
23 |
24 |
25 |
27 |
28 |
17 |
19 |
20 | Repository owners can review a list of users who signed the CLA for each version of it. To get started, visit https://cla-assistant.io.
21 |
22 | ### Contacts
23 | - technical support contact – tools@sap.com
24 | - escalation contact - t.jansen@sap.com
25 |
26 | ### Documentation
27 | - Documentation - https://cla-assistant.io/
28 | - Terms of service - https://gist.github.com/CLAassistant/3a73e4cd729c9d0a6e30
29 | - Privacy Policy - same
30 | - Support - tools@sap.com
31 | - Status - https://twitter.com/cla_assistant
32 | - Pricing - for free. For all. For everything
33 |
34 | ### Category
35 | Collaborate
36 |
--------------------------------------------------------------------------------
/src/client/templates/customField.html:
--------------------------------------------------------------------------------
1 |
2 |
{{title || name}}
3 |
({{description}})
4 |
6 |
8 | {{title || name}}
9 |
10 |
13 |
14 |
15 |
16 |
19 |
20 |
21 |
{{title || name}}
22 |
23 |
26 |
28 | {{value[name]}}
29 |
--------------------------------------------------------------------------------
/src/client/assets/images/link_button.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
10 |
11 |
12 |
17 |
18 |
23 |
26 |
--------------------------------------------------------------------------------
/src/client/services/linkItem.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | module.factory('linkItemService', ['$RPCService',
4 | function ($RPCService) {
5 | function createNewItem(item, options, type) {
6 | if (!type) {
7 | type = options;
8 | options = item;
9 | }
10 | var newItem = {
11 | gist: options.gist.url,
12 | sharedGist: options.sharedGist,
13 | whiteListPattern: options.whiteListPattern,
14 | minFileChanges: options.minFileChanges,
15 | minCodeChanges: options.minCodeChanges,
16 | privacyPolicy: options.privacyPolicy
17 | };
18 | if (type === 'repo') {
19 | newItem.repoId = item.repoId || item.id;
20 | newItem.repo = item.repo || item.name;
21 | newItem.owner = item.owner.login || item.owner;
22 | } else {
23 | newItem.orgId = item.orgId || item.id;
24 | newItem.org = item.org || item.login;
25 | newItem.excludePattern = options.excludePattern;
26 | }
27 |
28 | return newItem;
29 | }
30 |
31 | return {
32 | createLink: function (item, options) {
33 | var type = item.full_name ? 'repo' : 'org';
34 | var newItem = createNewItem(item, options, type);
35 |
36 | return $RPCService.call(type, 'create', newItem);
37 | },
38 |
39 | updateLink: function (item) {
40 | var type = item.repoId ? 'repo' : 'org';
41 | var newItem = createNewItem(item, type);
42 |
43 | return $RPCService.call(type, 'update', newItem);
44 | }
45 | };
46 | }
47 | ]);
--------------------------------------------------------------------------------
/src/server/controller/badge.js:
--------------------------------------------------------------------------------
1 | const express = require('express'),
2 | ejs = require('ejs'),
3 | fs = require('fs'),
4 | path = require('path'),
5 | crypto = require('crypto')
6 |
7 | //api
8 | const cla = require('./../api/cla')
9 |
10 | const router = express.Router()
11 |
12 | router.all('/pull/badge/:signed', (req, res) => {
13 | const fileName = req.params.signed === 'signed' ? 'badge_signed.svg' : 'badge_not_signed.svg'
14 | const status = req.params.signed === 'signed' ? 'signed' : 'pending'
15 | const tmp = fs.readFileSync(path.join(__dirname, '..', 'templates', fileName), 'utf-8')
16 | const hash = crypto.createHash('md5').update(status, 'utf8').digest('hex')
17 |
18 | if (req.get('If-None-Match') === hash) {
19 | return res.status(304).send()
20 | }
21 |
22 | const svg = ejs.render(tmp)
23 |
24 | res.set('Content-Type', 'image/svg+xml')
25 | res.set('Cache-Control', 'no-cache')
26 | res.set('Etag', hash)
27 | res.send(svg)
28 | })
29 |
30 |
31 | router.all('/readme/badge/:owner/:repo', async (req, res) => {
32 | req.args = {
33 | owner: req.params.owner,
34 | repo: req.params.repo
35 | }
36 | let count = 0
37 | try {
38 | count = await cla.countCLA(req)
39 | } catch (error) {
40 | count = 0
41 | }
42 | let url = 'https://img.shields.io/badge/CLAs signed-' + count + '-0594c6.svg?'
43 | if (req.query) {
44 | url = req.query.style ? `${url}&style=${req.query.style}` : url
45 | url = req.query.label ? `${url}&label=${req.query.label}` : url
46 | url = req.query.colorB ? `${url}&colorB=${req.query.colorB}` : url
47 | url = req.query.logo ? `${url}&logo=${req.query.logo}` : url
48 | }
49 | res.redirect(url)
50 | })
51 |
52 | module.exports = router
53 |
--------------------------------------------------------------------------------
/src/client/assets/images/link_active.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
11 |
12 |
13 |
18 |
19 |
24 |
27 |
--------------------------------------------------------------------------------
/src/client/assets/images/linked.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
9 |
10 |
15 |
16 |
21 |
24 |
27 |
28 |
--------------------------------------------------------------------------------
/src/client/modals/templates/confirmRemove.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
5 |
6 | Are you sure you want to unlink?
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 | Unlinking will...
24 |
25 | Remove the CLA assistant webhook in your repository/organization
26 | Remove the link to your list of contributors
27 |
28 |
29 |
30 |
31 | Keep it
32 | Unlink anyway
33 |
34 |
5 |
6 |
7 |
8 |
9 |
10 |
14 |
15 |
16 |
21 |
22 |
27 |
30 |
31 |
--------------------------------------------------------------------------------
/src/client/modals/claView.js:
--------------------------------------------------------------------------------
1 | module.controller('ClaViewCtrl', function ($scope, $modalInstance, $window, cla, $state, $RPCService, $sce, utils) {
2 | $scope.claObj = cla;
3 | $scope.cla = null;
4 | $scope.modalInstance = $modalInstance;
5 |
6 | $scope.getGistName = function (gistObj) {
7 | return utils.getGistAttribute(gistObj, 'filename');
8 | };
9 |
10 | function getCLA() {
11 | return $RPCService.call('cla', 'get', {
12 | repo: $scope.claObj.repo,
13 | owner: $scope.claObj.owner,
14 | gist: {
15 | gist_url: $scope.claObj.gist_url,
16 | gist_version: $scope.claObj.gist_version
17 | }
18 | }, function (err, gist) {
19 | if (!err) {
20 | $scope.claText = gist.value.raw;
21 | }
22 | });
23 | }
24 |
25 | getCLA().then(function (data) {
26 | $scope.cla = $sce.trustAsHtml(data.value.raw);
27 | $scope.cla.text = data.value.raw;
28 | //console.log($scope.cla.text);
29 | });
30 |
31 |
32 | $scope.cancel = function () {
33 | $modalInstance.dismiss('cancel');
34 | };
35 |
36 | })
37 | .directive('clacontent', [function () {
38 | return {
39 | link: function (scope, element, attrs) {
40 | scope.$watch(attrs.clacontent, function (content) {
41 | if (content) {
42 | var linkIcons = element[0].getElementsByClassName('octicon octicon-link');
43 | for (var index in linkIcons) {
44 | if (linkIcons.hasOwnProperty(index)) {
45 | angular.element(linkIcons[index]).removeClass('octicon octicon-link');
46 | }
47 | }
48 | }
49 | });
50 | }
51 | };
52 | }]);
53 |
--------------------------------------------------------------------------------
/src/server/controller/user.js:
--------------------------------------------------------------------------------
1 | const passport = require('passport')
2 | const express = require('express')
3 | const utils = require('../middleware/utils')
4 |
5 | const router = express.Router()
6 | let scope
7 |
8 | function checkReturnTo(req, res, next) {
9 | scope = null
10 | req.session.requiredScope = null
11 | if (!req.session) {
12 | req.session = {}
13 | }
14 |
15 | if (req.query.public === 'true') {
16 | scope = config.server.github.user_scope.concat()
17 | req.session.requiredScope = 'public'
18 | }
19 | if (req.query.admin === 'true') {
20 | scope = config.server.github.admin_scope.concat()
21 | req.session.requiredScope = 'admin'
22 | }
23 | if (req.query.org_admin === 'true') {
24 | scope.push('admin:org_hook')
25 | req.session.requiredScope = 'org_admin'
26 | }
27 |
28 | req.session.returnTo = req.query.public === 'true' ? req.session.next || req.headers.referer : '/'
29 |
30 | passport.authenticate('github', {
31 | scope: scope
32 | })(req, res, next)
33 | }
34 |
35 | router.get('/auth/github', checkReturnTo)
36 |
37 | router.get('/auth/github/callback', passport.authenticate('github', {
38 | failureRedirect: '/'
39 | }),
40 | function (req, res) {
41 | if (req.user && req.session.requiredScope != 'public' && utils.couldBeAdmin(req.user.login) && (!req.user.scope || req.user.scope.indexOf('write:repo_hook') < 0)) {
42 | return res.redirect('/auth/github?admin=true')
43 | }
44 | res.redirect(req.session.returnTo || req.headers.referer || '/')
45 | req.session.next = null
46 | })
47 |
48 | router.get('/logout',
49 | function (req, res, next) {
50 | req.logout()
51 | if (!req.query.noredirect) {
52 | res.redirect('/')
53 | } else {
54 | next()
55 | }
56 | }
57 | )
58 |
59 | module.exports = router
--------------------------------------------------------------------------------
/src/client/modals/templates/linkSuccess.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Awesome!
5 |
6 |
7 | Oops! Something went wrong!
8 |
9 |
10 |
19 |
20 |
21 |
{{selected.gist.name}} and {{selected.item.full_name ? selected.item.full_name : selected.item.login}}
24 |
25 |
26 |
27 |
28 | Error:
30 | {{ error }}
31 |
32 |
33 |
Great, thanks!
34 |
35 |
2 |
3 |
7 |
8 |
9 |
10 |
11 | Sorry, your actual signed CLA is outdated...
12 |
13 |
14 | A new CLA has been linked to this Repository.
15 |
16 |
17 | Take me to the new CLA
18 |
19 |
20 |
21 |
22 |
23 | Sorry, your actual signed CLA is outdated...
24 |
25 |
26 | A new version of the CLA is available.
27 | Please consider to view the changes and to resign the CLA.
28 |
29 |
30 | Show me the changes
31 | Let me resign!
32 |
33 |
34 |
35 |
36 | There is currently no CLA linked to this repository.
37 |
38 |
39 | Please wait, until the owner has linked a CLA.
40 |
41 |
42 |
2 |
3 |
4 |
5 |
How does whitelisting work?
6 |
7 | If a GitHub username is included in the whitelist, they will not be
8 | required to sign a CLA. This also applies to organization usernames.
9 |
10 |
Why whitelist usernames?
11 |
12 | Since there's no way for bot users (such as Dependabot or Greenkeeper) to
13 | sign a CLA, you may want to whitelist them. You can do so by adding their
14 | names (in this case dependabot-preview[bot] and
15 | greenkeeper[bot] separated by a comma) to the whitelist. You can
16 | also use wildcard symbol in case you want to whitelist all bot users
17 | *[bot] .
18 |
19 |
Why whitelist organizations?
20 |
21 | We see at least two use cases you may want to do so:
22 |
23 |
24 | You develop in a team and commit your changes via feature branches. As
25 | soon you create a new pull request CLA assistant would ask you and
26 | your team fellows to sign a CLA even if you are part of the
27 | organization and doesn't need to do so. Now if you whitelist your own
28 | organization name all pull requests coming from the same repository
29 | will pass the CLA check.
30 |
31 |
32 | You get contributions from another company which has already signed
33 | your corporate CLA. You may want to let CLA assistant accept all PRs
34 | coming from this company. Now you can whitelist the GitHub
35 | organization name of this company and all pull requests coming from
36 | this GitHub organization (i.e., from that organization's fork) will pass the check.
37 |
38 |
39 |
40 |
41 |
|<\/p>|\n|\t/g, '');
42 | gistContent.customFields = JSON.parse(metaString);
43 | gistContent.customKeys = Object.keys(gistContent.customFields);
44 | gistContent.hasCustomFields = true;
45 | deferred.resolve(gistContent);
46 | } catch (ex) {
47 | deferred.reject(ex);
48 | }
49 | } else {
50 | deferred.resolve(gistContent);
51 | }
52 | } else {
53 | deferred.reject(err);
54 | }
55 | });
56 |
57 | return deferred.promise;
58 | }
59 | };
60 | }
61 | ]);
--------------------------------------------------------------------------------
/src/client/assets/styles/_navbar.scss:
--------------------------------------------------------------------------------
1 | $navbar-default-bg: $body-bg;
2 | /*$navbar-default-color: $gray-darkest;
3 | $navbar-default-link-color: $gray-darkest;
4 | $navbar-default-link-hover-color: $gray-darker;
5 | $navbar-default-brand-hover-color: $gray;
6 | $navbar-default-link-active-color: $gray;*/
7 | $navbar-margin-bottom: 0;
8 | $nav-link-padding: 15px 20px 15px 0px;
9 |
10 | $grid-float-breakpoint: 100px;
11 |
12 | $navbar-height: 60px;
13 | $footer-height: $navbar-height;
14 |
15 | .navbar a{
16 | text-decoration: none;
17 | }
18 |
19 |
20 | .navbar-default {
21 | border-color: white;
22 |
23 | .container-fluid{
24 | height: $navbar-height;
25 | margin: 0px;
26 | padding-top: 15px;
27 | }
28 | }
29 |
30 | .navbar-default .navbar-text {
31 | color: $gray-darkest;
32 | margin: 0;
33 | }
34 |
35 | .navbar-home-right{
36 | float: right;
37 | }
38 |
39 | .navbar-home-left{
40 | float: left;
41 | margin-left: 0px
42 | }
43 |
44 | .navbar-fixed-bottom {
45 | position: absolute;
46 | bottom: 0;
47 | width: 100%;
48 | border: transparent;
49 | color: $navbar-default-color;
50 | }
51 |
52 | .navbar-top-border {
53 | height: 1px;
54 | margin: 0px 15px;
55 | background: $brand-primary-lightest;
56 | }
57 |
58 | .navbar-left:first-child {
59 | margin-left: 0px;
60 | }
61 | .navbar{
62 | min-height: $navbar-height;
63 | }
64 |
65 | .navbar-center {
66 | position: absolute;
67 | left: 0;
68 | margin-left: auto;
69 | margin-right: auto;
70 | width: 100%;
71 | text-align: center;
72 | z-index:-1
73 | }
74 |
75 | @media(max-width: 767px) {
76 | .navbar-text {
77 | margin: 0px;
78 | }
79 | .navbar-default .container-fluid{
80 | padding-top: 0px;
81 | }
82 |
83 | .navbar-fixed-top .container-fluid{
84 | padding: 15px;
85 | }
86 |
87 |
88 | .navbar-text-hide{
89 | visibility: hidden;
90 | }
91 |
92 | .navbar-left {
93 | text-align: center;
94 | margin: 0px;
95 | }
96 | }
97 |
98 | @media (min-width: 992px) {
99 | .navbar-top-space {
100 | margin-top: 55px;
101 | }
102 | }
103 |
104 | .nav-justified>li, .nav-justified>.nav-tabs.nav-justified {
105 | bottom: -1px;
106 | }
107 |
108 | nav {
109 | margin-top: 10px;
110 | }
111 |
112 | nav .nav-justified>li>a {
113 | color: $gray;
114 | }
115 |
116 | .nav-justified>.active>a,
117 | .nav>li>a:hover,
118 | .nav>li>a:focus {
119 | background-color: transparent;
120 | }
121 |
122 | .nav-justified>.active>a,
123 | .nav>li>a:hover {
124 | color: $gray-darkest;
125 | border-bottom: solid;
126 | }
127 |
--------------------------------------------------------------------------------
/src/client/modals/editLinkedItem.js:
--------------------------------------------------------------------------------
1 | module.controller('EditLinkedItemCtrl', function ($scope, $modalInstance, $window, $modal, linkItemService, item, gist, gists) {
2 | $scope.linkedItem = item;
3 | $scope.gists = gists;
4 | $scope.selected = {};
5 | $scope.errorMsg = [];
6 |
7 | $scope.selected.item = angular.copy(item);
8 |
9 | function initGist() {
10 | $scope.selected.gist = { name: gist.description || gist.fileName, url: gist.html_url } || gists.find(function (g) {
11 | return g.url === item.gist;
12 | });
13 | // $scope.selected.gist = gists.find(function (g) {
14 | // return g.url === item.gist;
15 | // }) || { name: gist.description || gist.fileName, url: gist.html_url };
16 | }
17 |
18 | function getGistId(url) {
19 | var regexLastSlash = new RegExp('(.*)/$', 'g');
20 | var result = regexLastSlash.exec(url);
21 | var newUrl = result ? result[1] : url;
22 | var regexGistId = new RegExp('([a-zA-Z0-9_-]*)$', 'g');
23 |
24 | return regexGistId.exec(newUrl)[1];
25 | }
26 |
27 | $scope.clear = function ($event) {
28 | $event.stopPropagation();
29 | $scope.selected.gist = undefined;
30 | };
31 |
32 | $scope.gistShareInfo = function () {
33 | $modal.open({
34 | templateUrl: '/modals/templates/info_share_gist.html',
35 | controller: 'InfoCtrl',
36 | windowClass: 'howto'
37 | });
38 | };
39 |
40 | $scope.whitelistInfo = function () {
41 | $modal.open({
42 | templateUrl: '/modals/templates/whitelist_info.html',
43 | controller: 'InfoCtrl',
44 | windowClass: 'howto'
45 | });
46 | };
47 |
48 | $scope.ok = function (itemToSave) {
49 | $scope.selectedGistId = getGistId($scope.selected.gist.url);
50 | $scope.itemsGistId = getGistId(itemToSave.gist);
51 |
52 | if ($scope.selectedGistId !== $scope.itemsGistId) {
53 | itemToSave.gist = $scope.selected.gist;
54 | } else if (!itemToSave.gist.url) {
55 | itemToSave.gist = { url: itemToSave.gist };
56 | }
57 | linkItemService.updateLink(itemToSave).then(function success(data) {
58 | if (data.value) {
59 | $modalInstance.close(data.value);
60 | }
61 | }, function failure(err) {
62 | $scope.errorMsg.push(err);
63 | });
64 | };
65 |
66 | $scope.cancel = function () {
67 | $modalInstance.dismiss('cancel');
68 | };
69 |
70 | initGist();
71 |
72 | });
73 |
--------------------------------------------------------------------------------
/.github/workflows/build.yml:
--------------------------------------------------------------------------------
1 | name: CI/CDPipeline
2 |
3 | on:
4 | push:
5 | branches:
6 | - '*'
7 | tags:
8 | - '*'
9 | pull_request:
10 | branches:
11 | - master
12 |
13 | jobs:
14 | build:
15 | runs-on: ${{ matrix.os }}
16 | strategy:
17 | matrix:
18 | node_version:
19 | - 12
20 | os:
21 | - ubuntu-latest
22 |
23 | steps:
24 | - uses: actions/checkout@v2
25 | - name: setup gcloud CLI
26 | uses: GoogleCloudPlatform/github-actions/setup-gcloud@master
27 | with:
28 | version: '275.0.0'
29 | service_account_key: ${{ secrets.GCP_base64 }}
30 | # Configure docker to use the gcloud command-line tool as a credential helper
31 | - run: gcloud auth configure-docker
32 | - name: Use Node version 12.6
33 | uses: actions/setup-node@v1
34 | with:
35 | version: ${{ matrix.node_version }}
36 | - name: Npm Install
37 | run: |
38 | npm install
39 |
40 | - name: grunt build and test
41 | run: |
42 | grunt build
43 | grunt test
44 | grunt coverage
45 | - name: Test Coverage
46 | uses: coverallsapp/github-action@master
47 | with:
48 | github-token: ${{ secrets.github_token }}
49 | path-to-lcov: ./output/coverage/lcov.info
50 | - name: build the docker image with committ SHA for staging
51 | if: github.ref == 'refs/heads/master'
52 | run: docker build -t eu.gcr.io/sap-cla-assistant/cla-assistant:${GITHUB_SHA} .
53 | - name: build the docker images with tag name and latest for production
54 | if: startsWith(github.ref, 'refs/tags')
55 | run: docker build -t eu.gcr.io/sap-cla-assistant/cla-assistant:${GITHUB_REF:10} -t eu.gcr.io/sap-cla-assistant/cla-assistant:latest -t sapclaassistant/claassistant:latest -t sapclaassistant/claassistant:${GITHUB_REF:10} .
56 | - name: push the latest and release images to dockerhub only for releases
57 | if: startsWith(github.ref, 'refs/tags')
58 | run: |
59 | docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
60 | docker push sapclaassistant/claassistant
61 | - name: push images to gcp
62 | if: github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags')
63 | run: docker push eu.gcr.io/sap-cla-assistant/cla-assistant
64 | - name: deploy to staging cloud run service
65 | if: github.ref == 'refs/heads/master'
66 | run: gcloud --quiet --project sap-cla-assistant beta run deploy cla-assistant-staging --platform managed --region europe-west1 --image eu.gcr.io/sap-cla-assistant/cla-assistant:${GITHUB_SHA}
67 |
--------------------------------------------------------------------------------
/src/client/modals/templates/upload.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Import
5 |
6 |
7 |
8 | Import a CSV file containing all the GitHub usernames of contributors who have already signed your CLA.
9 |
10 |
11 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 | {{$select.selected}}
34 |
35 |
37 |
38 |
39 |
40 |
41 |
42 | {{ datum }}
43 |
44 |
45 |
46 |
47 |
50 |
51 |
52 | Cancel
53 | Import
54 |
55 |
2 |
3 |
4 |
5 |
Error
6 |
There is no CLA to sign for {{params.user}}/{{params.repo}}
7 |
({{noLinkedItemError}})
8 |
9 |
10 |
31 |
32 | I agree
34 | Sign in with GitHub to agree
35 |
36 |
37 |
38 |
39 |
Thank you {{user.value.login}}
40 |
for signing the CLA!
41 |
42 |
we are now taking you back to GitHub
43 |
44 |
45 |
46 |
5 |
6 |
9 |
10 |
32 |
49 |
--------------------------------------------------------------------------------
/src/tests/server/services/github.js:
--------------------------------------------------------------------------------
1 | /*global describe, it, beforeEach*/
2 |
3 | // unit test
4 | const rewire = require('rewire')
5 | const assert = require('assert')
6 | const sinon = require('sinon')
7 |
8 | // config
9 | global.config = require('../../../config')
10 |
11 | // service
12 | const github = rewire('../../../server/services/github')
13 | const cache = require('memory-cache')
14 |
15 | const callStub = sinon.stub()
16 | const authenticateStub = sinon.stub()
17 |
18 | describe('github:call', () => {
19 | let expectedAuth
20 | function OctokitMock(args) {
21 | assert.deepStrictEqual(args.auth, expectedAuth)
22 | assert.strictEqual(args.protocol, 'https')
23 | assert.strictEqual(args.version, '3.0.0')
24 | assert.strictEqual(args.host, 'api.github.com')
25 | assert.strictEqual(args.pathPrefix, null)
26 |
27 | this.obj = {
28 | fun: callStub,
29 | listSomething: {
30 | endpoint: {
31 | merge: function (args) {
32 | return args
33 | }
34 | }
35 | }
36 | }
37 |
38 | this.authenticate = authenticateStub
39 |
40 | this.paginate = callStub
41 | }
42 | OctokitMock.plugin = sinon.stub().returns(OctokitMock)
43 |
44 | github.__set__('Octokit', OctokitMock)
45 |
46 | beforeEach(() => {
47 | github.resetList = {}
48 | callStub.reset()
49 | cache.clear()
50 | expectedAuth = undefined
51 | authenticateStub.reset()
52 | })
53 |
54 | it('should return an error if obj is not set', async () => {
55 | try {
56 | await github.call({})
57 | assert(false, 'Should throw an error')
58 | } catch (error) {
59 | assert.equal(error.message, 'obj required/obj not found')
60 | }
61 | })
62 |
63 | it('should return an error if fun is not set', async () => {
64 | try {
65 | await github.call({ obj: 'obj' })
66 | assert(false, 'Should throw an error')
67 | } catch (error) {
68 | assert.equal(error.message, 'fun required/fun not found')
69 | }
70 | })
71 |
72 | it('should authenticate when token is set', async () => {
73 | expectedAuth = 'token token'
74 | callStub.resolves({ data: {}, meta: {} })
75 |
76 | await github.call({
77 | obj: 'obj',
78 | fun: 'fun',
79 | token: 'token'
80 | })
81 | })
82 |
83 | it('should authenticate when basic authentication is required', async () => {
84 | expectedAuth = {
85 | username: 'user',
86 | password: 'pass'
87 | }
88 | callStub.resolves({ data: {}, meta: {} })
89 | await github.call({
90 | obj: 'obj',
91 | fun: 'fun',
92 | basicAuth: {
93 | user: 'user',
94 | pass: 'pass'
95 | }
96 | })
97 | })
98 |
99 | it('should not authenticate when neither token nor basicAuth are provided', async () => {
100 | expectedAuth = undefined
101 | callStub.resolves({ data: {}, meta: {} })
102 | await github.call({
103 | obj: 'obj',
104 | fun: 'fun'
105 | })
106 | })
107 |
108 | it('should call the appropriate function on the github api', async () => {
109 | const testHeaders = {
110 | link: null,
111 | 'x-oauth-scopes': []
112 | }
113 | callStub.resolves({ data: {}, headers: testHeaders })
114 | const res = await github.call({
115 | obj: 'obj',
116 | fun: 'fun'
117 | })
118 | assert.deepStrictEqual(res, { data: {}, headers: testHeaders })
119 | })
120 |
121 | it('should return github error', async () => {
122 | callStub.rejects('github error')
123 | try {
124 | await github.call({
125 | obj: 'obj',
126 | fun: 'fun'
127 | })
128 | assert(false, 'Should throw an error')
129 | } catch (error) {
130 | assert.equal(error, 'github error')
131 | }
132 | })
133 | })
--------------------------------------------------------------------------------
/src/client/modals/upload.js:
--------------------------------------------------------------------------------
1 | module.controller('UploadCtrl',
2 | function ($scope, $modalInstance, customFields) {
3 |
4 | $scope.json = {};
5 | $scope.availableFieldKeys = ['user', 'created_at'];
6 | $scope.selectedKeys = {};
7 |
8 | $scope.availableFieldKeys = $scope.availableFieldKeys.concat(customFields);
9 |
10 | $scope.selectedKeyList = function () {
11 | return Object.keys($scope.selectedKeys).map(function (i) { return $scope.selectedKeys[i]; });
12 | };
13 |
14 | $scope.canBeUploaded = function () {
15 | return $scope.selectedKeyList().indexOf('user') != -1;
16 | };
17 |
18 | $scope.validateAttribute = function (data, index) {
19 | if ($scope.selectedKeys[index] === 'created_at') {
20 | return isNaN(Date.parse(data)) ? 'danger' : 'success';
21 | } else if ($scope.selectedKeys[index] === 'user') {
22 | return typeof data === 'string' ? 'success' : 'danger';
23 | }
24 | };
25 |
26 | $scope.$watch('file', function () {
27 | if ($scope.file) {
28 | Papa.parse($scope.file, {
29 | complete: function (data) {
30 | $scope.json = data;
31 | }
32 | });
33 | }
34 | });
35 |
36 | $scope.upload = function () {
37 |
38 | var data = [];
39 | if ($scope.header) {
40 | $scope.json.data.splice(0, 1);
41 | }
42 | data = $scope.json.data.map(function (line) {
43 | var argsToUpload = {};
44 | try {
45 | Object.keys($scope.selectedKeys).forEach(function (index) {
46 | var attributeName = $scope.selectedKeys[index];
47 | if (attributeName === 'user') {
48 | argsToUpload.user = line[index];
49 | } else if (attributeName === 'created_at') {
50 | if (isNaN(Date.parse(line[index]))) {
51 | throw new Error('unsupported date format');
52 | }
53 | argsToUpload.created_at = new Date(line[index]).toUTCString();
54 | } else {
55 | argsToUpload.custom_fields = argsToUpload.custom_fields ? argsToUpload.custom_fields : {};
56 | argsToUpload.custom_fields[attributeName] = line[index];
57 | }
58 | });
59 | } catch (e) {
60 | // eslint-disable-next-line no-console
61 | console.log(e);
62 |
63 | return;
64 | }
65 | argsToUpload.custom_fields = JSON.stringify(argsToUpload.custom_fields);
66 |
67 | return argsToUpload;
68 | }).filter(function (line) { return line; });
69 |
70 | $modalInstance.close(data);
71 | };
72 |
73 | $scope.cancel = function () {
74 | $modalInstance.dismiss('cancel');
75 | };
76 | }
77 | )
78 | .directive('fileModel', function () {
79 | return {
80 | scope: {
81 | fileModel: '='
82 | },
83 | link: function (scope, elem) {
84 | elem.bind('change drop', function (change) {
85 | var reader = new FileReader();
86 | reader.onload = function (load) {
87 | scope.$apply(function () {
88 | scope.fileModel = load.target.result;
89 | });
90 | };
91 | reader.readAsText(change.target.files[0]);
92 | });
93 | }
94 | };
95 | });
96 |
97 | filters.filter('notSelected', function () {
98 | return function (items, arr) {
99 |
100 | if (!arr || arr.length === 0) {
101 | return items;
102 | }
103 |
104 | var notMatched = [];
105 |
106 | items.forEach(function (item) {
107 | if (arr.indexOf(item) < 0) {
108 | notMatched.push(item);
109 | }
110 | });
111 |
112 | return notMatched;
113 | };
114 | });
--------------------------------------------------------------------------------
/src/client/assets/images/nervous_remove/nervous-36.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
13 |
21 |
25 |
31 |
33 |
38 |
47 |
48 |
49 |
52 |
53 |
55 |
56 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/src/client/modals/templates/report.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
9 |
10 |
11 | Contributors who signed {{getGistName()}}
12 |
13 |
14 |
29 |
30 |
31 |
32 |
33 |
34 |
{{getGistName()}}
35 |
36 |
37 |
38 |
39 |
40 |
41 |
{{ claItem.owner }} / {{ claItem.repo }}
42 |
{{ claItem.org }}
43 |
44 |
45 |
46 |
Contributor
47 |
49 |
Date
50 |
52 |
53 |
54 |
55 |
56 |
{{contributor.user_name}}
57 |
{{contributor.signed_at | date: 'medium'}}
58 |
59 |
60 |
63 |
64 | {{contributors.length}} contributor signed this CLA
65 |
66 | {{contributors.length}} contributors signed this CLA
67 |
--------------------------------------------------------------------------------
/src/client/assets/images/error.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
6 |
7 |
8 |
13 |
21 |
25 |
31 |
33 |
38 |
47 |
48 |
49 |
52 |
53 |
55 |
56 |
65 |
69 |
70 |
--------------------------------------------------------------------------------
/src/client/templates/settings.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
15 |
16 |
27 |
28 |
36 |
37 |
38 |
39 |
40 |
41 |
44 |
45 |
46 | {{ item.sharedGist ? 'Yes' : 'No' }}
47 |
48 |
49 |
53 |
54 |
63 |
64 |
67 |
--------------------------------------------------------------------------------
/src/server/services/github.js:
--------------------------------------------------------------------------------
1 | const request = require('request-promise-native')
2 |
3 | const cache = require('memory-cache')
4 | const config = require('../../config')
5 | let Octokit = require('@octokit/rest')
6 | .plugin(require('@octokit/plugin-throttling'))
7 | .plugin(require('@octokit/plugin-retry'))
8 | const stringify = require('json-stable-stringify')
9 | const logger = require('../services/logger')
10 |
11 | async function callGithub(octokit, obj, fun, arg, cacheKey) {
12 | const cachedRes = arg.noCache ? null : cache.get(cacheKey)
13 | delete arg.noCache
14 | if (cachedRes && config.server.cache_time > 0) {
15 | return cachedRes
16 | }
17 | let res
18 | if (fun.match(/list.*/g)) {
19 | const options = octokit[obj][fun].endpoint.merge(arg)
20 | res = {
21 | data: await octokit.paginate(options)
22 | }
23 | } else {
24 | res = await octokit[obj][fun](arg)
25 | }
26 |
27 | if (res && config.server.cache_time > 0) {
28 | cache.put(cacheKey, res, 60000 * config.server.cache_time)
29 | }
30 |
31 | return res
32 | }
33 |
34 | function newOctokit(auth) {
35 | Octokit = addReposGetByIdEndpoint()
36 | return new Octokit({
37 | auth,
38 | protocol: config.server.github.protocol,
39 | version: config.server.github.version,
40 | host: config.server.github.api,
41 | pathPrefix: config.server.github.enterprise ? '/api/v3' : null,
42 | throttle: {
43 | onRateLimit: (retryAfter, options) => {
44 | // eslint-disable-next-line no-console
45 | console.warn(`Request quota exhausted for request ${options.method} ${options.url}`)
46 |
47 | if (options.request.retryCount === 0) { // only retries once
48 | // eslint-disable-next-line no-console
49 | console.log(`Retrying after ${retryAfter} seconds!`)
50 | return true
51 | }
52 | },
53 | onAbuseLimit: (retryAfter, options) => {
54 | // does not retry, only logs a warning
55 | // eslint-disable-next-line no-console
56 | console.warn(`Abuse detected for request ${options.method} ${options.url}`)
57 | }
58 | }
59 | })
60 | }
61 |
62 | function addReposGetByIdEndpoint() {
63 | return Octokit.plugin((octokit) => {
64 | octokit.registerEndpoints({
65 | repos: {
66 | getById: {
67 | method: 'GET',
68 | url: '/repositories/:id',
69 | params: {
70 | id: {
71 | type: 'string',
72 | required: true
73 | }
74 | }
75 | }
76 | }
77 | })
78 | })
79 | }
80 |
81 | const githubService = {
82 | resetList: {},
83 |
84 | call: async (call) => {
85 | const arg = call.arg || {}
86 | const basicAuth = call.basicAuth
87 | const fun = call.fun
88 | const obj = call.obj
89 | const token = call.token
90 |
91 | const argWithoutNoCache = Object.assign({}, arg)
92 | delete argWithoutNoCache.noCache
93 |
94 | const stringArgs = stringify({
95 | obj: call.obj,
96 | fun: call.fun,
97 | arg: argWithoutNoCache,
98 | token: call.token
99 | })
100 |
101 | let auth
102 | if (token) {
103 | auth = `token ${token}`
104 | }
105 | if (basicAuth) {
106 | auth = {
107 | username: basicAuth.user,
108 | password: basicAuth.pass
109 | }
110 | }
111 | const octokit = newOctokit(auth)
112 |
113 | if (!obj || !octokit[obj]) {
114 | throw new Error('obj required/obj not found')
115 | }
116 |
117 | if (!fun || !octokit[obj][fun]) {
118 | throw new Error('fun required/fun not found')
119 | }
120 | try {
121 | return callGithub(octokit, obj, fun, arg, stringArgs)
122 | } catch (error) {
123 | logger.info(`${error} - Error on callGithub.${obj}.${fun} with args ${arg}.`)
124 | throw new Error(error)
125 | }
126 | },
127 |
128 | callGraphql: async (query, token) => {
129 | return request.post({
130 | headers: {
131 | 'Authorization': `bearer ${token}`,
132 | 'User-Agent': 'CLA assistant'
133 | },
134 | url: config.server.github.graphqlEndpoint,
135 | body: query
136 | })
137 | }
138 | }
139 |
140 | module.exports = githubService
--------------------------------------------------------------------------------
/src/server/api/org.js:
--------------------------------------------------------------------------------
1 | const org = require('../services/org')
2 | const github = require('../services/github')
3 | const log = require('../services/logger')
4 | const Joi = require('joi')
5 | const webhook = require('./webhook')
6 | const logger = require('../services/logger')
7 | const utils = require('../middleware/utils')
8 | //queries
9 | const queries = require('../graphQueries/github')
10 | const newOrgSchema = Joi.object().keys({
11 | orgId: Joi.number().required(),
12 | org: Joi.string().required(),
13 | gist: Joi.string().required(),
14 | token: Joi.string().required(),
15 | excludePattern: Joi.string(),
16 | sharedGist: Joi.boolean(),
17 | minFileChanges: Joi.number(),
18 | minCodeChanges: Joi.number(),
19 | whiteListPattern: Joi.string().allow(''),
20 | privacyPolicy: Joi.string().allow('')
21 | })
22 | const removeOrgSchema = Joi.object().keys({
23 | org: Joi.string(),
24 | orgId: Joi.number()
25 | }).or('org', 'orgId')
26 |
27 | class OrgAPI {
28 | async create(req) {
29 | req.args.token = req.args.token || req.user.token
30 | utils.validateArgs(req.args, newOrgSchema, true)
31 |
32 | const query = {
33 | orgId: req.args.orgId,
34 | org: req.args.org,
35 | }
36 | let dbOrg
37 | try {
38 | dbOrg = await org.get(query)
39 | } catch (error) {
40 | logger.info(new Error(error).stack)
41 | }
42 |
43 | if (dbOrg) {
44 | throw new Error('This org is already linked.')
45 | }
46 | dbOrg = await org.create(req.args)
47 |
48 | try {
49 | await webhook.create(req)
50 | } catch (error) {
51 | logger.error(new Error(error).stack)
52 | }
53 | return dbOrg
54 | }
55 |
56 | async update(req) {
57 | req.args.token = req.args.token || req.user.token
58 | utils.validateArgs(req.args, newOrgSchema, true)
59 |
60 | return org.update(req.args)
61 | }
62 |
63 | async getForUser(req) {
64 | try {
65 | const res = await this.getGHOrgsForUser(req)
66 | const argsForOrg = {
67 | orgId: res.map((org) => org.id)
68 | }
69 | return org.getMultiple(argsForOrg)
70 | } catch (error) {
71 | log.warn(error.stack)
72 | throw error
73 | }
74 | }
75 |
76 | async getGHOrgsForUser(req) {
77 | let organizations = []
78 |
79 | async function callGithub(arg) {
80 | const query = arg.query ? arg.query : queries.getUserOrgs(req.user.login, null)
81 |
82 | try {
83 | let body = await github.callGraphql(query, req.user.token)
84 | body = JSON.parse(body)
85 |
86 | if (body.errors) {
87 | const errorMessage = body.errors[0] && body.errors[0].message ? body.errors[0].message : 'Error occurred by getting users organizations'
88 | logger.info(new Error(errorMessage).stack)
89 | }
90 |
91 | const data = body.data.user.organizations
92 |
93 | organizations = data.edges.reduce((orgs, edge) => {
94 | if (edge.node.viewerCanAdminister) {
95 | edge.node.id = edge.node.databaseId
96 | orgs.push(edge.node)
97 | }
98 |
99 | return orgs
100 | }, organizations)
101 |
102 | if (data.pageInfo.hasNextPage) {
103 | arg.query = queries.getUserOrgs(req.user.login, data.pageInfo.endCursor)
104 | return callGithub(arg)
105 | }
106 | return organizations
107 | } catch (error) {
108 | log.info(new Error(error).stack)
109 | log.warn(`No result on GH call, getting user orgs! For user: ${req.user}`)
110 | throw error
111 | }
112 | }
113 | if (req.user && req.user.login) {
114 | return callGithub({})
115 | }
116 |
117 | throw new Error('User is undefined')
118 | }
119 | // update(req, done){
120 | // org.update(req.args, done)
121 | // }
122 | async remove(req) {
123 | utils.validateArgs(req.args, removeOrgSchema)
124 | const dbOrg = await org.remove(req.args)
125 | if (!dbOrg) {
126 | throw new Error('Organization is not Found')
127 | }
128 | req.args.org = dbOrg.org
129 | try {
130 | await webhook.remove(req)
131 | } catch (error) {
132 | logger.warn(new Error(error))
133 | }
134 | return dbOrg
135 | }
136 | }
137 |
138 | module.exports = new OrgAPI()
--------------------------------------------------------------------------------
/src/config.js:
--------------------------------------------------------------------------------
1 | /**
2 | * Configuration Module
3 | *
4 | * @title config
5 | * @overview Configuration Module
6 | */
7 | let path = require('path');
8 |
9 | module.exports = {
10 | server: {
11 | github: {
12 | // optional
13 | protocol: process.env.GITHUB_PROTOCOL || 'https',
14 | host: process.env.GITHUB_HOST || 'github.com',
15 | api: process.env.GITHUB_API_HOST || 'api.github.com',
16 | enterprise: !!process.env.GITHUB_HOST, // flag enterprise version
17 | version: process.env.GITHUB_VERSION || '3.0.0',
18 |
19 | graphqlEndpoint: process.env.GITHUB_GRAPHQL || 'https://api.github.com/graphql',
20 |
21 | // required
22 | client: process.env.GITHUB_CLIENT,
23 | secret: process.env.GITHUB_SECRET,
24 |
25 | // required
26 | user: process.env.GITHUB_USER,
27 | pass: process.env.GITHUB_PASS,
28 | admin_users: process.env.GITHUB_ADMIN_USERS ? process.env.GITHUB_ADMIN_USERS.split(/\s*,\s*/) : [],
29 |
30 | // required
31 | token: process.env.GITHUB_TOKEN,
32 |
33 | user_scope: ['user:email'],
34 | admin_scope: ['user:email', 'repo:status', 'read:repo_hook', 'write:repo_hook', 'read:org', 'gist'],
35 |
36 | commit_bots: ['web-flow'],
37 |
38 | //delay reaction on webhook
39 | enforceDelay: parseInt(process.env.GITHUB_DELAY || '5000', 10),
40 |
41 | //slow down API calls in order to avoid abuse rate limit
42 | timeToWait: process.env.GITHUB_TIME_TO_WAIT || 1000
43 | },
44 |
45 | localport: process.env.PORT || 5000,
46 |
47 | always_recompile_sass: process.env.NODE_ENV === 'production' ? false : true,
48 |
49 | cache_time: process.env.CACHE_TIME || 5,
50 |
51 | http: {
52 | protocol: process.env.PROTOCOL || 'http',
53 | host: process.env.HOST || 'cla-assistant.io',
54 | port: process.env.HOST_PORT
55 | },
56 |
57 | security: {
58 | sessionSecret: process.env.SESSION_SECRET || 'cla-assistant',
59 | cookieMaxAge: 60 * 60 * 1000
60 | },
61 |
62 | smtp: {
63 | enabled: !!process.env.SMTP_HOST,
64 | host: process.env.SMTP_HOST,
65 | secure: (!!process.env.SMTP_SSL && process.env.SMTP_SSL === 'true'),
66 | port: process.env.SMTP_PORT || 465,
67 | auth: {
68 | user: process.env.SMTP_USER,
69 | pass: process.env.SMTP_PASS
70 | },
71 | name: 'cla-assistant'
72 | },
73 |
74 | mongodb: {
75 | uri: process.env.MONGODB || process.env.MONGOLAB_URI
76 | },
77 |
78 | slack: {
79 | url: process.env.SLACK_URL,
80 | channel: process.env.SLACK_CHANNEL
81 | },
82 |
83 | templates: {
84 | login: process.env.LOGIN_PAGE_TEMPLATE || path.join(__dirname, 'client', 'login.html')
85 | },
86 |
87 | api_access: {
88 | free: ['/api/cla/get', '/api/cla/getLinkedItem'],
89 | external: ['/api/cla/getAll'],
90 | admin_only: [
91 | '/api/cla/addSignature',
92 | '/api/cla/hasSignature',
93 | '/api/cla/terminateSignature',
94 | '/api/cla/validate',
95 | '/api/cla/getGist',
96 | '/api/org/create',
97 | '/api/org/remove',
98 | '/api/repo/create',
99 | '/api/repo/remove'
100 | ]
101 | },
102 |
103 | feature_flag: {
104 | required_signees: process.env.REQUIRED_SIGNEES || '',
105 | organization_override_enabled: process.env.ORG_OVERRIDE_ENABLED || false,
106 | },
107 |
108 | static: [
109 | path.join(__dirname, 'bower'),
110 | path.join(__dirname, 'client')
111 | ],
112 |
113 | api: [
114 | path.join(__dirname, 'server', 'api', '*.js')
115 | ],
116 |
117 | webhooks: [
118 | path.join(__dirname, 'server', 'webhooks', '*.js')
119 | ],
120 |
121 | documents: [
122 | path.join(__dirname, 'server', 'documents', '*.js')
123 | ],
124 |
125 | controller: [
126 | path.join(__dirname, 'server', 'controller', '!(default).js'),
127 | path.join(__dirname, 'server', 'controller', 'default.js')
128 | ],
129 |
130 | graphQueries: [
131 | path.join(__dirname, 'server', 'graphQueries', '*.js')
132 | ],
133 |
134 | middleware: [
135 | path.join(__dirname, 'server', 'middleware', '*.js')
136 | ],
137 |
138 | passport: [
139 | path.join(__dirname, 'server', 'passports', '*.js')
140 | ],
141 |
142 | }
143 | };
--------------------------------------------------------------------------------
/src/client/assets/images/feature2.svg:
--------------------------------------------------------------------------------
1 |
2 |
3 |
5 |
8 |
12 |
15 |
16 |
18 |
22 |
23 |
27 |
28 |
30 |
31 |
38 |
40 |
41 |
42 |
47 |
48 |
49 |
56 |
58 |
65 |
70 |
74 |
75 |
76 |
--------------------------------------------------------------------------------
/src/server/passports/github.js:
--------------------------------------------------------------------------------
1 | const url = require('../services/url')
2 | const repoService = require('../services/repo')
3 | const orgApi = require('../api/org')
4 | const logger = require('../services/logger')
5 | const passport = require('passport')
6 | const Strategy = require('passport-github').Strategy
7 | const merge = require('merge')
8 | const User = require('mongoose').model('User')
9 | const fetch = require('node-fetch')
10 | const base64 = require('base-64')
11 |
12 | function updateToken(item, newToken) {
13 | item.token = newToken
14 | item.save()
15 | logger.debug('Update access token for repo / org', item.repo || item.org)
16 | }
17 |
18 | async function checkToken(item, accessToken) {
19 | const baseURL = `https://api.github.com`
20 | const checkAuthApi = `${ baseURL }/applications/${ config.server.github.client }/token`
21 | const newToken = accessToken
22 | const oldToken = item.token
23 | const accesstokenObject = {
24 | access_token: oldToken
25 | }
26 |
27 | try {
28 | const header = {
29 | method: 'POST',
30 | headers: {
31 | 'Authorization': 'Basic ' + base64.encode(config.server.github.client + ":" + config.server.github.secret),
32 | 'User-Agent': 'CLA assistant',
33 | 'Accept': 'application/vnd.github.doctor-strange-preview+json',
34 | 'Content-Type': 'application/json'
35 | },
36 | body: JSON.stringify(accesstokenObject)
37 | }
38 | const res = await fetch(checkAuthApi, header)
39 | const checkTokenResponse = await res.json()
40 | if (checkTokenResponse) {
41 | if (!(checkTokenResponse && checkTokenResponse.scopes && checkTokenResponse.scopes.indexOf('write:repo_hook') >= 0)) {
42 | updateToken(item, newToken)
43 | } else if (item.repo) {
44 | const ghRepo = await repoService.getGHRepo(item)
45 | if (!(ghRepo && ghRepo.permissions && ghRepo.permissions.admin)) {
46 | updateToken(item, newToken)
47 | logger.info('Update access token for repo ', item.repo, ' admin rights have been changed')
48 | }
49 | }
50 | }
51 | } catch (error) {
52 | updateToken(item, newToken)
53 | }
54 |
55 | }
56 |
57 | passport.use(new Strategy({
58 | clientID: config.server.github.client,
59 | clientSecret: config.server.github.secret,
60 | callbackURL: url.githubCallback,
61 | authorizationURL: url.githubAuthorization,
62 | tokenURL: url.githubToken,
63 | userProfileURL: url.githubProfile()
64 | }, async (accessToken, _refreshToken, params, profile, done) => {
65 | let user
66 | try {
67 | user = await User.findOne({
68 | name: profile.username
69 | })
70 |
71 | if (user && !user.uuid) {
72 | user.uuid = profile.id
73 | }
74 | user.token = accessToken
75 | user.save()
76 | } catch (error) {
77 | logger.warn(error.stack)
78 | }
79 |
80 | if (!user) {
81 | try {
82 | await User.create({
83 | uuid: profile.id,
84 | name: profile.username,
85 | token: accessToken
86 | })
87 | } catch (error) {
88 | logger.warn(new Error(`Could not create new user ${error}`).stack)
89 | }
90 | }
91 | // User.update({
92 | // uuid: profile.id
93 | // }, {
94 | // name: profile.username,
95 | // email: '', // needs fix
96 | // token: accessToken
97 | // }, {
98 | // upsert: true
99 | // }, function () {})
100 |
101 | if (params.scope.indexOf('write:repo_hook') >= 0) {
102 | try {
103 | const repoRes = await repoService.getUserRepos({
104 | token: accessToken
105 | })
106 | if (repoRes && repoRes.length > 0) {
107 | repoRes.forEach((repo) => checkToken(repo, accessToken))
108 | }
109 | } catch (error) {
110 | logger.warn(new Error(error).stack)
111 | }
112 | }
113 | if (params.scope.indexOf('admin:org_hook') >= 0) {
114 | try {
115 | const orgRes = await orgApi.getForUser({
116 | user: {
117 | token: accessToken,
118 | login: profile.username
119 | }
120 | })
121 | if (orgRes && orgRes.length > 0) {
122 | orgRes.forEach((org) => checkToken(org, accessToken))
123 | }
124 | } catch (error) {
125 | logger.warn(new Error(error).stack)
126 | }
127 | }
128 | done(null, merge(profile._json, {
129 | token: accessToken,
130 | scope: params.scope
131 | }))
132 | }))
133 |
134 | passport.serializeUser((user, done) => done(null, user))
135 |
136 | passport.deserializeUser((user, done) => done(null, user))
--------------------------------------------------------------------------------
12 | 
18 | 
14 | 
15 | 
16 | 
17 | 
18 | 
13 | 
14 | 
15 |
17 | 
39 |