4 | Let's get you setup on this computer.
5 |
6 | <%= render 'form' %>
7 |
8 |
9 |
--------------------------------------------------------------------------------
/config/initializers/session_store.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | Rails.application.config.session_store :cookie_store, key: '_geminastrongbox_session'
4 |
--------------------------------------------------------------------------------
/config/initializers/mime_types.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Add new mime types for use in respond_to blocks:
4 | # Mime::Type.register "text/richtext", :rtf
5 |
--------------------------------------------------------------------------------
/config/environments/staging.rb:
--------------------------------------------------------------------------------
1 | load File.expand_path '../production.rb', __FILE__
2 |
3 | Samson::Application.configure do
4 | # show errors for easier debugging
5 | config.consider_all_requests_local = true
6 | end
7 |
--------------------------------------------------------------------------------
/public/robots.txt:
--------------------------------------------------------------------------------
1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file
2 | #
3 | # To ban all spiders from the entire site uncomment the next two lines:
4 | # User-agent: *
5 | # Disallow: /
6 |
--------------------------------------------------------------------------------
/config/database.yml:
--------------------------------------------------------------------------------
1 | default: &default
2 | adapter: sqlite3
3 | pool: 5
4 | timeout: 5000
5 |
6 | development:
7 | <<: *default
8 | database: db/development.sqlite3
9 |
10 | test:
11 | <<: *default
12 | database: db/test.sqlite3
13 |
--------------------------------------------------------------------------------
/config/initializers/_filter_parameter_logging.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Configure sensitive parameters which will be filtered from the log file.
4 | Rails.application.config.filter_parameters += [:password]
5 |
--------------------------------------------------------------------------------
/app/controllers/application_controller.rb:
--------------------------------------------------------------------------------
1 | class ApplicationController < ActionController::Base
2 | include Auth
3 | protect_from_forgery with: :exception
4 | force_ssl unless Rails.env.test? || Rails.env.development? || ENV['SKIP_FORCE_SSL']
5 | end
6 |
--------------------------------------------------------------------------------
/app/controllers/home_controller.rb:
--------------------------------------------------------------------------------
1 | class HomeController < ApplicationController
2 | def show
3 | if current_user.devices.empty?
4 | redirect_to(devices_path)
5 | else
6 | redirect_to(geminabox_path)
7 | end
8 | end
9 | end
10 |
--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | sudo: false
2 | cache: bundler
3 | bundler_args: --no-deployment
4 | branches:
5 | only: master
6 | script: bundle exec rake $TASK
7 | env:
8 | matrix:
9 | - TASK='db:create db:migrate default'
10 | - TASK=brakeman
11 | - TASK=bundle_audit
12 |
13 |
--------------------------------------------------------------------------------
/app/views/devices/initial.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
Welcome <%= current_user.name %>!
3 |
4 | In order to use the the gems on this server you need to create a token for each of your computers.
5 |
6 | <%= render 'form' %>
7 |
8 |
9 |
--------------------------------------------------------------------------------
/config/initializers/revision.rb:
--------------------------------------------------------------------------------
1 | # frozen_string_literal: true
2 | file = Rails.root.join('REVISION')
3 |
4 | Rails.application.config.revision =
5 | ENV['HEROKU_SLUG_COMMIT'] || # heroku labs:enable runtime-dyno-metadata
6 | (File.exist?(file) && File.read(file).chomp) || # local file from docker builds
7 | `git rev-parse HEAD`.chomp.presence # local git
8 |
--------------------------------------------------------------------------------
/db/seeds.rb:
--------------------------------------------------------------------------------
1 | # This file should contain all the record creation needed to seed the database with its default values.
2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
3 | #
4 | # Examples:
5 | #
6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }])
7 | # Mayor.create(name: 'Emanuel', city: cities.first)
8 |
--------------------------------------------------------------------------------
/db/migrate/20141013230359_create_users.rb:
--------------------------------------------------------------------------------
1 | class CreateUsers < ActiveRecord::Migration[4.2]
2 | def change
3 | create_table :users do |t|
4 | t.string :external_id
5 | t.string :name
6 | t.string :email
7 | t.boolean :is_admin
8 |
9 | t.timestamps
10 |
11 | t.index :external_id, :unique => true
12 | end
13 | end
14 | end
15 |
--------------------------------------------------------------------------------
/db/migrate/20141014230532_create_devices.rb:
--------------------------------------------------------------------------------
1 | class CreateDevices < ActiveRecord::Migration[4.2]
2 | def change
3 | create_table :devices do |t|
4 | t.belongs_to :user
5 | t.string :name
6 | t.string :identifier
7 | t.string :password_digest
8 | t.datetime :used_at
9 | t.timestamps
10 |
11 | t.index :identifier, :unique => true
12 | end
13 | end
14 | end
15 |
--------------------------------------------------------------------------------
/config/initializers/assets.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # Version of your assets, change this if you want to expire all your assets.
4 | Rails.application.config.assets.version = '1.0'
5 |
6 | # Precompile additional assets.
7 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
8 | # Rails.application.config.assets.precompile += %w( search.js )
9 |
--------------------------------------------------------------------------------
/config/initializers/backtrace_silencers.rb:
--------------------------------------------------------------------------------
1 | # Be sure to restart your server when you modify this file.
2 |
3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5 |
6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7 | # Rails.backtrace_cleaner.remove_silencers!
8 |
--------------------------------------------------------------------------------
/app/views/devices/_form.html.erb:
--------------------------------------------------------------------------------
1 | <% @new_device.errors.full_messages.each do |msg| %>
2 |
4 | You need to configure bundler to use these new credentials to access this gem server.
5 | These settings are stored in ~/.bundle/config. You can add the credentials by running the command below.
6 | We are never going to show this secret key to you again.
7 |
4 | We just need to get the name of the system that you want to give access to your gems.
5 |
6 | <% @new_device.errors.full_messages.each do |msg| %>
7 |
4 | You need to configure bundler (>= 1.6.5) to use these new credentials to access this gem server.
5 | These settings are stored in ~/.bundler/config. You can add the credentials to by running the command below.
6 | We are never going to show this secret key to you again.
7 |
30 | <%= link_to icon('plus', 'Register a system token'), new_system_device_path %>
31 |
32 |
33 |
34 |
35 |
--------------------------------------------------------------------------------
/Gemfile:
--------------------------------------------------------------------------------
1 | source 'https://rubygems.org'
2 |
3 | ruby File.read('.ruby-version').strip
4 |
5 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
6 | gem 'rails', '~> 5.0.0'
7 |
8 | # Use SCSS for stylesheets
9 | gem 'sass-rails'
10 | # Use Uglifier as compressor for JavaScript assets
11 | gem 'uglifier'
12 | # See https://github.com/sstephenson/execjs#readme for more supported runtimes
13 | # gem 'therubyracer', platforms: :ruby
14 |
15 | # Use jquery as the JavaScript library
16 | gem 'jquery-rails'
17 |
18 | gem 'bcrypt'
19 |
20 | gem 'geminabox', '>= 0.13.5'
21 | gem 'omniauth-github'
22 | gem 'omniauth-google-oauth2'
23 | gem 'sinatra', '2.0.0.beta2'
24 | gem 'bootstrap-sass'
25 | gem 'font-awesome-sass'
26 | gem 'unicorn-rails'
27 | gem 'unicorn', '~> 4.8.3'
28 | gem 'dotenv-rails'
29 | gem 'airbrake'
30 | gem 'airbrake-user_informer'
31 | gem 'dotenv'
32 | gem 'brakeman'
33 | gem 'bundle-audit'
34 |
35 | group :sqlite do
36 | gem "sqlite3"
37 | end
38 |
39 | group :mysql2 do
40 | gem 'mysql2'
41 | end
42 |
43 | group :postgres do
44 | gem 'pg'
45 | end
46 |
47 | group :test do
48 | gem 'minitest-spec-rails'
49 | gem 'maxitest'
50 | end
51 |
52 | group :development do
53 | gem 'spring'
54 | end
55 |
56 | group :development, :test do
57 | gem 'byebug'
58 | end
59 |
--------------------------------------------------------------------------------
/config/application.rb:
--------------------------------------------------------------------------------
1 | require File.expand_path('../boot', __FILE__)
2 |
3 | require 'rails/all'
4 |
5 | RECENT_GEM_VERSIONS_TO_SHOW = 20
6 |
7 | # Define dotenv before preload, so that gems can use the ENV vars defined within
8 | require 'dotenv'
9 | Dotenv.load(Bundler.root.join('.env'))
10 |
11 | # Require the gems listed in Gemfile, including any gems
12 | # you've limited to :test, :development, or :production.
13 | Bundler.require(*Rails.groups)
14 |
15 | module Geminastrongbox
16 | class Application < Rails::Application
17 | # Settings in config/environments/* take precedence over those specified here.
18 | # Application configuration should go into files in config/initializers
19 | # -- all .rb files in that directory are automatically loaded.
20 |
21 | # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
22 | # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
23 | # config.time_zone = 'Central Time (US & Canada)'
24 |
25 | # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
26 | # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
27 | # config.i18n.default_locale = :de
28 |
29 | config.autoload_paths << Rails.root.join('lib')
30 | end
31 | end
32 |
--------------------------------------------------------------------------------
/app/assets/stylesheets/application.css.scss:
--------------------------------------------------------------------------------
1 | @import "bootstrap-sprockets";
2 | @import "bootstrap";
3 |
4 | @import "font-awesome-sprockets";
5 | @import "font-awesome";
6 |
7 | body {
8 | margin-top: 20px
9 | }
10 |
11 | .jumbotron {
12 | margin: 0 auto;
13 | max-width: 800px;
14 | }
15 |
16 | #new_device {
17 | .form-group {
18 | width: 100%;
19 | max-width: 400px;
20 |
21 | input {
22 | width: 100%;
23 | }
24 | }
25 | }
26 |
27 | .bundler-instructions {
28 | code {
29 | font-size: 60%;
30 | }
31 |
32 | .continue {
33 | margin-top: 30px;
34 | text-align: center;
35 | }
36 | }
37 |
38 | #devices {
39 | margin: 0 auto;
40 | max-width: 600px;
41 |
42 | .name {
43 | padding-left: $table-cell-padding + 15px;
44 | }
45 |
46 | .last-used {
47 | color: #888;
48 | }
49 |
50 | .action {
51 | padding-right: $table-cell-padding + 15px;
52 | }
53 |
54 | .new {
55 | td {
56 | padding: 0;
57 | }
58 |
59 | a {
60 | display: block;
61 | padding: $table-cell-padding;
62 | color: $text-color;
63 | text-decoration: none;
64 | }
65 |
66 | &:hover {
67 | background-color: $table-bg-hover;
68 | }
69 | }
70 | }
71 |
72 | #users {
73 | .is-admin {
74 | padding-left: $table-cell-padding + 15px;
75 | }
76 | }
77 |
78 | #user {
79 | max-width: 600px;
80 | }
81 |
--------------------------------------------------------------------------------
/config/environments/development.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # In the development environment your application's code is reloaded on
5 | # every request. This slows down response time but is perfect for development
6 | # since you don't have to restart the web server when you make code changes.
7 | config.cache_classes = false
8 |
9 | # Do not eager load code on boot.
10 | config.eager_load = false
11 |
12 | # Show full error reports and disable caching.
13 | config.consider_all_requests_local = true
14 | config.action_controller.perform_caching = false
15 |
16 | # Don't care if the mailer can't send.
17 | config.action_mailer.raise_delivery_errors = false
18 |
19 | # Print deprecation notices to the Rails logger.
20 | config.active_support.deprecation = :raise
21 |
22 | # Raise an error on page load if there are pending migrations.
23 | config.active_record.migration_error = :page_load
24 |
25 | # Debug mode disables concatenation and preprocessing of assets.
26 | # This option may cause significant delays in view rendering with a large
27 | # number of complex assets.
28 | config.assets.debug = true
29 |
30 | # Adds additional error checking when serving assets at runtime.
31 | # Checks for improperly declared sprockets dependencies.
32 | # Raises helpful error messages.
33 | config.assets.raise_runtime_errors = true
34 |
35 | # Raises error for missing translations
36 | # config.action_view.raise_on_missing_translations = true
37 | end
38 |
--------------------------------------------------------------------------------
/test/controllers/sessions_controller_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 | require 'minitest/mock'
3 |
4 | class SessionsControllerTest < ActionController::TestCase
5 | describe 'create' do
6 | describe 'when not allowed to login' do
7 | it 'does not log the user in' do
8 | @controller.stub(:restricted_email_domain, 'example.com') do
9 | request.env['omniauth.auth'] = OmniAuth::AuthHash.new(
10 | :info => { :email => 'test@example.org' }
11 | )
12 |
13 | post :create, params: {:provider => 'google'}
14 |
15 | assert_access_denied
16 | end
17 | end
18 | end
19 |
20 | describe 'when allowed to login' do
21 | it 'allows email through without email domain restriction' do
22 | @controller.stub(:restricted_email_domain, '') do
23 | request.env['omniauth.auth'] = OmniAuth::AuthHash.new(
24 | :info => { :email => 'test@example.org' }
25 | )
26 |
27 | post :create, params: {:provider => 'google'}
28 | assert_not_nil session[:user_id]
29 | assert_redirected_to '/'
30 | end
31 | end
32 |
33 | it 'allows email through with email domain restriction' do
34 | @controller.stub(:restricted_email_domain, 'example.org') do
35 | request.env['omniauth.auth'] = OmniAuth::AuthHash.new(
36 | :info => { :email => 'test@example.org' }
37 | )
38 |
39 | post :create, params: {:provider => 'google'}
40 | assert_not_nil session[:user_id]
41 | assert_redirected_to '/'
42 | end
43 | end
44 | end
45 | end
46 | end
47 |
--------------------------------------------------------------------------------
/app/models/user.rb:
--------------------------------------------------------------------------------
1 | class User < ActiveRecord::Base
2 | SYSTEM_USER_EMAIL = 'system@example.com'.freeze
3 |
4 | has_many :devices
5 |
6 | validates_presence_of :name, :email
7 |
8 | before_destroy :dont_destroy_last_admin
9 | validate :dont_lose_last_admin, :on => :update
10 |
11 | def system_user?
12 | email == SYSTEM_USER_EMAIL
13 | end
14 |
15 | def self.not_system_user
16 | where('email != ?', SYSTEM_USER_EMAIL)
17 | end
18 |
19 | def self.admin
20 | where(:is_admin => true)
21 | end
22 |
23 | def self.update_or_create_by_auth(auth_hash)
24 | identifier = "#{auth_hash.provider}-#{auth_hash.uid}"
25 | user = User.where(:external_id => identifier).first_or_initialize
26 |
27 | user.assign_attributes(
28 | :email => auth_hash.info.email,
29 | :name => auth_hash.info.name
30 | )
31 |
32 | if !user.system_user? && not_system_user.count == 0
33 | # this is the first user we are creating
34 | user.is_admin = true
35 | end
36 |
37 | user.save!
38 |
39 | user
40 | end
41 |
42 | def self.system_user
43 | find_or_create_by!(:external_id => 'system') do |user|
44 | user.name = 'System User'
45 | user.email = SYSTEM_USER_EMAIL
46 | end
47 | end
48 |
49 | def self.safe_to_remove_admin?
50 | User.admin.count > 1
51 | end
52 |
53 | protected
54 |
55 | def dont_destroy_last_admin
56 | if is_admin? && !self.class.safe_to_remove_admin?
57 | errors.add(:base, :cant_remove_last_admin)
58 | throw :abort
59 | end
60 | end
61 |
62 | def dont_lose_last_admin
63 | if is_admin_changed? && !is_admin? && !self.class.safe_to_remove_admin?
64 | errors.add(:base, :cant_remove_last_admin)
65 | end
66 | end
67 | end
68 |
--------------------------------------------------------------------------------
/public/500.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | We're sorry, but something went wrong (500)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
We're sorry, but something went wrong.
62 |
63 |
64 | If you are the application owner check the logs for more information.
65 |
66 |
67 |
68 |
69 |
70 |
--------------------------------------------------------------------------------
/config/environments/test.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # The test environment is used exclusively to run your application's
5 | # test suite. You never need to work with it otherwise. Remember that
6 | # your test database is "scratch space" for the test suite and is wiped
7 | # and recreated between test runs. Don't rely on the data there!
8 | config.cache_classes = true
9 |
10 | # Do not eager load code on boot. This avoids loading your whole application
11 | # just for the purpose of running a single test. If you are using a tool that
12 | # preloads Rails for running tests, you may have to set it to true.
13 | config.eager_load = false
14 |
15 | # Configure static asset server for tests with Cache-Control for performance.
16 | config.public_file_server.enabled = true
17 |
18 | # Show full error reports and disable caching.
19 | config.consider_all_requests_local = true
20 | config.action_controller.perform_caching = false
21 |
22 | # Raise exceptions instead of rendering exception templates.
23 | config.action_dispatch.show_exceptions = false
24 |
25 | # Disable request forgery protection in test environment.
26 | config.action_controller.allow_forgery_protection = false
27 |
28 | # Tell Action Mailer not to deliver emails to the real world.
29 | # The :test delivery method accumulates sent emails in the
30 | # ActionMailer::Base.deliveries array.
31 | config.action_mailer.delivery_method = :test
32 |
33 | # Print deprecation notices to the stderr.
34 | config.active_support.deprecation = :raise
35 |
36 | # Raises error for missing translations
37 | # config.action_view.raise_on_missing_translations = true
38 |
39 | config.active_support.test_order = :sorted
40 | end
41 |
--------------------------------------------------------------------------------
/public/422.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | The change you wanted was rejected (422)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
The change you wanted was rejected.
62 |
Maybe you tried to change something you didn't have access to.
63 |
64 |
If you are the application owner check the logs for more information.
65 |
66 |
67 |
68 |
--------------------------------------------------------------------------------
/public/404.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | The page you were looking for doesn't exist (404)
5 |
6 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
The page you were looking for doesn't exist.
62 |
You may have mistyped the address or the page may have moved.
63 |
64 |
If you are the application owner check the logs for more information.
65 |
66 |
67 |
68 |
--------------------------------------------------------------------------------
/test/test_helper.rb:
--------------------------------------------------------------------------------
1 | ENV['RAILS_ENV'] = 'test'
2 | require_relative '../config/environment'
3 | require 'rails/test_help'
4 | require 'maxitest/autorun'
5 |
6 | class ActiveSupport::TestCase
7 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order.
8 | fixtures :all
9 |
10 | # Add more helper methods to be used by all tests here...
11 | end
12 |
13 | class ActionController::TestCase
14 | def self.when_logged_in_as(*user_identifiers, &block)
15 | Array.wrap(user_identifiers).each do |user_identifier|
16 | msg = user_identifier ? "when logged in as #{user_identifier}" : 'when not logged in'
17 |
18 | describe msg do
19 | let(:current_user) { user_identifier ? users(user_identifier) : nil }
20 |
21 | before { session[:user_id] = current_user.try(:id) }
22 |
23 | class_eval(&block)
24 | end
25 | end
26 | end
27 |
28 | def self.when_not_logged_in(&block)
29 | when_logged_in_as(nil, &block)
30 | end
31 |
32 | def assert_access_denied
33 | assert_redirected_to login_path(:origin => request.path)
34 | end
35 | end
36 |
37 | class ActionDispatch::IntegrationTest
38 | def self.when_logged_in_as(*user_identifiers, &block)
39 | Array.wrap(user_identifiers).each do |device_identifier|
40 | msg = device_identifier ? "when logged in as #{device_identifier}" : 'when not logged in'
41 |
42 | describe msg do
43 | let(:current_device) { device_identifier ? devices(device_identifier) : nil }
44 | let(:current_user) { current_device.try(:user) }
45 | let(:env) do
46 | if current_user
47 | {
48 | 'HTTP_AUTHORIZATION' => "Basic " + Base64::encode64("#{current_device.identifier}:123456")
49 | }
50 | else
51 | {}
52 | end
53 | end
54 |
55 | class_eval(&block)
56 | end
57 | end
58 | end
59 |
60 | def self.when_not_logged_in(&block)
61 | when_logged_in_as(nil, &block)
62 | end
63 | end
64 |
--------------------------------------------------------------------------------
/db/schema.rb:
--------------------------------------------------------------------------------
1 | # encoding: UTF-8
2 | # This file is auto-generated from the current state of the database. Instead
3 | # of editing this file, please use the migrations feature of Active Record to
4 | # incrementally modify your database, and then regenerate this schema definition.
5 | #
6 | # Note that this schema.rb definition is the authoritative source for your
7 | # database schema. If you need to create the application database on another
8 | # system, you should be using db:schema:load, not running all the migrations
9 | # from scratch. The latter is a flawed and unsustainable approach (the more migrations
10 | # you'll amass, the slower it'll run and the greater likelihood for issues).
11 | #
12 | # It's strongly recommended that you check this file into your version control system.
13 |
14 | ActiveRecord::Schema.define(version: 20161119231012) do
15 |
16 | create_table "devices", force: true do |t|
17 | t.integer "user_id"
18 | t.string "name"
19 | t.string "identifier"
20 | t.string "password_digest"
21 | t.datetime "used_at"
22 | t.datetime "created_at"
23 | t.datetime "updated_at"
24 | end
25 |
26 | add_index "devices", ["identifier"], name: "index_devices_on_identifier", unique: true
27 |
28 | create_table "uploaders", force: true do |t|
29 | t.string "gem_name", null: false
30 | t.string "gem_version", null: false
31 | t.integer "user_id", null: false
32 | t.datetime "created_at", null: false
33 | end
34 |
35 | add_index "uploaders", ["gem_name", "gem_version"], name: "index_uploaders_on_gem_name_and_gem_version", unique: true
36 | add_index "uploaders", ["user_id"], name: "index_uploaders_on_user_id"
37 |
38 | create_table "users", force: true do |t|
39 | t.string "external_id"
40 | t.string "name"
41 | t.string "email"
42 | t.boolean "is_admin"
43 | t.datetime "created_at"
44 | t.datetime "updated_at"
45 | end
46 |
47 | add_index "users", ["external_id"], name: "index_users_on_external_id", unique: true
48 |
49 | end
50 |
--------------------------------------------------------------------------------
/config/initializers/geminabox.rb:
--------------------------------------------------------------------------------
1 | require "geminabox"
2 |
3 | Geminabox.data = ENV['DATA_PATH'] || Rails.root + (Rails.env.test? ? 'test/data' : 'data')
4 | Geminabox.views = Rails.root + 'app/views/gems'
5 | # Geminabox.rubygems_proxy = true
6 |
7 | ssl_and_auth = -> do
8 | if !request.ssl? && !Rails.env.test? && !ENV['SKIP_FORCE_SSL']
9 | redirect url.sub('http://', 'https://')
10 | end
11 |
12 | if request.session[:user_id]
13 | @current_user = User.find(request.session[:user_id])
14 | Rails.logger.info("Gem access granted to #{@current_user.email}")
15 | else
16 | auth = Rack::Auth::Basic::Request.new(request.env)
17 |
18 | if auth.provided? && auth.basic? && auth.credentials
19 | identifier, password = auth.credentials
20 | device = Device.find_by_identifier(identifier).try(:authenticate, password)
21 | end
22 |
23 | if device.try(:user)
24 | device.used!
25 | Rails.logger.info("Gem access granted to #{device.user.email} on #{device.name}")
26 | @current_user = device.user
27 | end
28 | end
29 |
30 | unless @current_user
31 | response['WWW-Authenticate'] = %(Basic realm="gems")
32 | halt 401
33 | end
34 | end
35 |
36 | bundler_version = -> do
37 | version = request.user_agent.to_s[%r{bundler/v([\d\.]+)}, 1]
38 |
39 | if version && Gem::Version.new(version) < Gem::Version.new('1.6.5')
40 | Rails.logger.info("Blocking bundler version #{version}")
41 | halt 403, 'You must use a version of bundler > 1.6.4.'
42 | end
43 | end
44 |
45 | [Geminabox::Server, Geminabox::Hostess, Geminabox::Proxy::Hostess].each do |klass|
46 | klass.before(&ssl_and_auth)
47 | klass.before(&bundler_version)
48 | end
49 |
50 | # track who uploaded a gem
51 | Geminabox::Server.prepend(Module.new do
52 | def handle_incoming_gem(gem, *)
53 | super
54 | uploader = Uploader.where(gem_name: gem.spec.name, gem_version: gem.spec.version.to_s).first_or_initialize
55 | uploader.user = @current_user
56 | uploader.save!
57 | end
58 | end)
59 |
60 | Geminabox::Server.helpers(Helpers::Geminabox)
61 |
--------------------------------------------------------------------------------
/app/views/gems/gem.erb:
--------------------------------------------------------------------------------
1 | <% @gem.by_name do |name, versions| %>
2 | <% latest_spec = spec_for(name, versions.newest.number) %>
3 | <% versions_array = versions.to_a.reverse %>
4 | <% recent_versions = versions_array.slice!(0, RECENT_GEM_VERSIONS_TO_SHOW) %>
5 |
53 | <% end %>
54 |
--------------------------------------------------------------------------------
/lib/helpers/geminabox.rb:
--------------------------------------------------------------------------------
1 | module Helpers::Geminabox
2 | extend ActiveSupport::Concern
3 |
4 | included do
5 | include Rails.application.routes.url_helpers
6 | include ActionView::Helpers::CsrfHelper
7 | end
8 |
9 | def protect_against_forgery?
10 | false
11 | end
12 |
13 | def flash
14 | {}
15 | end
16 |
17 | def current_user
18 | return nil if session[:user_id].blank?
19 | @current_user = User.find(session[:user_id])
20 | end
21 |
22 | def method_missing(method_sym, *arguments, &block)
23 | if ActionController::Base.helpers.respond_to?(method_sym)
24 | ActionController::Base.helpers.send(method_sym, *arguments, &block)
25 | else
26 | super
27 | end
28 | end
29 |
30 | def partial_collection(template, collection)
31 | collection.map do |object|
32 | # both rails and sinatra are using this helper, so we need to check how to
33 | # evaluate the template
34 | if respond_to? :erb
35 | erb :"_#{template}", layout: false, locals: { template => object }
36 | else
37 | render "gems/#{template}", template => object
38 | end
39 | end.join.html_safe
40 | end
41 |
42 | def find_gem_by_name(name)
43 | gem_cache[name]
44 | end
45 |
46 | def link_to_gem(name)
47 | link = if find_gem_by_name(name)
48 | "#{geminabox_path}/gems/#{name}"
49 | else
50 | "https://rubygems.org/gems/#{name}"
51 | end
52 |
53 | link_to(name, link)
54 | end
55 |
56 | def link_to_author(author, email, default)
57 | url = email ? "mailto:#{email}" : default
58 | "#{author}"
59 | end
60 |
61 | def reverse_dependencies(version)
62 | dependents = []
63 |
64 | load_gems.by_name do |name, versions|
65 | next if version.name == name
66 |
67 | latest_spec = spec_for(name, versions.newest.number)
68 | dependencies = latest_spec.dependencies
69 |
70 | dependent = dependencies.detect do |d|
71 | d.name == version.name && d.requirement.satisfied_by?(version.number)
72 | end
73 |
74 | if dependent
75 | dependent = dependent.dup
76 | dependent.name = name
77 | dependents << dependent
78 | end
79 | end
80 |
81 | dependents
82 | end
83 |
84 | private
85 |
86 | def gem_cache
87 | @gem_cache ||= Hash[load_gems.by_name]
88 | end
89 | end
90 |
--------------------------------------------------------------------------------
/test/helpers/geminabox_helpers.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 | require 'minitest/mock'
3 |
4 | class Helpers::GeminaboxTest < ActiveSupport::TestCase
5 | include Helpers::Geminabox
6 |
7 | describe 'gems' do
8 | let(:gem_cache) {{ 'test_gem' => true }}
9 |
10 | it 'links to local gem' do
11 | link = link_to_gem('test_gem')
12 | link.must_equal 'test_gem'
13 | end
14 |
15 | it 'links to remote gem' do
16 | link = link_to_gem('bundler')
17 | link.must_equal 'bundler'
18 | end
19 |
20 | it 'finds gem' do
21 | find_gem_by_name('test_gem').must_equal true
22 | end
23 |
24 | it 'does not find remote gems' do
25 | find_gem_by_name('bundler').must_be_nil
26 | end
27 | end
28 |
29 | describe 'reverse dependencies' do
30 | def spec_for(name, number)
31 | dependencies = if specs.key?(name)
32 | specs[name][number.to_s].map do |gem, requirement|
33 | Gem::Dependency.new(gem, requirement)
34 | end
35 | else
36 | []
37 | end
38 |
39 | mock = Minitest::Mock.new
40 | mock.expect(:dependencies, dependencies)
41 | end
42 |
43 | def gem(name, version)
44 | Geminabox::GemVersion.new(name, Gem::Version.new(version), 'ruby')
45 | end
46 |
47 | let(:specs) {{
48 | 'test_gem' => {
49 | '0.0.1' => { 'private_gem' => '>= 0' }
50 | },
51 | 'specific_gem' => {
52 | '0.0.1' => { 'private_gem' => '0.0.2' }
53 | }
54 | }}
55 |
56 | let(:load_gems) {
57 | Geminabox::GemVersionCollection.new([
58 | gem('private_gem', '0.0.1'),
59 | gem('private_gem', '0.0.2'),
60 | gem('test_gem', '0.0.1'),
61 | gem('specific_gem', '0.0.1')
62 | ])
63 | }
64 |
65 | it 'works for gems with no reverse dependencies' do
66 | reverse_dependencies(gem('specific_gem', '0.0.1')).must_be_empty
67 | reverse_dependencies(gem('test_gem', '0.0.1')).must_be_empty
68 | end
69 |
70 | it 'works for a gem with non-specific dependencies' do
71 | dependents = reverse_dependencies(gem('private_gem', '0.0.1'))
72 | dependents.must_equal([Gem::Dependency.new('test_gem', '>= 0')])
73 | end
74 |
75 | it 'works for a gem with specific dependencies' do
76 | dependents = reverse_dependencies(gem('private_gem', '0.0.2'))
77 | dependents.must_equal([Gem::Dependency.new('specific_gem', '0.0.2'), Gem::Dependency.new('test_gem', '>= 0')])
78 | end
79 | end
80 | end
81 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Gem in a Strong Box
2 |
3 | [](https://travis-ci.org/zendesk/geminastrongbox)
4 |
5 | Gem in a Strong Box is a Ruby on Rails application that wraps [Gem in a Box](https://github.com/geminabox/geminabox).
6 |
7 | You get all of the goodness from Gem in a Box with some added features:
8 |
9 | * Protected Gem server to prevent outsiders from accessing your gems.
10 | * A simple front-end to manage the users that have access to your gems.
11 | * Google authentication on the front-end
12 |
13 | ## Installing and Running
14 |
15 | ```
16 | git clone https://github.com/zendesk/geminastrongbox.git
17 | cd geminastrongbox
18 | bundle install
19 | rails s
20 | ```
21 |
22 | Getting the basic server running locally is very easy. Simply clone the repository, bundle the dependencies, and run the server.
23 |
24 | If the environment variable `SKIP_FORCE_SSL` is set the server will not force ssl on the connections.
25 |
26 | ### Running in Production
27 |
28 | If you want to run Gem in a Stong Box in production, you probably want to make a few changes. Here are my suggestions:
29 |
30 | 1. Use a different database. Per default Gem in a Strong Box uses a SQLite database. This is simply for ease of development and test. In production I would use a MySQL or PostgreSQL server. Just change the configuration in `config/database.yml` and add the appropriate gem to the `Gemfile`.
31 | 2. Set __all__ of the configuration options listed below.
32 |
33 | ## Configuration
34 |
35 | Configuration is done via environment variables
36 |
37 | Variable Name | Description
38 | ---------------------- | -------------
39 | `SECRET_KEY_BASE` | Ruby on Rails uses this to encrypt sessions and cookies.
40 | `DATA_PATH` | The path where the hosted gems should be stored.
41 | `GOOGLE_CLIENT_ID` | The client id obtained from Google.
42 | `GOOGLE_CLIENT_SECRET` | The client secret obtained from Google.
43 | `GOOGLE_DOMAIN` | The domain that should have access to your gems. Only users with an email on this domain will have access to your gems.
44 | `AIRBRAKE_API_KEY` | Enable airbrake error reporting.
45 | `AIRBRAKE_PROJECT_ID` |
46 |
47 | ## Copyright and License
48 |
49 | Copyright 2014 Zendesk
50 |
51 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
52 | You may obtain a copy of the License at
53 |
54 | http://www.apache.org/licenses/LICENSE-2.0
55 |
56 | Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
57 |
--------------------------------------------------------------------------------
/test/models/user_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 |
3 | class UserTest < ActiveSupport::TestCase
4 | describe 'system_user' do
5 | it 'creates the system user if it does not exist' do
6 | User.delete_all
7 | User.system_user.must_be :present?
8 | User.system_user.must_be :system_user?
9 | end
10 |
11 | it 'returns the system user if it exists' do
12 | existing_system_user = User.where(:email => 'system@example.com').first
13 | existing_system_user.must_be :present?
14 | existing_system_user.must_be :system_user?
15 | User.system_user.must_equal existing_system_user
16 | end
17 | end
18 |
19 | describe 'system_user?' do
20 | it 'is true when email is system@example.com' do
21 | User.new(:email => 'system@example.com').must_be :system_user?
22 | end
23 |
24 | it 'is false when email something else' do
25 | User.new(:email => 'dude@example.com').wont_be :system_user?
26 | end
27 | end
28 |
29 | describe 'update_or_create_by_auth' do
30 | let(:auth_hash) do
31 | OmniAuth::AuthHash.new(
32 | :provider => 'test',
33 | :uid => '1234',
34 | :info => OmniAuth::AuthHash.new(
35 | :email => 'test@example.com',
36 | :name => 'Tester Testings'
37 | )
38 | )
39 | end
40 |
41 | subject { User.update_or_create_by_auth(auth_hash) }
42 |
43 | describe 'when the user exists' do
44 | before do
45 | @existing_user = User.create!(:external_id => 'test-1234', :name => 'wrong', :email => 'wrong@example.com')
46 | end
47 |
48 | it 'updates the user' do
49 | subject.must_equal @existing_user
50 | subject.name.must_equal 'Tester Testings'
51 | subject.email.must_equal 'test@example.com'
52 | end
53 | end
54 |
55 | describe 'when the user does not exist' do
56 | before { User.delete_all }
57 |
58 | it 'creates the user' do
59 | subject.must_be :present?
60 | subject.external_id.must_equal 'test-1234'
61 | subject.name.must_equal 'Tester Testings'
62 | subject.email.must_equal 'test@example.com'
63 | end
64 | end
65 | end
66 |
67 | describe 'the last admin' do
68 | subject { users(:admin) }
69 |
70 | before { User.admin.count.must_equal 1 }
71 |
72 | it 'can not be destroyed' do
73 | subject.destroy.must_equal false
74 | end
75 |
76 | it 'can not be changes to an non-admin' do
77 | subject.is_admin = false
78 | subject.wont_be :valid?
79 | end
80 | end
81 |
82 | describe 'the non-last admin' do
83 | subject { users(:admin) }
84 |
85 | before do
86 | User.create!(:name => 'Other Admin', :email => 'other_admin@example.com', :is_admin => true)
87 | User.admin.count.must_be :>, 1
88 | end
89 |
90 | it 'can be destroyed' do
91 | subject.destroy.wont_equal false
92 | end
93 |
94 | it 'can not be changes to an non-admin' do
95 | subject.is_admin = false
96 | subject.must_be :valid?
97 | end
98 | end
99 | end
100 |
--------------------------------------------------------------------------------
/test/integration/gem_access_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 |
3 | class GemAccessTest < ActionDispatch::IntegrationTest
4 | describe 'accessing the gems' do
5 | let(:gem_access_paths) {
6 | [
7 | '/gems/api/v1/dependencies',
8 | '/gems/specs.4.8.gz',
9 | '/gems/prerelease_specs.4.8.gz',
10 | '/gems/quick/Marshal.4.8/mickstaugaard-0.0.1.gemspec.rz',
11 | '/gems/gems/mickstaugaard-0.0.1.gem'
12 | ]
13 | }
14 |
15 | when_not_logged_in do
16 | it 'is denied' do
17 | gem_access_paths.each do |path|
18 | get path, params: {}, headers: env
19 | assert_response :unauthorized
20 | end
21 | end
22 | end
23 |
24 | when_logged_in_as(:not_admin_laptop) do
25 | it 'is allowed' do
26 | gem_access_paths.each do |path|
27 | get path, params: {}, headers: env
28 | assert_response :success
29 | end
30 | end
31 |
32 | it 'blocks bundler < 1.6.5' do
33 | gem_access_paths.each do |path|
34 | get path, params: {}, headers: env.merge('HTTP_USER_AGENT' => 'bundler/v1.0.0')
35 | assert_response :forbidden
36 | end
37 | end
38 |
39 | it 'registers that the device was used' do
40 | current_device.used_at.must_be_nil
41 | get gem_access_paths.last, params: {}, headers: env
42 | assert_response :success
43 | current_device.reload.used_at.wont_be_nil
44 | end
45 | end
46 | end
47 |
48 | describe "uploader tracking" do
49 | around do |test|
50 | Dir.mktmpdir do |dir|
51 | begin
52 | old_data = Geminabox.data
53 | Geminabox.data = dir
54 | `cp -r #{old_data} #{dir}`
55 | test.call
56 | ensure
57 | Geminabox.data = old_data
58 | end
59 | end
60 | end
61 |
62 | when_logged_in_as(:not_admin_laptop) do
63 | it 'tracks uploader' do
64 | uploaded = 'test/data/gems/pru-0.2.0.gem'
65 | File.unlink(uploaded) if File.exist?(uploaded)
66 |
67 | begin
68 | file = fixture_file_upload('test/data/pru-0.2.0.gem')
69 | post '/gems/upload', params: {file: file}, headers: env
70 | assert_response :success
71 | Uploader.last.attributes.except('id', 'created_at').must_equal(
72 | "gem_name" => "pru",
73 | "gem_version" => "0.2.0",
74 | "user_id" => current_user.id
75 | )
76 | ensure
77 | File.unlink(uploaded) if File.exist?(uploaded)
78 | end
79 | end
80 |
81 | it 'shows uploader' do
82 | Uploader.create!(
83 | gem_name: 'mickstaugaard',
84 | gem_version: '0.0.1',
85 | user_id: users(:admin).id
86 | )
87 | get '/gems/gems/mickstaugaard', params: {}, headers: env
88 | assert_response :success
89 | response.body.must_include "Uploaded by #{users(:admin).email}"
90 | end
91 |
92 | it 'does not fail with unknown uploader' do
93 | get '/gems/gems/mickstaugaard', params: {}, headers: env
94 | assert_response :success
95 | end
96 | end
97 | end
98 | end
99 |
--------------------------------------------------------------------------------
/config/environments/production.rb:
--------------------------------------------------------------------------------
1 | Rails.application.configure do
2 | # Settings specified here will take precedence over those in config/application.rb.
3 |
4 | # Code is not reloaded between requests.
5 | config.cache_classes = true
6 |
7 | # Eager load code on boot. This eager loads most of Rails and
8 | # your application in memory, allowing both threaded web servers
9 | # and those relying on copy on write to perform better.
10 | # Rake tasks automatically ignore this option for performance.
11 | config.eager_load = true
12 |
13 | # Full error reports are disabled and caching is turned on.
14 | config.consider_all_requests_local = false
15 | config.action_controller.perform_caching = true
16 |
17 | # Enable Rack::Cache to put a simple HTTP cache in front of your application
18 | # Add `rack-cache` to your Gemfile before enabling this.
19 | # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid.
20 | # config.action_dispatch.rack_cache = true
21 |
22 | # Disable Rails's static asset server (Apache or nginx will already do this).
23 | config.public_file_server.enabled = false
24 |
25 | # Compress JavaScripts and CSS.
26 | config.assets.js_compressor = :uglifier
27 | # config.assets.css_compressor = :sass
28 |
29 | # Do not fallback to assets pipeline if a precompiled asset is missed.
30 | config.assets.compile = false
31 |
32 | # Generate digests for assets URLs.
33 | config.assets.digest = true
34 |
35 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
36 |
37 | # Specifies the header that your server uses for sending files.
38 | # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
39 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
40 |
41 | # Set to :debug to see everything in the log.
42 | config.log_level = :info
43 |
44 | # Prepend all log lines with the following tags.
45 | # config.log_tags = [ :subdomain, :uuid ]
46 |
47 | # Use a different logger for distributed setups.
48 | # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
49 |
50 | # Use a different cache store in production.
51 | # config.cache_store = :mem_cache_store
52 |
53 | # Enable serving of images, stylesheets, and JavaScripts from an asset server.
54 | # config.action_controller.asset_host = "http://assets.example.com"
55 |
56 | # Ignore bad email addresses and do not raise email delivery errors.
57 | # Set this to true and configure the email server for immediate delivery to raise delivery errors.
58 | # config.action_mailer.raise_delivery_errors = false
59 |
60 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
61 | # the I18n.default_locale when a translation cannot be found).
62 | config.i18n.fallbacks = true
63 |
64 | # Send deprecation notices to registered listeners.
65 | config.active_support.deprecation = :notify
66 |
67 | # Disable automatic flushing of the log to improve performance.
68 | # config.autoflush_log = false
69 |
70 | # Use default logging formatter so that PID and timestamp are not suppressed.
71 | config.log_formatter = ::Logger::Formatter.new
72 |
73 | # Do not dump schema after migrations.
74 | config.active_record.dump_schema_after_migration = false
75 | end
76 |
--------------------------------------------------------------------------------
/test/controllers/devices_controller_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 |
3 | class DevicesControllerTest < ActionController::TestCase
4 | describe 'index' do
5 | when_not_logged_in do
6 | it 'denies access' do
7 | get :index
8 | assert_access_denied
9 | end
10 | end
11 |
12 | when_logged_in_as(:non_admin, :admin) do
13 | it 'lists all my devices and a link to create a new one' do
14 | get :index
15 |
16 | assert_select '#devices table' do
17 | assert_select 'tr', current_user.devices.count + 1
18 |
19 | current_user.devices.each do |device|
20 | assert_select 'tr td.name', :text => device.name
21 | end
22 |
23 | assert_select 'tr td a[href=?]', new_device_path
24 | end
25 | end
26 | end
27 | end
28 |
29 | describe 'new' do
30 | when_not_logged_in do
31 | it 'denies access' do
32 | get :new
33 | assert_access_denied
34 | end
35 | end
36 |
37 | when_logged_in_as(:non_admin, :admin) do
38 | it 'asks for a the name of the new device' do
39 | get :new
40 | assert_select 'form[action=?]', devices_path do
41 | assert_select "input[type=text][name='device[name]']"
42 | end
43 | end
44 | end
45 | end
46 |
47 | describe 'create' do
48 | let(:params) do
49 | {
50 | :device => {
51 | :name => 'New Laptop'
52 | }
53 | }
54 | end
55 |
56 | when_not_logged_in do
57 | it 'denies access' do
58 | post :create, params: params
59 | assert_access_denied
60 | end
61 | end
62 |
63 | when_logged_in_as(:non_admin, :admin) do
64 | before { post :create, params: params }
65 |
66 | describe 'when the device can not be saved' do
67 | let(:params) do
68 | {
69 | :device => {
70 | :name => current_user.devices.first.name
71 | }
72 | }
73 | end
74 |
75 | it 'rerenders the form with an error' do
76 | assert_select 'form[action=?]', devices_path do
77 | assert_select "input[type=text][name='device[name]'][value=?]", current_user.devices.first.name
78 | end
79 |
80 | assert_select 'p.text-danger', :text => 'Name is already registered'
81 | end
82 | end
83 |
84 | describe 'when the device is saved' do
85 | let(:device) { current_user.devices.find_by :name => 'New Laptop' }
86 |
87 | it 'render instructions for using the device' do
88 | assert_select 'code', :text => /bundle config --global http:\/\/test.host\/gems\/ #{device.identifier}:[\S]+/
89 | end
90 | end
91 | end
92 | end
93 |
94 | describe 'destroy' do
95 | when_not_logged_in do
96 | it 'denies access' do
97 | delete :destroy, params: {:id => 1}
98 | assert_access_denied
99 | end
100 | end
101 |
102 | when_logged_in_as(:non_admin, :admin) do
103 | let(:device) { current_user.devices.last }
104 |
105 | it 'destroys the device' do
106 | delete :destroy, params: {:id => device.id}
107 | Device.where(:id => device.id).must_be :empty?
108 | end
109 | end
110 | end
111 | end
112 |
--------------------------------------------------------------------------------
/app/views/layouts/application.html.erb:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | Private Ruby Gems
8 |
9 | <%= stylesheet_link_tag 'application', :media => 'all' %>
10 |
11 |
12 |
13 |
17 |
18 | <%= csrf_meta_tags %>
19 |
20 |
21 |
81 | <%= javascript_include_tag 'application' %>
82 |
83 |
84 |
--------------------------------------------------------------------------------
/test/controllers/users_controller_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 |
3 | class UsersControllerTest < ActionController::TestCase
4 | describe 'index' do
5 | when_not_logged_in do
6 | it 'denies access' do
7 | get :index
8 | assert_access_denied
9 | end
10 | end
11 |
12 | when_logged_in_as(:non_admin) do
13 | it 'forbids access' do
14 | get :index
15 | assert_response :forbidden
16 | end
17 | end
18 |
19 | when_logged_in_as(:admin) do
20 | it 'lists all non-system users' do
21 | get :index
22 |
23 | assert_select 'table#users' do
24 | assert_select 'tbody tr', User.not_system_user.count
25 |
26 | User.not_system_user.each do |user|
27 | assert_select 'tbody tr td.name', :text => user.name
28 | end
29 | end
30 | end
31 | end
32 | end
33 |
34 | describe 'make_admin' do
35 | when_not_logged_in do
36 | it 'denies access' do
37 | patch :make_admin, params: {:id => users(:non_admin).id}
38 | assert_access_denied
39 | end
40 | end
41 |
42 | when_logged_in_as(:non_admin) do
43 | it 'forbids access' do
44 | patch :make_admin, params: {:id => users(:non_admin).id}
45 | assert_response :forbidden
46 | end
47 | end
48 |
49 | when_logged_in_as(:admin) do
50 | it 'makes the user an admin' do
51 | patch :make_admin, params: {:id => users(:non_admin).id}
52 | users(:non_admin).reload.must_be :is_admin?
53 | end
54 | end
55 | end
56 |
57 | describe 'make_non_admin' do
58 | when_not_logged_in do
59 | it 'denies access' do
60 | patch :make_non_admin, params: {:id => users(:admin).id}
61 | assert_access_denied
62 | end
63 | end
64 |
65 | when_logged_in_as(:non_admin) do
66 | it 'forbids access' do
67 | patch :make_non_admin, params: {:id => users(:admin).id}
68 | assert_response :forbidden
69 | end
70 | end
71 |
72 | when_logged_in_as(:admin) do
73 | describe 'when this is the last admin' do
74 | before { User.admin.count.must_equal 1 }
75 | it 'does not make the user an non-admin' do
76 | patch :make_non_admin, params: {:id => users(:admin).id}
77 | users(:admin).reload.must_be :is_admin?
78 | end
79 | end
80 |
81 | describe 'when there are other admins' do
82 | before { User.create!(:name => 'Other Admin', :email => 'other_admin@example.com', :is_admin => true) }
83 |
84 | it 'makes the user an non-admin' do
85 | patch :make_non_admin, params: {:id => users(:admin).id}
86 | users(:admin).reload.wont_be :is_admin?
87 | end
88 | end
89 | end
90 | end
91 |
92 | describe 'destroy' do
93 | let(:user) { users(:admin) }
94 | when_not_logged_in do
95 | it 'denies access' do
96 | delete :destroy, params: {:id => user.id}
97 | assert_access_denied
98 | end
99 | end
100 |
101 | when_logged_in_as(:non_admin) do
102 | it 'forbids access' do
103 | delete :destroy, params: {:id => user.id}
104 | assert_response :forbidden
105 | end
106 | end
107 |
108 | when_logged_in_as(:admin) do
109 | describe 'when this is the last admin' do
110 | before { User.admin.count.must_equal 1 }
111 | it 'does not make the user an non-admin' do
112 | delete :destroy, params: {:id => user.id}
113 | User.where(:id => user.id).wont_be :empty?
114 | end
115 | end
116 |
117 | describe 'when there are other admins' do
118 | before { User.create!(:name => 'Other Admin', :email => 'other_admin@example.com', :is_admin => true) }
119 |
120 | it 'makes the user an non-admin' do
121 | delete :destroy, params: {:id => user.id}
122 | User.where(:id => user.id).must_be :empty?
123 | end
124 | end
125 | end
126 | end
127 | end
128 |
--------------------------------------------------------------------------------
/test/controllers/system_devices_controller_test.rb:
--------------------------------------------------------------------------------
1 | require_relative '../test_helper'
2 |
3 | class SystemDevicesControllerTest < ActionController::TestCase
4 | let(:system_user) { User.system_user }
5 |
6 | describe 'index' do
7 | when_not_logged_in do
8 | it 'denies access' do
9 | get :index
10 | assert_access_denied
11 | end
12 | end
13 |
14 | when_logged_in_as(:non_admin) do
15 | it 'forbids access' do
16 | get :index
17 | assert_response :forbidden
18 | end
19 | end
20 |
21 | when_logged_in_as(:admin) do
22 | it 'lists all system devices and a link to create a new one' do
23 | get :index
24 |
25 | assert_select '#devices table' do
26 | assert_select 'tr', system_user.devices.count + 1
27 |
28 | system_user.devices.each do |device|
29 | assert_select 'tr td.name', :text => device.name
30 | end
31 |
32 | assert_select 'tr td a[href=?]', new_system_device_path
33 | end
34 | end
35 | end
36 | end
37 |
38 | describe 'new' do
39 | when_not_logged_in do
40 | it 'denies access' do
41 | get :new
42 | assert_access_denied
43 | end
44 | end
45 |
46 | when_logged_in_as(:non_admin) do
47 | it 'forbids access' do
48 | get :new
49 | assert_response :forbidden
50 | end
51 | end
52 |
53 | when_logged_in_as(:admin) do
54 | it 'asks for a the name of the new device' do
55 | get :new
56 | assert_select 'form[action=?]', system_devices_path do
57 | assert_select "input[type=text][name='device[name]']"
58 | end
59 | end
60 | end
61 | end
62 |
63 | describe 'create' do
64 | let(:params) do
65 | {
66 | :device => {
67 | :name => 'New CI'
68 | }
69 | }
70 | end
71 |
72 | when_not_logged_in do
73 | it 'denies access' do
74 | post :create, params: params
75 | assert_access_denied
76 | end
77 | end
78 |
79 | when_logged_in_as(:non_admin) do
80 | it 'forbids access' do
81 | post :create, params: params
82 | assert_response :forbidden
83 | end
84 | end
85 |
86 | when_logged_in_as(:admin) do
87 | before { post :create, params: params }
88 |
89 | describe 'when the device can not be saved' do
90 | let(:params) do
91 | {
92 | :device => {
93 | :name => system_user.devices.first.name
94 | }
95 | }
96 | end
97 |
98 | it 'rerenders the form with an error' do
99 | assert_select 'form[action=?]', system_devices_path do
100 | assert_select "input[type=text][name='device[name]'][value=?]", system_user.devices.first.name
101 | end
102 |
103 | assert_select 'p.text-danger', :text => 'Name is already registered'
104 | end
105 | end
106 |
107 | describe 'when the device is saved' do
108 | let(:device) { system_user.devices.find_by :name => 'New CI' }
109 |
110 | it 'render instructions for using the device' do
111 | assert_select 'code', :text => /bundle config --global http:\/\/test.host\/gems\/ #{device.identifier}:[\S]+/
112 | end
113 | end
114 | end
115 | end
116 |
117 | describe 'destroy' do
118 | when_not_logged_in do
119 | it 'denies access' do
120 | delete :destroy, params: {:id => 1}
121 | assert_access_denied
122 | end
123 | end
124 |
125 | when_logged_in_as(:non_admin) do
126 | it 'forbids access' do
127 | delete :destroy, params: {:id => 1}
128 | assert_response :forbidden
129 | end
130 | end
131 |
132 | when_logged_in_as(:admin) do
133 | let(:device) { system_user.devices.last }
134 |
135 | it 'destroys the device' do
136 | delete :destroy, params: {:id => device.id}
137 | Device.where(:id => device.id).must_be :empty?
138 | end
139 | end
140 | end
141 | end
142 |
--------------------------------------------------------------------------------
/Gemfile.lock:
--------------------------------------------------------------------------------
1 | GEM
2 | remote: https://rubygems.org/
3 | specs:
4 | actioncable (5.0.1)
5 | actionpack (= 5.0.1)
6 | nio4r (~> 1.2)
7 | websocket-driver (~> 0.6.1)
8 | actionmailer (5.0.1)
9 | actionpack (= 5.0.1)
10 | actionview (= 5.0.1)
11 | activejob (= 5.0.1)
12 | mail (~> 2.5, >= 2.5.4)
13 | rails-dom-testing (~> 2.0)
14 | actionpack (5.0.1)
15 | actionview (= 5.0.1)
16 | activesupport (= 5.0.1)
17 | rack (~> 2.0)
18 | rack-test (~> 0.6.3)
19 | rails-dom-testing (~> 2.0)
20 | rails-html-sanitizer (~> 1.0, >= 1.0.2)
21 | actionview (5.0.1)
22 | activesupport (= 5.0.1)
23 | builder (~> 3.1)
24 | erubis (~> 2.7.0)
25 | rails-dom-testing (~> 2.0)
26 | rails-html-sanitizer (~> 1.0, >= 1.0.2)
27 | activejob (5.0.1)
28 | activesupport (= 5.0.1)
29 | globalid (>= 0.3.6)
30 | activemodel (5.0.1)
31 | activesupport (= 5.0.1)
32 | activerecord (5.0.1)
33 | activemodel (= 5.0.1)
34 | activesupport (= 5.0.1)
35 | arel (~> 7.0)
36 | activesupport (5.0.1)
37 | concurrent-ruby (~> 1.0, >= 1.0.2)
38 | i18n (~> 0.7)
39 | minitest (~> 5.1)
40 | tzinfo (~> 1.1)
41 | airbrake (5.7.1)
42 | airbrake-ruby (~> 1.7)
43 | airbrake-ruby (1.7.1)
44 | airbrake-user_informer (0.1.3)
45 | airbrake (~> 5.7)
46 | airbrake-ruby (~> 1.7)
47 | rack
48 | railties (~> 5.0.0)
49 | arel (7.1.4)
50 | autoprefixer-rails (6.7.2)
51 | execjs
52 | bcrypt (3.1.11)
53 | bootstrap-sass (3.3.7)
54 | autoprefixer-rails (>= 5.2.1)
55 | sass (>= 3.3.4)
56 | brakeman (4.1.1)
57 | builder (3.2.3)
58 | bundle-audit (0.1.0)
59 | bundler-audit
60 | bundler-audit (0.6.0)
61 | bundler (~> 1.2)
62 | thor (~> 0.18)
63 | byebug (9.0.6)
64 | concurrent-ruby (1.0.4)
65 | dotenv (2.2.0)
66 | dotenv-rails (2.2.0)
67 | dotenv (= 2.2.0)
68 | railties (>= 3.2, < 5.1)
69 | erubis (2.7.0)
70 | execjs (2.7.0)
71 | faraday (0.10.1)
72 | multipart-post (>= 1.2, < 3)
73 | font-awesome-sass (4.7.0)
74 | sass (>= 3.2)
75 | geminabox (0.13.11)
76 | builder
77 | faraday
78 | httpclient (>= 2.2.7)
79 | nesty
80 | reentrant_flock
81 | sinatra (>= 1.2.7)
82 | globalid (0.3.7)
83 | activesupport (>= 4.1.0)
84 | hashie (3.5.3)
85 | httpclient (2.8.3)
86 | i18n (0.8.0)
87 | jquery-rails (4.2.2)
88 | rails-dom-testing (>= 1, < 3)
89 | railties (>= 4.2.0)
90 | thor (>= 0.14, < 2.0)
91 | jwt (1.5.6)
92 | kgio (2.11.0)
93 | loofah (2.0.3)
94 | nokogiri (>= 1.5.9)
95 | mail (2.6.4)
96 | mime-types (>= 1.16, < 4)
97 | maxitest (2.4.0)
98 | minitest (>= 5.0.0, < 5.11.0)
99 | method_source (0.8.2)
100 | mime-types (3.1)
101 | mime-types-data (~> 3.2015)
102 | mime-types-data (3.2016.0521)
103 | mini_portile2 (2.3.0)
104 | minitest (5.10.1)
105 | minitest-spec-rails (5.4.0)
106 | minitest (~> 5.0)
107 | rails (>= 4.1)
108 | multi_json (1.12.1)
109 | multi_xml (0.6.0)
110 | multipart-post (2.0.0)
111 | mustermann (1.0.0.beta2)
112 | mysql2 (0.4.5)
113 | nesty (1.0.2)
114 | nio4r (1.2.1)
115 | nokogiri (1.8.1)
116 | mini_portile2 (~> 2.3.0)
117 | oauth2 (1.3.0)
118 | faraday (>= 0.8, < 0.11)
119 | jwt (~> 1.0)
120 | multi_json (~> 1.3)
121 | multi_xml (~> 0.5)
122 | rack (>= 1.2, < 3)
123 | omniauth (1.4.2)
124 | hashie (>= 1.2, < 4)
125 | rack (>= 1.0, < 3)
126 | omniauth-github (1.2.2)
127 | omniauth (~> 1.4.0)
128 | omniauth-oauth2 (>= 1.4.0, < 2.0)
129 | omniauth-google-oauth2 (0.4.1)
130 | jwt (~> 1.5.2)
131 | multi_json (~> 1.3)
132 | omniauth (>= 1.1.1)
133 | omniauth-oauth2 (>= 1.3.1)
134 | omniauth-oauth2 (1.4.0)
135 | oauth2 (~> 1.0)
136 | omniauth (~> 1.2)
137 | pg (0.19.0)
138 | rack (2.0.3)
139 | rack-protection (2.0.0.beta2)
140 | rack
141 | rack-test (0.6.3)
142 | rack (>= 1.0)
143 | rails (5.0.1)
144 | actioncable (= 5.0.1)
145 | actionmailer (= 5.0.1)
146 | actionpack (= 5.0.1)
147 | actionview (= 5.0.1)
148 | activejob (= 5.0.1)
149 | activemodel (= 5.0.1)
150 | activerecord (= 5.0.1)
151 | activesupport (= 5.0.1)
152 | bundler (>= 1.3.0, < 2.0)
153 | railties (= 5.0.1)
154 | sprockets-rails (>= 2.0.0)
155 | rails-dom-testing (2.0.2)
156 | activesupport (>= 4.2.0, < 6.0)
157 | nokogiri (~> 1.6)
158 | rails-html-sanitizer (1.0.3)
159 | loofah (~> 2.0)
160 | railties (5.0.1)
161 | actionpack (= 5.0.1)
162 | activesupport (= 5.0.1)
163 | method_source
164 | rake (>= 0.8.7)
165 | thor (>= 0.18.1, < 2.0)
166 | raindrops (0.17.0)
167 | rake (12.0.0)
168 | reentrant_flock (0.1.1)
169 | sass (3.4.23)
170 | sass-rails (5.0.6)
171 | railties (>= 4.0.0, < 6)
172 | sass (~> 3.1)
173 | sprockets (>= 2.8, < 4.0)
174 | sprockets-rails (>= 2.0, < 4.0)
175 | tilt (>= 1.1, < 3)
176 | sinatra (2.0.0.beta2)
177 | mustermann (= 1.0.0.beta2)
178 | rack (~> 2.0)
179 | rack-protection (= 2.0.0.beta2)
180 | tilt (~> 2.0)
181 | spring (2.0.1)
182 | activesupport (>= 4.2)
183 | sprockets (3.7.1)
184 | concurrent-ruby (~> 1.0)
185 | rack (> 1, < 3)
186 | sprockets-rails (3.2.0)
187 | actionpack (>= 4.0)
188 | activesupport (>= 4.0)
189 | sprockets (>= 3.0.0)
190 | sqlite3 (1.3.13)
191 | thor (0.19.4)
192 | thread_safe (0.3.5)
193 | tilt (2.0.8)
194 | tzinfo (1.2.2)
195 | thread_safe (~> 0.1)
196 | uglifier (3.0.4)
197 | execjs (>= 0.3.0, < 3)
198 | unicorn (4.8.3)
199 | kgio (~> 2.6)
200 | rack
201 | raindrops (~> 0.7)
202 | unicorn-rails (2.2.1)
203 | rack
204 | unicorn
205 | websocket-driver (0.6.5)
206 | websocket-extensions (>= 0.1.0)
207 | websocket-extensions (0.1.2)
208 |
209 | PLATFORMS
210 | ruby
211 |
212 | DEPENDENCIES
213 | airbrake
214 | airbrake-user_informer
215 | bcrypt
216 | bootstrap-sass
217 | brakeman
218 | bundle-audit
219 | byebug
220 | dotenv
221 | dotenv-rails
222 | font-awesome-sass
223 | geminabox (>= 0.13.5)
224 | jquery-rails
225 | maxitest
226 | minitest-spec-rails
227 | mysql2
228 | omniauth-github
229 | omniauth-google-oauth2
230 | pg
231 | rails (~> 5.0.0)
232 | sass-rails
233 | sinatra (= 2.0.0.beta2)
234 | spring
235 | sqlite3
236 | uglifier
237 | unicorn (~> 4.8.3)
238 | unicorn-rails
239 |
240 | RUBY VERSION
241 | ruby 2.3.3p222
242 |
243 | BUNDLED WITH
244 | 1.15.1
245 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
--------------------------------------------------------------------------------