Merge remote-tracking branch 'upstream/develop' into develop

.storybook/webpack.config.js

@@ -0,0 +1,24 @@
+var ExtractTextPlugin = require('extract-text-webpack-plugin');
+module.exports = {
+  module: {
+    loaders: [
+      {
+        test: /\.js$/,
+        exclude: /node_modules/,
+        loader: 'babel-loader'
+      },
+      {
+        test: /\.css$/,
+        loader: 'style-loader!css-loader'
+      },
+      {
+        test: /(\.png|\.gif)$/,
+        loader: 'url-loader?limit=32767'
+      },
+      {
+        test: /\.scss$/,
+        loader: 'style-loader!css-loader?sourceMap!sass-loader?sourceMap'
+      }
+    ]
+  }
+};

Gemfile

@@ -3,7 +3,7 @@ FOREMAN_GEMFILE = __FILE__ unless defined? FOREMAN_GEMFILE
 
 source 'https://rubygems.org'
 
-gem 'rails', '4.2.7.1'
+gem 'rails', '4.2.8'
 gem 'rest-client', '>= 1.8.0', '< 3', :require => 'rest_client'
 gem 'audited', '~> 4.3'
 gem 'will_paginate', '~> 3.0'

app/assets/javascripts/dashboard.js

@@ -1,6 +1,5 @@
 $(document).on('ContentLoad', function(){start_gridster(); auto_refresh()});
 
-$(document).on("click",".widget_control .minimize" ,function(){ hide_widget(this);});
 $(document).on("click",".widget_control .remove" ,function(){ remove_widget(this);});
 
 var refresh_timeout;
@@ -26,23 +25,6 @@ function start_gridster(){
         max_cols: 12,
         autogenerate_stylesheet: false
     }).data('gridster');
-
-    $(".gridster>ul>li[data-hide='true']").each(function(i, widget) {
-        $(widget).hide();
-        gridster.remove_widget(widget);
-        $(".gridster>ul").append($(widget));
-    });
-    fill_restore_list();
-}
-
-function hide_widget(item){
-    var gridster = $(".gridster>ul").gridster().data('gridster');
-    var widget = $(item).parents('li.gs-w');
-
-    widget.attr('data-hide', 'true').hide();
-    gridster.remove_widget(widget);
-    $(".gridster>ul").append(widget);
-    fill_restore_list();
 }
 
 function remove_widget(item){
@@ -101,7 +83,6 @@ function serialize_grid(){
     $(".gridster>ul>li").each(function(i, widget) {
         $widget = $(widget);
         result[$widget.data('id')] = {
-            hide:   $widget.data('hide'),
             col:    $widget.data('col'),
             row:    $widget.data('row'),
             sizex:  $widget.data('sizex'),
@@ -112,34 +93,6 @@ function serialize_grid(){
     return result;
 }
 
-function fill_restore_list(){
-   $("ul>li.widget-restore").remove();
-   var restore_list = [];
-   var hidden_widgets = $(".gridster>ul>li[data-hide='true']");
-   if (hidden_widgets.exists()){
-       hidden_widgets.each(function(i, widget) {
-           restore_list.push("<li class='widget-restore'><a href='#' onclick='show_widget(\"" +
-               $(widget).attr('data-id') + "\")'>" +
-               $(widget).attr('data-name') + "</a></li>");
-       });
-   } else {
-       restore_list.push("<li class='widget-restore'><a>" + __('Nothing to restore') + "</a></li>");
-   }
-   $('#restore_list').after(restore_list.join(" "));
-}
-
-function show_widget(id){
-    var gridster = $(".gridster>ul").gridster().data('gridster');
-    var widget = $(".gridster>ul>li[data-id="+id+"]");
-    widget.attr("data-hide", 'false');
-    widget.attr("data-row", 1);
-    widget.attr("data-col", 1);
-    widget.show();
-
-    gridster.register_widget(widget);
-    fill_restore_list();
-}
-
 function widgetLoaded(widget){
     refreshCharts();
     tfm.tools.activateTooltips(widget);

app/assets/javascripts/host_checkbox.js.erb → app/assets/javascripts/host_checkbox.js

@@ -124,7 +124,7 @@ function build_modal(element, url) {
   var title = $(element).attr('data-dialog-title');
   $('#confirmation-modal .modal-header h4').text(title);
   $('#confirmation-modal .modal-body').empty()
-    .append("<img class='modal-loading' src='<%= asset_path('spinner.gif') %>'");
+    .append("<div class='modal-spinner spinner spinner-lg'></div>");
   $('#confirmation-modal').modal();
   $("#confirmation-modal .modal-body").load(url + " #content",
       function(response, status, xhr) {

app/assets/stylesheets/application.scss

@@ -557,6 +557,13 @@ table {
   width: 80%;
 }
 
+.modal-spinner {
+  position: absolute;
+  display: block;
+  top: 50%;
+  left: 50%;
+}
+
 @media screen and (min-width: 768px) {
   .modal-big {
       width: 70%;

app/controllers/concerns/api/v2/taxonomies_controller.rb

@@ -54,6 +54,7 @@ def index
 
   api :GET, '/:resource_id/:id', N_('Show :a_resource')
   param :show_hidden_parameters, :bool, :desc => N_("Display hidden parameter values")
+  param :id, :identifier, :required => true
   def show
     @render_template ||= 'api/v2/taxonomies/show'
     render @render_template
@@ -69,6 +70,7 @@ def create
 
   api :PUT, '/:resource_id/:id', N_('Update :a_resource')
   param_group :resource
+  param :id, :identifier, :required => true
   def update
     # NOTE - if not ! and invalid, the error is undefined method `permission_failed?' for #<Location:0x7fe38c1d3ec8> (NoMethodError)
     # removed process_response & added explicit render 'api/v2/taxonomies/update'.  Otherwise, *_ids are not returned
@@ -77,6 +79,7 @@ def update
   end
 
   api :DELETE, '/:resource_id/:id', N_('Delete :a_resource')
+  param :id, :identifier, :required => true
   def destroy
     process_response @taxonomy.destroy
   rescue Ancestry::AncestryException

app/controllers/concerns/foreman/controller/parameters/keep_param.rb

@@ -8,7 +8,11 @@ module Foreman::Controller::Parameters::KeepParam
   def keep_param(params, top_level_hash, *keys)
     # Delete keys being kept from the `params` hash, so the block yielded to filters the others
     old_params = keys.inject({}) do |op,(key,val)|
-      params[top_level_hash].has_key?(key) ? op.update(key => params[top_level_hash].delete(key)) : op
+      if params[top_level_hash].has_key?(key)
+        op[key] = params[top_level_hash].delete(key)
+        op[key].permit! if op[key].is_a?(ActionController::Parameters)
+      end
+      op
     end
 
     filtered = yield

app/controllers/concerns/foreman/controller/smart_proxy_auth.rb

@@ -6,10 +6,10 @@ module Foreman::Controller::SmartProxyAuth
 
   module ClassMethods
     def add_smart_proxy_filters(actions, options = {})
-      skip_before_action :require_login, :only => actions
+      skip_before_action :require_login, :only => actions, :raise => false
       skip_before_action :authorize, :only => actions
       skip_before_action :verify_authenticity_token, :only => actions
-      skip_before_action :set_taxonomy, :only => actions
+      skip_before_action :set_taxonomy, :only => actions, :raise => false
       skip_before_action :session_expiry, :update_activity_time, :only => actions
       before_action(:only => actions) { require_smart_proxy_or_login(options[:features]) }
       attr_reader :detected_proxy
@@ -30,7 +30,11 @@ def add_smart_proxy_filters(actions, options = {})
   # Permits registered Smart Proxies or a user with permission
   def require_smart_proxy_or_login(features = nil)
     features = features.call if features.respond_to?(:call)
-    allowed_smart_proxies = features.blank? ? SmartProxy.all : SmartProxy.with_features(*features)
+    allowed_smart_proxies = if features.blank?
+                              SmartProxy.unscoped.all
+                            else
+                              SmartProxy.unscoped.with_features(*features)
+                            end
 
     if !Setting[:restrict_registered_smart_proxies] || auth_smart_proxy(allowed_smart_proxies, Setting[:require_ssl_smart_proxies])
       set_admin_user
@@ -47,7 +51,7 @@ def require_smart_proxy_or_login(features = nil)
 
   # Filter requests to only permit from hosts with a registered smart proxy
   # Uses rDNS of the request to match proxy hostnames
-  def auth_smart_proxy(proxies = SmartProxy.all, require_cert = true)
+  def auth_smart_proxy(proxies = SmartProxy.unscoped.all, require_cert = true)
     request_hosts = nil
     if request.ssl?
       # If we have the client certficate in the request environment we can extract the dn and sans from there

app/controllers/notification_recipients_controller.rb

@@ -6,7 +6,7 @@ class NotificationRecipientsController < Api::V2::BaseController
 
   def index
     @notifications = NotificationRecipient.
-      where(:user_id => User.current.id).
+      where(:user_id => User.current.id, :notification_id => Notification.active).
       order(:created_at).
       eager_load(:notification, :notification_blueprint)
 

app/controllers/templates_controller.rb

@@ -106,8 +106,13 @@ def safe_render(template)
     render :text => unattended_render(template)
   rescue => error
     Foreman::Logging.exception("Error rendering the #{template.name} template", error)
-    render :text => _("There was an error rendering the %{name} template: %{error}") % {:name => template.name, :error => error.message},
-           :status => :internal_server_error
+    if error.is_a?(Foreman::Renderer::RenderingError)
+      text = error.message
+    else
+      text = _("There was an error rendering the %{name} template: %{error}") % {:name => template.name, :error => error.message}
+    end
+
+    render :text => text, :status => :internal_server_error
   end
 
   def set_locked(locked)

app/controllers/users_controller.rb

@@ -158,7 +158,7 @@ def parameter_filter_context
   end
 
   def verify_active_session
-    if !request.post? && params[:status].blank? && User.exists?(session[:user].presence)
+    if !request.post? && params[:status].blank? && User.unscoped.exists?(session[:user].presence)
       warning _("You have already logged in")
       redirect_back_or_to hosts_path
       return

app/helpers/application_helper.rb

@@ -130,7 +130,7 @@ def display_delete_if_authorized(options = {}, html_options = {})
     text = options.delete(:text) || _("Delete")
     method = options.delete(:method) || :delete
     options = {:auth_action => :destroy}.merge(options)
-    html_options = { :data => { :confirm => _('Are you sure?') }, :method => method, :class => 'delete' }.merge(html_options)
+    html_options = { :data => { :confirm => _('Are you sure?') }, :method => method }.merge(html_options)
     display_link_if_authorized(text, options, html_options)
   end
 

app/helpers/dashboard_helper.rb

@@ -8,11 +8,9 @@ def dashboard_actions
       _("Generated at %s") % Time.zone.now.to_s(:short),
       select_action_button(
         _('Manage'), {},
-        link_to_function(_('Save dashboard'), "save_position('#{save_positions_widgets_path}')"),
+        link_to_function(_('Save positions'), "save_position('#{save_positions_widgets_path}')"),
         link_to(_('Reset to default'), reset_default_widgets_path, :method => :put),
         content_tag(:li, '', :class=>'divider'),
-        content_tag(:li, _("Restore widgets"), :class=>'nav-header', :id=>'restore_list'),
-        content_tag(:li, '', :class=>'divider'),
         content_tag(:li, _("Add widgets"), :class=>'nav-header'),
         content_tag(:li, '', :class=>'widget-add') do
           widgets_to_add
@@ -37,7 +35,7 @@ def widgets_to_add
 
   def widget_data(widget)
     { :data => { :id    => widget.id,    :name  => _(widget.name), :row  => widget.row, :col => widget.col,
-                 :sizex => widget.sizex, :sizey =>  widget.sizey,  :hide => widget.hide } }
+                 :sizex => widget.sizex, :sizey =>  widget.sizey } }
   end
 
   def count_reports(hosts)

app/models/concerns/encrypt_value.rb

@@ -39,7 +39,6 @@ def is_decryptable?(str)
 
   def encrypt_field(str)
     return str unless is_encryptable?(str)
-    encryptor = ActiveSupport::MessageEncryptor.new(encryption_key)
     begin
       # add prefix to encrypted string
       str_encrypted = "#{ENCRYPTION_PREFIX}#{encryptor.encrypt_and_sign(str)}"
@@ -53,7 +52,6 @@ def encrypt_field(str)
 
   def decrypt_field(str)
     return str unless is_decryptable?(str)
-    encryptor = ActiveSupport::MessageEncryptor.new(encryption_key)
     begin
       # remove prefix before decrypting string
       str_no_prefix = str.gsub(/^#{ENCRYPTION_PREFIX}/, "")
@@ -72,4 +70,15 @@ def puts_and_logs(msg, level = Logger::INFO)
     logger.add level, msg
     puts msg if Foreman.in_rake? && !Rails.env.test? && level >= Logger::INFO
   end
+
+  def encryptor
+    full_key = encryption_key
+
+    # Pass a limited length encryption key as Ruby's OpenSSL bindings will either raise an
+    # exception for a mis-sized key or it will be silently truncated.
+    #
+    # Pass a full length signature key though, so pre-existing encrypted data can still be verified
+    # against a key that is longer than the necessary encryption key.
+    ActiveSupport::MessageEncryptor.new(full_key[0, ActiveSupport::MessageEncryptor.key_len], full_key)
+  end
 end

app/models/concerns/hostext/search.rb

@@ -212,7 +212,7 @@ def param_conditions(p)
         p.each do |param|
           case param.class.to_s
             when 'CommonParameter'
-              # ignore
+              conditions << "1 = 1" #include all Global parameters
             when 'DomainParameter'
               conditions << "nics.domain_id = #{param.reference_id}"
             when 'OsParameter'