use safe_yaml
Includes the safe_yaml gem, which replaces YAML.load and friends with a "safe"
version by default, that does not create arbitrary objects.
DelayedJobs was modified to use unsafe_load, as it relies on deserializing
ruby objects.
The biggest impact is with serialized columns - many of those store
non-simple data types. Most commonly HashWithIndifferentAccess, but
there are a few others as well. Our version of the safe_yaml gem allows
for whitelisting certain classes.
The I18nExtraction::SafeYAML class was also removed, as it's no longer
needed. The extraction task was updated to call YAML.safe_load to be
explicit.
Currently, Gemfile is pointing to the Instructure fork of the safe_yaml
gem on github. This needs to be released as a gem.
Closes CNVS-3784
test plan: If any serialized YAML columns contain a class that we missed
in our whitelist, then that column will fail to deserialize and the
model will behave incorrectly. It's difficult to say what exactly should
be tested, as all the classes should be whitelisted. A general
regression test on migrations, course copy, scribd, and quizzes would
cover most of it.
Change-Id: I3e1a95e101ada3a1b2366ff1ca70db6d17742cce
Reviewed-on: https://gerrit.instructure.com/17404
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
2013-02-03 18:36:30 +08:00
|
|
|
source 'https://rubygems.org/'
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2013-04-19 23:54:35 +08:00
|
|
|
if RUBY_VERSION < "1.9.3" || RUBY_VERSION >= "2.0"
|
|
|
|
|
raise "Canvas requires Ruby 1.9.3"
|
|
|
|
|
end
|
|
|
|
|
|
2013-03-21 04:30:20 +08:00
|
|
|
require File.expand_path("../config/canvas_rails3", __FILE__)
|
|
|
|
|
|
|
|
|
|
if CANVAS_RAILS3
|
|
|
|
|
# 3.0.20 is transitional, we will be on 3.2.x before support is complete
|
|
|
|
|
# that's also why some gems below have to be downgraded, 3.0.20 relies on old versions of some gems
|
|
|
|
|
# just to be clear, Canvas is NOT READY to run under Rails 3 in production
|
|
|
|
|
gem 'rails', '3.0.20'
|
|
|
|
|
gem 'authlogic', '3.2.0'
|
|
|
|
|
else
|
2013-06-22 03:59:26 +08:00
|
|
|
# If you have a license to rails lts, you can create a vendor/plugins/*/RAILS_LTS yaml file
|
|
|
|
|
# with the Gemfile `gem` command to use (pointing to the private repo with your username/password).
|
|
|
|
|
# Otherwise, the free community version of rails lts will be used.
|
|
|
|
|
lts_file = Dir.glob(File.expand_path("../vendor/plugins/*/RAILS_LTS", __FILE__)).first
|
|
|
|
|
if lts_file
|
|
|
|
|
eval(File.read(lts_file))
|
|
|
|
|
else
|
|
|
|
|
gem 'rails', :git => 'https://github.com/makandra/rails.git', :branch => '2-3-lts', :ref => 'e86daf8ff727d5efc0040c876ba00c9444a5d915'
|
|
|
|
|
end
|
2013-03-21 04:30:20 +08:00
|
|
|
gem 'authlogic', '2.1.3'
|
|
|
|
|
end
|
2011-09-27 13:28:33 +08:00
|
|
|
|
2013-03-08 03:28:42 +08:00
|
|
|
gem "aws-sdk", '1.8.3.1'
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
gem 'barby', '0.5.0'
|
make "stay logged in" use a one-time token
closes #6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
2011-11-22 05:20:48 +08:00
|
|
|
gem 'bcrypt-ruby', '3.0.1'
|
2011-02-01 09:57:29 +08:00
|
|
|
gem 'builder', '2.1.2'
|
2013-03-21 04:30:20 +08:00
|
|
|
if !CANVAS_RAILS3
|
2013-07-11 02:54:38 +08:00
|
|
|
gem 'canvas_connect', '0.1.1'
|
2013-03-21 04:30:20 +08:00
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
gem 'daemons', '1.1.0'
|
2013-03-22 07:32:21 +08:00
|
|
|
gem 'diff-lcs', '1.1.3', :require => 'diff/lcs'
|
2013-03-21 04:30:20 +08:00
|
|
|
if !CANVAS_RAILS3
|
2013-04-26 07:06:20 +08:00
|
|
|
gem 'encrypted_cookie_store-instructure', '1.0.4', :require => 'encrypted_cookie_store'
|
2013-03-21 04:30:20 +08:00
|
|
|
end
|
|
|
|
|
gem 'erubis', CANVAS_RAILS3 ? '2.6.6' : '2.7.0'
|
|
|
|
|
if !CANVAS_RAILS3
|
2013-06-15 01:09:41 +08:00
|
|
|
gem 'fake_arel', '1.0.0'
|
2013-03-21 04:30:20 +08:00
|
|
|
end
|
2013-08-13 03:35:03 +08:00
|
|
|
gem 'fake_rails3_routes', '1.0.4'
|
2012-09-04 12:01:08 +08:00
|
|
|
gem 'ffi', '1.1.5'
|
2013-04-18 03:41:39 +08:00
|
|
|
gem 'hairtrigger', '0.2.3'
|
Fully adopt Bootstrap & update css to work with it, closes: #CNVS-1344
this commit does the following:
* upgrade bootstrap-sass gem to most recent version
* switches to using bootstrap's normalize.css and forms.css
which fixes a whole bunch of misformatting of how bootstrap
stuff is supposed to look, but changing those 2 affects
a lot of our old stylesheets.
* gets rid of unified_buttons.sass and just uses bootstraps buttons.
.ui-button @extends these because we still have to support .ui-button
for modals & buttonsets. but .button is no longer supported.
* a lot of css file reorganization (there's no more 'blue' and
'normal canvas', there's just canvas)
* a bunch of files had to be tweaked to look good with these changes.
test plan:
This change touches every page in canvas so, no kidding, we need to make
sure every page looks OK. In order to do that:
1. each sprint team needs to give a +1 after they make sure all the
pages in the features they are over look good.
2. the QA person on each team needs to look at the pages for their
teams features for a QA +1
things to look for specifically when testing:
* buttons: this gets rid of all those red 'cancel' links
that are actually buttons, make sure all the buttons you see
look right. if you see 2 plain gray buttons next to each other
like [Save] [Cancel], we should make the primary one blue (by
adding the .btn-primary class)
* Forms: a lot of this change has to do with how form elements look,
especially <select>s, <input>s and <label>s. look at the diffs
for the ones that have the most changes and make sure those look
good, but also check for the ones I missed and make sure those
look good too.
* and just random style changes, if something looks ugly or broken
(and it didn't before), we should fix that.
Also:
just use a link instead of a drop-menu for adding event from sidebar
we used to have a drop down menu for adding events
to cal2 from the sidebar where you'd hit a cog
and it'd ask you if you wanted to add an event or
an assignment. this just simplifies it to an add
icon.
this: http://cl.ly/image/133a2A3q3q1M
instead of: http://cl.ly/image/46463o2s3W0g
Change-Id: I384fe273934bca96bf28423afb1402c7792d8766
Reviewed-on: https://gerrit.instructure.com/15422
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
2012-12-21 14:46:28 +08:00
|
|
|
gem 'sass', '3.2.3'
|
2011-03-30 05:18:17 +08:00
|
|
|
gem 'hashery', '1.3.0', :require => 'hashery/dictionary'
|
|
|
|
|
gem 'highline', '1.6.1'
|
2013-03-21 04:30:20 +08:00
|
|
|
gem 'i18n', CANVAS_RAILS3 ? '0.5.0' : '0.6.0'
|
2013-06-19 00:13:38 +08:00
|
|
|
if !CANVAS_RAILS3
|
|
|
|
|
gem 'i18nema', '0.0.7'
|
|
|
|
|
end
|
2011-03-30 05:18:17 +08:00
|
|
|
gem 'icalendar', '1.1.5'
|
2012-06-14 00:18:01 +08:00
|
|
|
gem 'jammit', '0.6.6'
|
2013-05-31 04:35:01 +08:00
|
|
|
gem 'json', '1.8.0'
|
2011-02-01 09:57:29 +08:00
|
|
|
# native xml parsing, diigo
|
2013-03-15 06:58:40 +08:00
|
|
|
gem 'libxml-ruby', '2.6.0', :require => 'xml/libxml'
|
2011-08-11 01:53:45 +08:00
|
|
|
gem 'macaddr', '1.0.0' # macaddr 1.2.0 tries to require 'systemu' which isn't a dependency
|
2013-04-19 23:54:35 +08:00
|
|
|
gem 'mail', CANVAS_RAILS3 ? '2.2.19' : '2.5.3'
|
2013-04-09 04:23:01 +08:00
|
|
|
# using this forked gem until https://github.com/37signals/marginalia/pull/15 is in the source gem
|
|
|
|
|
gem 'instructure-marginalia', '1.1.3', :require => false
|
2012-12-06 03:55:37 +08:00
|
|
|
gem 'mime-types', '1.17.2', :require => 'mime/types'
|
2011-02-01 09:57:29 +08:00
|
|
|
# attachment_fu (even the current technoweenie one on github) does not work
|
|
|
|
|
# with mini_magick 3.1
|
|
|
|
|
gem 'mini_magick', '1.3.2'
|
2011-09-04 13:19:47 +08:00
|
|
|
gem 'netaddr', '1.5.0'
|
2013-03-15 06:58:40 +08:00
|
|
|
gem 'nokogiri', '1.5.6'
|
2013-03-22 07:32:21 +08:00
|
|
|
# oauth gem, with rails3 fixes rolled in
|
|
|
|
|
gem 'oauth-instructure', '0.4.9', :require => 'oauth'
|
2013-03-21 04:30:20 +08:00
|
|
|
gem 'rack', CANVAS_RAILS3 ? '1.2.5' : '1.1.3'
|
2013-06-26 05:41:10 +08:00
|
|
|
gem 'rake', '10.1.0'
|
2012-04-18 04:11:15 +08:00
|
|
|
gem 'rdoc', '3.12'
|
2011-09-30 05:47:49 +08:00
|
|
|
gem 'ratom-instructure', '0.6.9', :require => "atom" # custom gem until necessary changes are merged into mainstream
|
2011-05-07 02:44:34 +08:00
|
|
|
gem 'rdiscount', '1.6.8'
|
2011-05-25 03:12:22 +08:00
|
|
|
gem 'ritex', '1.0.1'
|
2013-06-15 01:09:41 +08:00
|
|
|
if CANVAS_RAILS3
|
|
|
|
|
gem 'routing_concerns', '0.1.0'
|
|
|
|
|
end
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
gem 'rotp', '1.4.1'
|
|
|
|
|
gem 'rqrcode', '0.4.2'
|
2011-02-01 09:57:29 +08:00
|
|
|
gem 'rscribd', '1.2.0'
|
2012-08-15 02:52:10 +08:00
|
|
|
gem 'net-ldap', '0.3.1', :require => 'net/ldap'
|
2013-05-08 05:36:43 +08:00
|
|
|
gem 'ruby-saml-mod', '0.1.22'
|
2011-04-08 07:01:32 +08:00
|
|
|
gem 'rubycas-client', '2.2.1'
|
2013-01-22 04:54:23 +08:00
|
|
|
gem 'rubyzip', '0.9.5', :require => 'zip/zip'
|
use safe_yaml
Includes the safe_yaml gem, which replaces YAML.load and friends with a "safe"
version by default, that does not create arbitrary objects.
DelayedJobs was modified to use unsafe_load, as it relies on deserializing
ruby objects.
The biggest impact is with serialized columns - many of those store
non-simple data types. Most commonly HashWithIndifferentAccess, but
there are a few others as well. Our version of the safe_yaml gem allows
for whitelisting certain classes.
The I18nExtraction::SafeYAML class was also removed, as it's no longer
needed. The extraction task was updated to call YAML.safe_load to be
explicit.
Currently, Gemfile is pointing to the Instructure fork of the safe_yaml
gem on github. This needs to be released as a gem.
Closes CNVS-3784
test plan: If any serialized YAML columns contain a class that we missed
in our whitelist, then that column will fail to deserialize and the
model will behave incorrectly. It's difficult to say what exactly should
be tested, as all the classes should be whitelisted. A general
regression test on migrations, course copy, scribd, and quizzes would
cover most of it.
Change-Id: I3e1a95e101ada3a1b2366ff1ca70db6d17742cce
Reviewed-on: https://gerrit.instructure.com/17404
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
2013-02-03 18:36:30 +08:00
|
|
|
gem 'safe_yaml-instructure', '0.8.0', :require => false
|
2012-01-11 10:12:36 +08:00
|
|
|
gem 'sanitize', '2.0.3'
|
2013-04-03 01:53:08 +08:00
|
|
|
gem 'shackles', '1.0.0'
|
2013-02-23 02:40:00 +08:00
|
|
|
gem 'tzinfo', '0.3.35'
|
2013-03-12 07:45:36 +08:00
|
|
|
gem 'useragent', '0.4.16'
|
2011-06-11 00:07:31 +08:00
|
|
|
gem 'uuid', '2.3.2'
|
2011-02-01 09:57:29 +08:00
|
|
|
gem 'will_paginate', '2.3.15'
|
2011-03-30 05:18:17 +08:00
|
|
|
gem 'xml-simple', '1.0.12', :require => 'xmlsimple'
|
2012-05-08 04:18:47 +08:00
|
|
|
gem 'foreigner', '0.9.2'
|
2012-08-21 07:41:42 +08:00
|
|
|
gem 'crocodoc-ruby', '0.0.1', :require => 'crocodoc'
|
2013-09-05 00:42:21 +08:00
|
|
|
# needs https://github.com/regru/premailer/commit/8d3ae698eff135011b19e1587a68c399ec97b185
|
|
|
|
|
# we can go back to the gem once 1.7.8 is released
|
|
|
|
|
gem 'regru-premailer', :require => 'premailer', :git => "https://github.com/regru/premailer.git", :ref => "08a73c70701f5d81bc4a5cf6c959a45ad94db88e"
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2012-04-19 00:24:58 +08:00
|
|
|
group :assets do
|
Fully adopt Bootstrap & update css to work with it, closes: #CNVS-1344
this commit does the following:
* upgrade bootstrap-sass gem to most recent version
* switches to using bootstrap's normalize.css and forms.css
which fixes a whole bunch of misformatting of how bootstrap
stuff is supposed to look, but changing those 2 affects
a lot of our old stylesheets.
* gets rid of unified_buttons.sass and just uses bootstraps buttons.
.ui-button @extends these because we still have to support .ui-button
for modals & buttonsets. but .button is no longer supported.
* a lot of css file reorganization (there's no more 'blue' and
'normal canvas', there's just canvas)
* a bunch of files had to be tweaked to look good with these changes.
test plan:
This change touches every page in canvas so, no kidding, we need to make
sure every page looks OK. In order to do that:
1. each sprint team needs to give a +1 after they make sure all the
pages in the features they are over look good.
2. the QA person on each team needs to look at the pages for their
teams features for a QA +1
things to look for specifically when testing:
* buttons: this gets rid of all those red 'cancel' links
that are actually buttons, make sure all the buttons you see
look right. if you see 2 plain gray buttons next to each other
like [Save] [Cancel], we should make the primary one blue (by
adding the .btn-primary class)
* Forms: a lot of this change has to do with how form elements look,
especially <select>s, <input>s and <label>s. look at the diffs
for the ones that have the most changes and make sure those look
good, but also check for the ones I missed and make sure those
look good too.
* and just random style changes, if something looks ugly or broken
(and it didn't before), we should fix that.
Also:
just use a link instead of a drop-menu for adding event from sidebar
we used to have a drop down menu for adding events
to cal2 from the sidebar where you'd hit a cog
and it'd ask you if you wanted to add an event or
an assignment. this just simplifies it to an add
icon.
this: http://cl.ly/image/133a2A3q3q1M
instead of: http://cl.ly/image/46463o2s3W0g
Change-Id: I384fe273934bca96bf28423afb1402c7792d8766
Reviewed-on: https://gerrit.instructure.com/15422
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
2012-12-21 14:46:28 +08:00
|
|
|
gem 'compass-rails', '1.0.3'
|
2013-04-10 23:24:51 +08:00
|
|
|
gem 'dress_code', '1.0.2'
|
2012-04-19 00:24:58 +08:00
|
|
|
end
|
|
|
|
|
|
2011-03-01 08:37:39 +08:00
|
|
|
group :mysql do
|
2013-02-27 01:37:54 +08:00
|
|
|
gem 'mysql2', '0.2.18'
|
2011-03-01 08:37:39 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
group :postgres do
|
2013-04-06 03:45:22 +08:00
|
|
|
gem 'pg', '0.15.0'
|
2011-03-01 08:37:39 +08:00
|
|
|
end
|
|
|
|
|
|
2011-05-21 06:15:29 +08:00
|
|
|
group :sqlite do
|
|
|
|
|
gem 'sqlite3-ruby', '1.3.2'
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
group :test do
|
2013-06-18 01:37:33 +08:00
|
|
|
gem 'simplecov', '0.7.1' if ENV['COVERAGE'] != nil && ENV['COVERAGE'] == "1" # for coverage reporting
|
2011-03-30 05:18:17 +08:00
|
|
|
gem 'bluecloth', '2.0.10' # for generating api docs
|
2013-03-12 04:17:20 +08:00
|
|
|
gem 'mocha', :git => 'git://github.com/ccutrer/mocha.git', :require => false
|
2013-08-21 04:33:21 +08:00
|
|
|
gem 'parallelized_specs', '0.4.64'
|
2013-05-24 03:18:11 +08:00
|
|
|
gem 'thin', '1.5.1'
|
2013-03-22 07:32:21 +08:00
|
|
|
if CANVAS_RAILS3
|
|
|
|
|
gem 'rspec-rails', '2.13.0'
|
|
|
|
|
else
|
|
|
|
|
gem 'rspec', '1.3.2'
|
|
|
|
|
gem 'rspec-rails', '1.3.4'
|
|
|
|
|
end
|
2013-09-12 06:17:54 +08:00
|
|
|
gem 'selenium-webdriver', '2.35.0'
|
2011-09-30 06:43:20 +08:00
|
|
|
gem 'webrat', '0.7.3'
|
2012-05-04 00:14:19 +08:00
|
|
|
gem 'yard', '0.8.0'
|
2013-02-05 14:35:51 +08:00
|
|
|
gem 'yard-appendix', '>=0.1.8'
|
2013-08-08 04:11:48 +08:00
|
|
|
gem 'timecop', '0.6.3'
|
2013-04-19 23:54:35 +08:00
|
|
|
gem 'test-unit', '1.2.3'
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
group :development do
|
2013-05-01 03:47:24 +08:00
|
|
|
gem 'guard', '1.8.0'
|
2013-03-14 05:05:14 +08:00
|
|
|
gem 'rb-inotify', '~>0.9.0', :require => false
|
2012-12-27 08:14:06 +08:00
|
|
|
gem 'rb-fsevent', :require => false
|
|
|
|
|
gem 'rb-fchange', :require => false
|
|
|
|
|
|
2013-02-08 04:57:04 +08:00
|
|
|
# Option to DISABLE_RUBY_DEBUGGING is helpful IDE-based debugging.
|
|
|
|
|
# The ruby debug gems conflict with the IDE-based debugger gem.
|
|
|
|
|
# Set this option in your dev environment to disable.
|
|
|
|
|
unless ENV['DISABLE_RUBY_DEBUGGING']
|
2013-04-19 23:54:35 +08:00
|
|
|
gem 'debugger', '1.5.0'
|
2011-09-27 13:28:33 +08:00
|
|
|
end
|
2012-12-27 08:14:06 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
group :development, :test do
|
|
|
|
|
gem 'coffee-script'
|
2013-03-21 12:11:41 +08:00
|
|
|
gem 'coffee-script-source', '1.6.2' #pinned so everyone's compiled output matches
|
2013-08-21 21:22:00 +08:00
|
|
|
gem 'execjs', '1.4.0'
|
2012-12-27 08:14:06 +08:00
|
|
|
gem 'parallel', '0.5.16'
|
2012-06-13 06:07:14 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
group :i18n_tools do
|
2013-04-18 03:41:39 +08:00
|
|
|
gem 'ruby_parser', '3.1.3'
|
|
|
|
|
gem 'sexp_processor', '4.2.1'
|
2011-07-16 00:59:22 +08:00
|
|
|
gem 'ya2yaml', '0.30'
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2011-03-23 07:02:27 +08:00
|
|
|
group :redis do
|
2012-11-14 04:55:14 +08:00
|
|
|
gem 'instructure-redis-store', '1.0.0.2.instructure1', :require => 'redis-store'
|
2012-06-13 00:17:36 +08:00
|
|
|
gem 'redis', '3.0.1'
|
user request throttling
Define the cost of a request as (user cpu + time spent in db queries),
then store that using a leaky bucket algorithm in redis. The algorithm
is slightly modified from a normal leaky bucket, see the comments in the
code.
The parameters (maximum, hwm, outflow) are configurable Settings.
Because this code path is hit on every request, I've tried to keep the
added latency to a minimum.
Uses lua scripting in redis to avoid the latency of an extra round trip
(two round trips with lua, one at the beginning of the request and one
at the end, vs at least three without lua).
closes CNVS-7008
test plan:
* Given the default params, you're not going to ever hit the throttling
limit without making multiple requests in parallel. Normally local dev
environments won't process parallel requests, so you'll want to tweak
the config params.
* Setting.set('request_throttle.hwm', '2')
* Setting.set('request_throttle.outflow', '0.1')
* Make canvas http requests as a logged in user, and verify that after a
few requests in quick succession, you get a 403 response. After
waiting a second for your bucket to fall back below the threshold, you
can make requests again.
* Do the same using the api and sending your access token in the query
string or http auth header.
* This should work correctly with a clustered redis as well.
* If possible it'd be good to test parallel requests as well. The code
should handle this correctly and combine the cost of the parallel
requests, rather than stomping on the values.
Change-Id: I1fdfd4e009d81bd6525bcf45a93437f4c395f129
Reviewed-on: https://gerrit.instructure.com/24256
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
2013-08-21 23:03:42 +08:00
|
|
|
gem 'redis-scripting', '1.0.1'
|
2011-03-23 07:02:27 +08:00
|
|
|
end
|
|
|
|
|
|
2012-09-25 04:05:43 +08:00
|
|
|
group :cassandra do
|
2013-05-07 05:30:56 +08:00
|
|
|
gem 'cassandra-cql', '1.1.5'
|
2012-09-25 04:05:43 +08:00
|
|
|
end
|
|
|
|
|
|
2012-05-16 05:15:11 +08:00
|
|
|
group :embedly do
|
|
|
|
|
gem 'embedly', '1.5.5'
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-02 04:36:26 +08:00
|
|
|
group :statsd do
|
|
|
|
|
gem 'statsd-ruby', '1.0.0', :require => 'statsd'
|
|
|
|
|
end
|
|
|
|
|
|
2013-06-22 01:09:05 +08:00
|
|
|
group :icu do
|
|
|
|
|
gem 'ffi-icu', '0.1.2'
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
# Non-standard Canvas extension to Bundler behavior -- load the Gemfiles from
|
|
|
|
|
# plugins.
|
|
|
|
|
Dir[File.join(File.dirname(__FILE__),'vendor/plugins/*/Gemfile')].each do |g|
|
|
|
|
|
eval(File.read(g))
|
|
|
|
|
end
|