Addresses vulnerability
a6c759d7e7
This gem is only used in dev/test, to generate the API docs. test plan: `rake
doc:api`, verify the docs still render correctly.
Change-Id: Ib1884ec5717bd6d252fa85cbfafb77f1be40ba24
Reviewed-on: https://gerrit.instructure.com/55350
Tested-by: Jenkins
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
it's known to not work
Change-Id: Ifa69a3390e26c172f07e178a568a1517d7c7d303
Reviewed-on: https://gerrit.instructure.com/55344
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-19449, CNVS-19454, CNVS-19455
test plan:
* configure the facebook plugin (/plugins/facebook)
* add Facebook to your authentication configs
* try to login with valid facebook credentials - it should say it
couldn't find the user
* add a login to your user with that ID
* try to login with facebook again; it should work
* delete auth settings and plugin settings
* re-add the auth settings - it should let you configure it
directly
* log in again
Change-Id: I5aae400fe39fda6e1a864a062368e50a4c9f4ede
Reviewed-on: https://gerrit.instructure.com/54208
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-20323
canvas_statsd has been packaged and published as its own gem. remove
code from gems/ and other supporting code.
updated initializer to conform with new gem default tracking options
test plan:
- enable statsd in config/statsd.yml
- visit several pages in canvas
- create some things, updates some things
- reload a page or two
- canvas should continue to function as expected
- the following statsd request keys for controller actions should
continue to be sent:
- total
- db
- view
- sql.read
- sql.write
- sql.cache
- active_record
Change-Id: I28fbf8642a3d2719b08721a3df1c7b77ac52cb1f
Reviewed-on: https://gerrit.instructure.com/54251
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jason Madsen <jmadsen@instructure.com>
The fix we were using on master was released.
Change-Id: I12159552e7a2f2b33593d08d2ad62d2d529e7e56
Reviewed-on: https://gerrit.instructure.com/53838
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
refactor the external content controller to pass the new content-item format
fixes: PLAT-968 PLAT-1008 PLAT-967
test-plan:
*the new content-item should work in module items
*regression test all of the resource selection placements, all
of the enabled resource selection return values in the old
test tool should still work in module_item selection,
homework_selection, editor_button, course migration, and
homework submission.
Change-Id: Ic6de04effb5fde311f91778a316f9c229072f275
Reviewed-on: https://gerrit.instructure.com/52926
Tested-by: Jenkins
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
The list of sanitized keys and parameter names doesn't include the rails
filter_parameters configuration by default, so add that as recommended on the
raven-ruby github wiki.
Secondly, our global ids happen to match sentry's hard-coded credit card
regex, so I got a PR merged to allow disabling the credit card sanitization.
Until a new gem is released, we'll have to pull from github.
test plan: enable sentry and generate an exception, user_id and account_id
should come across as expected.
Change-Id: I56ceae3b28ae64df61bd22c5d03db492f9880ba7
Reviewed-on: https://gerrit.instructure.com/53521
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Brian Palmer <brianp@instructure.com>
test plan: with sentry configured, rails console bootup should be one line quieter
Change-Id: If6f52983fbdba2b335a412ac9bd0902c727a5b4e
Reviewed-on: https://gerrit.instructure.com/53042
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-19630
test plan
- as a teacher who does not have a user in adobe connect yet,
create and join an adobe connect conference
- ensure that the join button allows you to join the conference
and does not log you in as a guest
Change-Id: I073c13c19b38c6f35282b80f66e2042f7016797a
Reviewed-on: https://gerrit.instructure.com/52571
Tested-by: Jenkins
Reviewed-by: Alex Boyd <aboyd@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
closes CNVS-6016
No more error reports! (soon)
this commit builds up sentry integration through the new
Canvas::Errors module, along with other things that need
to happen on every exception. ErrorReports
should now get pushed towards just being used for representing
a complaint a user filed via the get help form.
I fixed about half the things that got linted as well
while I was in here, but because this touches to much
I fear divergence from tackling too many (I think we
can safely say it's "better than we found it")
I left a lot of the infrastructure for error reports in place
until other commits for plugins can be merged
TEST PLAN:
1) setup your raven.yml config file with the dsn for our
sentry install
2) force an error to happen in a request response cycle.
3) see the error in sentry
4) force an error to happen in a job
5) see the error in sentry
6) statsd increments shoudl still fire
7) for the moment, an error report should still get created.
Change-Id: I5a9dc7214598f8d5083451fd15f0423f8f939034
Reviewed-on: https://gerrit.instructure.com/51621
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
lets rlint only run with local changeset unless you specify "--heavy"
Also checks for whether you actually touched a line
or not before deciding an INFO comment is relevant
Change-Id: I4a960c72644dfc46aca7a51d04321711cef0850c
Reviewed-on: https://gerrit.instructure.com/51992
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Tested-by: Ethan Vizitei <evizitei@instructure.com>
add migration lint as rubocop cops
create frozen constant linter
find_ids datafixup lint
send_later lint
lint send_later in predeploys
add freeze_constant cop to default config
don't forget to include rubocop when running
get the rubocop runner into the script
lint for wrong algorithm name
lint primary key
lint remove_column in predeploys
get rubocop output as parsed json
diff munging for gergich
disable a few style cops
tweak rubocop setup to allow IDE plugins to work
get gergich comment format right
shell out to gergich if we're in jenkins-land
Change-Id: I6eecc8d8ede17a755c9d9a86121c3658776de9cd
Reviewed-on: https://gerrit.instructure.com/51755
Tested-by: Jenkins
Reviewed-by: Jason Madsen <jmadsen@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
we have them in the gemfile to lock them to a specific version,
but normal behavior doesn't auto-require them
also, use 1.9 hash syntax in gemfiles (_except_ _before.rb)
Change-Id: I549c2775c65d48ff23ba1358b43713965df97813
Reviewed-on: https://gerrit.instructure.com/51636
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
This commit adds a new module called LiveEvents that knows how to send a
certain set of events to Kinesis. The module is configured via
normal plugin settings per account. Once the plugin is configured with
a Kinesis stream, events will start getting sent to that stream.
Events are sent asynchronously, in a background thread.
test plan:
* See `doc/live_events.md` for instructions on how to setup a local
kinesis stream and configure the LiveEvents plugin.
* Start tailing the stream with the command specified in
`doc/live_events.md` in a terminal.
* Perform the actions described in `doc/api/live_events.md` and verify
that events show up in your Kinesis terminal with the correct data.
Change-Id: Id799688c972205a1eee84a673912f84b0c7abb57
Reviewed-on: https://gerrit.instructure.com/50324
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Product-Review: Zach Wily <zach@instructure.com>
Change-Id: Icf5255ac2c484d88d466c9ff714c0eeb913fbb58
Reviewed-on: https://gerrit.instructure.com/51314
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
fixes CNVS-18978
test plan
- regression test canvas, particularly:
notifications, and their preferences
communication channels
messages
user ouath (like linkedin and google docs use)
avatars
profile page
user services (like twitter)
feature settings
context roster
Change-Id: I2d53125f76c9daf912fdeabc621c90ac1bd070df
Reviewed-on: https://gerrit.instructure.com/49267
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
The fix was merged and a new gem was released.
Test plan: enable with marginalia.yml, then test that the appropriate
comments still show up in logged SQL statements. For instance, load a
page in canvas, then look at the logs and verify the logged SQL
statements include controller, action and request id.
Change-Id: Ib7024c41b860ff7d4530974c74996c37e6c3d1a8
Reviewed-on: https://gerrit.instructure.com/49319
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
closes CNVS-18914
test plan:
* configure statsd in your canvas instance
* run canvas
* hit several pages in canvas that will query the DB and load AR objects
* verify that active_record key is being sent for those controller actions
Change-Id: I5ae1279bc360d7fd5ce38a4488dc9f70b9de92bc
Reviewed-on: https://gerrit.instructure.com/49666
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jason Madsen <jmadsen@instructure.com>
nokogiri is better maintained, and java compatible (both
are based on libxml2)
Change-Id: Ia7c8edea15ec001cf4861b00494e480832bd2c63
Reviewed-on: https://gerrit.instructure.com/49467
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
also make our bundler monkeypatch conditional on 1.8.0, since it
was merged upstream
Change-Id: I441755ff54c77a07b7ede03f46f45033c208e1e8
Reviewed-on: https://gerrit.instructure.com/49149
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
see https://github.com/rails/rails/pull/18306 for discussion on
why it's not released yet
Change-Id: Id0de57432df9e7db1767c8f4d75c7734799148b9
Reviewed-on: https://gerrit.instructure.com/48828
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
force users to auth google drive when the plugin is enabled
Add support for google drive in collaborations and homework submissions
Everything still looks like google docs to the user.
fixes PLAT-892
fixes PLAT-893
fixes PLAT-894
Test plan:
create a google docs integration
and enable the google drive plugin
when you visit the colaborations page it should ask you to authorize canvas to use google drive
Regression test homework submissions with google doc and drive
Regression test collaborations with google doc and drive
Change-Id: I79bdbdcae915b08a19cc9a078a64b49ef5f34796
Reviewed-on: https://gerrit.instructure.com/48583
Tested-by: Jenkins
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brad Horrocks <bhorrocks@instructure.com>
Cody Cutrer