Release OpenProject 12.5.1

Gemfile.lock

@@ -707,11 +707,10 @@ GEM
       rack (>= 2.0.0)
     rack-mini-profiler (3.0.0)
       rack (>= 1.2.0)
-    rack-oauth2 (2.2.0)
+    rack-oauth2 (1.21.3)
       activesupport
       attr_required
-      faraday (~> 2.0)
-      faraday-follow_redirects
+      httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
     rack-protection (3.0.5)

app/services/oauth_clients/connection_manager.rb

@@ -198,23 +198,20 @@ def get_existing_token
     # Calls client.access_token!
     # Convert the various exceptions into user-friendly error strings.
     def request_new_token(options = {})
-      rack_access_token = rack_oauth_client(options).access_token!(:body)
+      rack_access_token = rack_oauth_client(options)
+                            .access_token!(:body) # Rack::OAuth2::AccessToken
 
       ServiceResult.success(result: rack_access_token)
-    rescue Rack::OAuth2::Client::Error => e
+    rescue Rack::OAuth2::Client::Error => e # Handle Rack::OAuth2 specific errors
       service_result_with_error(i18n_rack_oauth2_error_message(e), e.message)
-    rescue Faraday::TimeoutError,
-           Faraday::ConnectionFailed,
-           Faraday::ParsingError,
-           Faraday::SSLError => e
+    rescue Timeout::Error, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
+           Errno::EINVAL, Errno::ENETUNREACH, Errno::ECONNRESET, Errno::ECONNREFUSED, JSON::ParserError => e
       service_result_with_error(
-        "#{I18n.t('oauth_client.errors.oauth_returned_http_error')}: #{e.class}: #{e.message.to_html}",
-        e.message
+        "#{I18n.t('oauth_client.errors.oauth_returned_http_error')}: #{e.class}: #{e.message.to_html}"
       )
     rescue StandardError => e
       service_result_with_error(
-        "#{I18n.t('oauth_client.errors.oauth_returned_standard_error')}: #{e.class}: #{e.message.to_html}",
-        e.message
+        "#{I18n.t('oauth_client.errors.oauth_returned_standard_error')}: #{e.class}: #{e.message.to_html}"
       )
     end
 

config/locales/crowdin/pl.yml

@@ -3038,7 +3038,7 @@ pl:
         non_working: "%{day} jest teraz dniem nieroboczym"
       dates:
         working: "%{day} jest teraz roboczym"
-        non_working: "%{day} jest teraz wolnym od pracy"
+        non_working: "%{date} jest teraz wolnym od pracy"
   nothing_to_preview: "Nie ma nic do podglądu"
   api_v3:
     attributes:

docs/api/apiv3/paths/work_package.yml

@@ -72,7 +72,7 @@ get:
         type: integer
       example: 1
     - description: |-
-        In order to perform a [baseline comparison](/docs/api/baseline_comparisons) of the work-package attributes, you may
+        In order to perform a [baseline comparison](/docs/api/baseline-comparisons) of the work-package attributes, you may
         provide one or several timestamps in ISO-8601 format as comma-separated list. The timestamps may be absolute or relative.
         Usually, the first timestamp is the baseline date, the last timestamp is the current date.
       in: query

docs/api/apiv3/paths/work_packages.yml

@@ -125,7 +125,7 @@ get:
       schema:
         type: string
     - description: |-
-        In order to perform a [baseline comparison](/docs/api/baseline_comparisons), you may provide one or several timestamps
+        In order to perform a [baseline comparison](/docs/api/baseline-comparisons), you may provide one or several timestamps
         in ISO-8601 format as comma-separated list. The timestamps may be absolute or relative. Usually, the first timestamp
         is the baseline date, the last timestamp is the current date.
       example: '2022-01-01T00:00:00Z,PT0S'

docs/release-notes/12-5-0/README.md

@@ -32,7 +32,7 @@ To do so, start by clicking on **Link existing files** underneath the section of
 
 ### New file picker in OpenProject
 
-A new file picker will appear, displaying all the files and folders on your Nextcloud instance that you have permission to see. You choose the respective file or folder from Nextcloud via the file picker.
+A new file picker will appear, displaying all the files and folders on your Nextcloud instance that you have permission to see. You can choose the respective file or folder from Nextcloud via the file picker.
 
 ![openproject-nextcloud-files-picker](openproject-nextcloud-files-picker.png)
 
@@ -56,7 +56,7 @@ To save the files you uploaded to the current folder in Nextcloud, click on the
 
 If you create a new work package in OpenProject and want to add a file to the work package, you can now upload or link files from Nextcloud directly.
 
-Thereby, it gives you two options: Upload a new file or link an existing file from Nextcloud, as described above.
+Thereby, it gives you two options: upload a new file or link an existing file from Nextcloud, as described above.
 
 ![openproject-nextcloud-upload-files-empty-status](openproject-nextcloud-upload-files-empty-status.png)
 
@@ -100,7 +100,7 @@ If you want to print your Wiki, with OpenProject 12.5 you can now do so. A print
 
 ## Advanced search for work package attachment or content released for the Community
 
-With OpenProject 12.5, we are happy to announce that another Enterprise add-on was released for the free-of-charge Community version. The advanced filters enable not only full text search but also to [filter and search for work packages attachments and content of the attachments](../user-guide/work-packages/work-package-table-configuration#filter-for-attachment-file-name-and-content).
+With OpenProject 12.5, we are happy to announce that another Enterprise add-on was released for the free-of-charge Community version. The advanced filters enable not only full text search but also to [filter and search for work packages attachments and content of the attachments](../../user-guide/work-packages/work-package-table-configuration/#filter-for-attachment-file-name-and-content).
 
 ![openproject-search-work-package-attachments](openproject-search-work-package-attachments.png)
 
@@ -215,10 +215,12 @@ With OpenProject 12.5, we are happy to announce that another Enterprise add-on w
 - Epic: Show changes of project attributes in project activity view \[[#43852](https://community.openproject.com/wp/43852)\]
 - Epic: Cross-application main menu for dPhoenixSuite/Sovereign Administrative Work Place  \[[#44297](https://community.openproject.com/wp/44297)\]
 
-#### Credits and contributions
+## Credits and contributions
 A very special thank you goes to the following sponsors for features and improvements of this release:
 
-- **The City of Cologne** for having sponsored the feature of tracking project activities.
+- **The City of Cologne** for having sponsored the tracking of project changes, adding additional non-working days, and parts of the Nextcloud integration.
 - **Autoliv** for having sponsored the API changes, i.e. extending the data model and the API to save and query historic values of work packages as a foundation for the upcoming baseline comparisons.
 
 A very big thank you to M V, Sven Kunze, Rince wind, Christina Vechkanova, Johannes Frenck, Marc Burk, Jörg Nold, Nidhin Manoharan, Jörg Mollowitz, Benjamin Rönnau, Harald Herz for finding and reporting bugs.
+
+And of course, a very big thank you to the **Nextcloud** team for this amazing collaboration. 

docs/release-notes/12-5-1/README.md

@@ -0,0 +1,20 @@
+---
+title: OpenProject 12.5.1
+sidebar_navigation:
+    title: 12.5.1
+release_version: 12.5.1
+release_date: 2023-03-20
+---
+
+# OpenProject 12.5.1
+
+Release date: 2023-03-20
+
+We released [OpenProject 12.5.1](https://community.openproject.com/versions/1692).
+The release contains several bug fixes and we recommend updating to the newest version.
+
+<!--more-->
+#### Bug fixes and changes
+
+- Fixed: Changing non working days in Polish fails \[[#47020](https://community.openproject.com/wp/47020)\]
+- Fixed: Unable to login via oauth provider (e.g. Azure) \[[#47044](https://community.openproject.com/wp/47044)\]

docs/release-notes/README.md

@@ -14,6 +14,13 @@ Stay up to date and get an overview of the new features included in the releases
 <!--- New release notes are generated below. Do not remove comment. -->
 <!--- RELEASE MARKER -->
 
+## 12.5.1
+
+Release date: 2023-03-20
+
+[Release Notes](12-5-1/)
+
+
 ## 12.5.0
 
 Release date: 2023-03-20

docs/system-admin-guide/working-days/README.md

@@ -48,7 +48,3 @@ We only recommend changing this setting if you are absolutely sure and you are a
 ### Effect on calendars
 
 The non-working days defined here are coloured differently, generally with a darker background colour, on the [work package date picker](../../user-guide/work-packages/set-change-dates/#working-days-and-duration), [Gantt chart](../../user-guide/gantt-chart/) and the [Team planner](../../user-guide/team-planner/) and [calendar](../../user-guide/calendar/) modules.
-
-
-
-###### 

lib/open_project/version.rb

@@ -33,7 +33,7 @@ module OpenProject
   module VERSION # :nodoc:
     MAJOR = 12
     MINOR = 5
-    PATCH = 0
+    PATCH = 1
 
     class << self
       # Used by semver to define the special version (if any).

modules/openid_connect/lib/open_project/openid_connect/engine.rb

@@ -28,6 +28,12 @@ class Engine < ::Rails::Engine
     class_inflection_override('openid_connect' => 'OpenIDConnect')
 
     register_auth_providers do
+      # Use OpenSSL default certificate store instead of HTTPClient's.
+      # It's outdated and it's unclear how it's managed.
+      OpenIDConnect.http_config do |config|
+        config.ssl_config.set_default_paths
+      end
+
       OmniAuth::OpenIDConnect::Providers.configure custom_options: %i[
         display_name? icon? sso? issuer?
         check_session_iframe? end_session_endpoint?

spec/services/oauth_clients/connection_manager_spec.rb

@@ -142,7 +142,7 @@
   # The callback endpoint calls `code_to_token(code)` with the code
   # received and exchanges the code for a bearer+refresh token
   # using a HTTP request.
-  describe '#code_to_token', webmock: true do
+  describe '#code_to_token' do
     let(:code) { "7kRGJ...jG3KZ" }
 
     subject { instance.code_to_token(code) }
@@ -158,19 +158,19 @@
           user_id: "admin"
         }.to_json
         stub_request(:any, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-          .to_return(status: 200, body: response_body, headers: { "content-type" => "application/json; charset=utf-8" })
+          .to_return(status: 200, body: response_body)
       end
 
-      it 'returns a valid ClientToken object' do
+      it 'returns a valid ClientToken object', webmock: true do
         expect(subject.success).to be_truthy
         expect(subject.result).to be_a OAuthClientToken
       end
     end
 
-    context 'with known error' do
+    context 'with known error', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-          .to_return(status: 400, body: { error: error_message }.to_json, headers: { "content-type" => "application/json; charset=utf-8" })
+          .to_return(status: 400, body: { error: error_message }.to_json)
       end
 
       shared_examples 'OAuth2 error response' do
@@ -195,10 +195,10 @@
       end
     end
 
-    context 'with known reply invalid_grant' do
+    context 'with known reply invalid_grant', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-          .to_return(status: 400, body: { error: "invalid_grant" }.to_json, headers: { "content-type" => "application/json; charset=utf-8" })
+          .to_return(status: 400, body: { error: "invalid_grant" }.to_json)
       end
 
       it 'returns a specific error message' do
@@ -209,10 +209,10 @@
       end
     end
 
-    context 'with unknown reply' do
+    context 'with unknown reply', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-          .to_return(status: 400, body: { error: "invalid_requesttt" }.to_json, headers: { "content-type" => "application/json; charset=utf-8" })
+          .to_return(status: 400, body: { error: "invalid_requesttt" }.to_json)
       end
 
       it 'returns an unspecific error message' do
@@ -223,7 +223,7 @@
       end
     end
 
-    context 'with reply including JSON syntax error' do
+    context 'with reply including JSON syntax error', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
           .to_return(
@@ -235,13 +235,13 @@
 
       it 'returns an unspecific error message' do
         expect(subject.success).to be_falsey
-        expect(subject.result).to eq "unexpected token at 'some: very, invalid> <json}'"
+        expect(subject.result).to eq 'Unknown :: some: very, invalid> <json}'
         expect(subject.errors[:base].count).to be(1)
-        expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_http_error')
+        expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_error')
       end
     end
 
-    context 'with 500 reply without body' do
+    context 'with 500 reply without body', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
           .to_return(status: 500)
@@ -255,42 +255,29 @@
       end
     end
 
-    context 'when something is wrong with connection' do
-      before do
-        stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token')).to_raise(Faraday::ConnectionFailed)
-      end
-
-      it 'returns an unspecific error message' do
-        expect(subject.success).to be_falsey
-        expect(subject.result).to eq("Exception from WebMock")
-        expect(subject.errors[:base].count).to be(1)
-        expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_http_error')
-      end
-    end
-
-    context 'when something is wrong with SSL' do
+    context 'with bad HTTP response', webmock: true do
       before do
-        stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token')).to_raise(Faraday::SSLError)
+        stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token')).to_raise(Net::HTTPBadResponse)
       end
 
       it 'returns an unspecific error message' do
         expect(subject.success).to be_falsey
-        expect(subject.result).to eq("Exception from WebMock")
+        expect(subject.result).to be_nil
         expect(subject.errors[:base].count).to be(1)
         expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_http_error')
       end
     end
 
-    context 'with timeout returns internal error' do
+    context 'with timeout returns internal error', webmock: true do
       before do
         stub_request(:post, File.join(host, '/index.php/apps/oauth2/api/v1/token')).to_timeout
       end
 
       it 'returns an unspecific error message' do
         expect(subject.success).to be_falsey
-        expect(subject.result).to eq("execution expired")
+        expect(subject.result).to be_nil
         expect(subject.errors[:base].count).to be(1)
-        expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_http_error')
+        expect(subject.errors[:base].first).to include I18n.t('oauth_client.errors.oauth_returned_standard_error')
       end
     end
   end
@@ -325,7 +312,7 @@
               user_id: "admin"
             }.to_json
             stub_request(:any, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-              .to_return(status: 200, body: response_body, headers: { "content-type" => "application/json; charset=utf-8" })
+              .to_return(status: 200, body: response_body)
           end
 
           it 'returns a valid ClientToken object', webmock: true do
@@ -348,7 +335,7 @@
               user_id: "admin"
             }.to_json
             stub_request(:any, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-              .to_return(status: 200, body: response_body, headers: { "content-type" => "application/json; charset=utf-8" })
+              .to_return(status: 200, body: response_body)
           end
 
           it 'returns dependent error from model validation', webmock: true do
@@ -362,7 +349,7 @@
         context 'with server error from OAuth2 provider' do
           before do
             stub_request(:any, File.join(host, '/index.php/apps/oauth2/api/v1/token'))
-              .to_return(status: 400, body: { error: "invalid_request" }.to_json, headers: { "content-type" => "application/json; charset=utf-8" })
+              .to_return(status: 400, body: { error: "invalid_request" }.to_json)
           end
 
           it 'returns a server error', webmock: true do
@@ -381,7 +368,7 @@
 
           it 'returns a valid ClientToken object', webmock: true do
             expect(subject.success).to be_falsey
-            expect(subject.result).to eq("execution expired")
+            expect(subject.result).to be_nil
             expect(subject.errors.size).to be(1)
           end
         end
@@ -409,8 +396,8 @@
             response_body2[:access_token] = "differ...RYvRH"
             request_url = File.join(host, '/index.php/apps/oauth2/api/v1/token')
             stub_request(:any, request_url).to_return(
-              { status: 200, body: response_body1.to_json, headers: { "content-type" => "application/json; charset=utf-8" } },
-              { status: 200, body: response_body2.to_json, headers: { "content-type" => "application/json; charset=utf-8" } }
+              { status: 200, body: response_body1.to_json },
+              { status: 200, body: response_body2.to_json }
             )
 
             result1 = nil
@@ -446,8 +433,8 @@
             response_body2[:access_token] = "differ...RYvRH"
             request_url = File.join(host, '/index.php/apps/oauth2/api/v1/token')
             stub_request(:any, request_url)
-              .to_return(status: 200, body: response_body1.to_json, headers: { "content-type" => "application/json; charset=utf-8" }).then
-              .to_return(status: 200, body: response_body2.to_json, headers: { "content-type" => "application/json; charset=utf-8" })
+              .to_return(status: 200, body: response_body1.to_json).then
+              .to_return(status: 200, body: response_body2.to_json)
 
             result1 = nil
             result2 = nil