[pull] dev from opf:dev

lib/tasks/parallel_testing.rake

@@ -67,7 +67,7 @@ namespace :parallel do
   end
 
   def group_option_string(parsed_options)
-    group_options  = parsed_options ? "-n #{parsed_options[:num_cpus]}" : ""
+    group_options  = parsed_options[:num_cpus] ? "-n #{parsed_options[:num_cpus]}" : ""
     group_options += " --only-group #{parsed_options[:group]}" if parsed_options[:group]
 
     group_options

lib_static/open_project/authentication/strategies/warden/jwt_oidc.rb

@@ -5,12 +5,6 @@ module Warden
         class JwtOidc < ::Warden::Strategies::Base
           include FailWithHeader
 
-          SUPPORTED_ALG = %w[
-            RS256
-            RS384
-            RS512
-          ].freeze
-
           # The strategy is supposed to only handle JWT.
           # These tokens are supposed to be issued by configured OIDC.
           def valid?
@@ -19,60 +13,21 @@ def valid?
             )
             return false if @access_token.blank?
 
-            @unverified_payload, @unverified_header = JWT.decode(@access_token, nil, false)
-            @unverified_header.present? && @unverified_payload.present?
+            unverified_payload, unverified_header = JWT.decode(@access_token, nil, false)
+            unverified_payload.present? && unverified_header.present?
           rescue JWT::DecodeError
             false
           end
 
           def authenticate!
-            issuer = @unverified_payload["iss"]
-            provider = OpenProject::OpenIDConnect.providers.find { |p| p.configuration[:issuer] == issuer } if issuer.present?
-            if provider.blank?
-              return fail_with_header!(error: "invalid_token", error_description: "The access token issuer is unknown")
-            end
-
-            client_id = provider.configuration.fetch(:identifier)
-            alg = @unverified_header.fetch("alg")
-            if SUPPORTED_ALG.exclude?(alg)
-              return fail_with_header!(error: "invalid_token", error_description: "Token signature algorithm is not supported")
-            end
-
-            kid = @unverified_header.fetch("kid")
-            jwks_uri = provider.configuration[:jwks_uri]
-            begin
-              key = JSON::JWK::Set::Fetcher.fetch(jwks_uri, kid:).to_key
-            rescue JSON::JWK::Set::KidNotFound
-              return fail_with_header!(error: "invalid_token", error_description: "The access token signature kid is unknown")
-            end
-
-            begin
-              verified_payload, = JWT.decode(
-                @access_token,
-                key,
-                true,
-                {
-                  algorithm: alg,
-                  verify_iss: true,
-                  verify_aud: true,
-                  iss: issuer,
-                  aud: client_id,
-                  required_claims: ["sub", "iss", "aud"]
-                }
-              )
-            rescue JWT::ExpiredSignature
-              return fail_with_header!(error: "invalid_token", error_description: "The access token expired")
-            rescue JWT::ImmatureSignature
-              # happens when nbf time is less than current
-              return fail_with_header!(error: "invalid_token", error_description: "The access token is used too early")
-            rescue JWT::InvalidIssuerError
-              return fail_with_header!(error: "invalid_token", error_description: "The access token issuer is wrong")
-            rescue JWT::InvalidAudError
-              return fail_with_header!(error: "invalid_token", error_description: "The access token audience claim is wrong")
-            end
-
-            user = User.find_by(identity_url: "#{provider.name}:#{verified_payload['sub']}")
-            success!(user) if user
+            ::OpenIDConnect::JwtParser.new(required_claims: ["sub"]).parse(@access_token).either(
+              ->(payload_and_provider) do
+                payload, provider = payload_and_provider
+                user = User.find_by(identity_url: "#{provider.slug}:#{payload['sub']}")
+                success!(user) if user
+              end,
+              ->(error) { fail_with_header!(error: "invalid_token", error_description: error) }
+            )
           end
         end
       end

modules/auth_saml/spec/features/administration/saml_crud_spec.rb

@@ -30,8 +30,7 @@
 require_module_spec_helper
 
 RSpec.describe "SAML administration CRUD",
-               :js,
-               :with_cuprite do
+               :js do
   shared_let(:user) { create(:admin) }
   let(:danger_zone) { DangerZone.new(page) }
 

modules/backlogs/spec/features/backlogs/change_status_spec.rb

@@ -31,7 +31,7 @@
 require "spec_helper"
 require_relative "../../support/pages/backlogs"
 
-RSpec.describe "Backlogs context menu", :js, :with_cuprite do
+RSpec.describe "Backlogs context menu", :js do
   shared_let(:story_type) { create(:type_feature) }
   shared_let(:task_type) { create(:type_task) }
   shared_let(:project) { create(:project, types: [story_type, task_type]) }

modules/backlogs/spec/features/backlogs/context_menu_spec.rb

@@ -31,7 +31,7 @@
 require "spec_helper"
 require_relative "../../support/pages/backlogs"
 
-RSpec.describe "Backlogs context menu", :js, :with_cuprite do
+RSpec.describe "Backlogs context menu", :js do
   shared_let(:story_type) { create(:type_feature) }
   shared_let(:task_type) { create(:type_task) }
   shared_let(:project) { create(:project, types: [story_type, task_type]) }

modules/backlogs/spec/features/backlogs/create_story_spec.rb

@@ -28,7 +28,7 @@
 
 require "spec_helper"
 
-RSpec.describe "Backlogs", :js, :with_cuprite do
+RSpec.describe "Backlogs", :js do
   let(:story_type) do
     create(:type_feature)
   end

modules/backlogs/spec/features/backlogs_in_backlog_view_spec.rb

@@ -30,7 +30,7 @@
 require_relative "../support/pages/backlogs"
 
 RSpec.describe "Backlogs in backlog view", :js,
-               with_cuprite: false do
+               :selenium do
   let!(:project) do
     create(:project,
            types: [story, task],

modules/backlogs/spec/features/empty_backlogs_spec.rb

@@ -29,7 +29,7 @@
 require "spec_helper"
 
 RSpec.describe "Empty backlogs project",
-               :js, :with_cuprite do
+               :js do
   shared_let(:story) { create(:type_feature) }
   shared_let(:task) { create(:type_task) }
   shared_let(:project) { create(:project, types: [story, task], enabled_module_names: %w(backlogs)) }

modules/backlogs/spec/features/impediments_spec.rb

@@ -29,7 +29,7 @@
 require "spec_helper"
 
 RSpec.describe "Impediments on taskboard", :js,
-               with_cuprite: false do
+               :selenium do
   let!(:project) do
     create(:project,
            types: [story, task],

modules/backlogs/spec/features/stories_in_backlog_spec.rb

@@ -30,7 +30,7 @@
 require_relative "../support/pages/backlogs"
 
 RSpec.describe "Stories in backlog", :js,
-               with_cuprite: false do
+               :selenium do
   let!(:project) do
     create(:project,
            types: [story, task, other_story],

modules/backlogs/spec/features/tasks_on_taskboard_spec.rb

@@ -30,7 +30,7 @@
 require_relative "../support/pages/taskboard"
 
 RSpec.describe "Tasks on taskboard", :js,
-               with_cuprite: false do
+               :selenium do
   let!(:project) do
     create(:project,
            types: [story, task, other_story],

modules/backlogs/spec/features/work_packages/story_points_spec.rb

@@ -28,7 +28,7 @@
 
 require "spec_helper"
 
-RSpec.describe "Work packages having story points", :js, :with_cuprite do
+RSpec.describe "Work packages having story points", :js do
   before do
     login_as current_user
     allow(Setting).to receive(:plugin_openproject_backlogs).and_return("points_burn_direction" => "down",

modules/bim/spec/features/bcf/api_authorization_spec.rb

@@ -30,7 +30,6 @@
 
 RSpec.describe "authorization for BCF api",
                :js,
-               :with_cuprite,
                with_config: { edition: "bim" } do
   let!(:user) { create(:admin) }
   let(:client_secret) { app.plaintext_secret }

modules/bim/spec/features/bcf_view_management_spec.rb

@@ -31,7 +31,7 @@
 require_relative "../support/pages/ifc_models/show_default"
 require_relative "../../../../spec/features/views/shared_examples"
 
-RSpec.describe "bcf view management", :js, with_config: { edition: "bim" } do
+RSpec.describe "bcf view management", :js, :selenium, with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:bcf_page) { Pages::IfcModels::ShowDefault.new(project) }
   let(:role) do

modules/bim/spec/features/bim_filter_spec.rb

@@ -31,7 +31,7 @@
 require_relative "../support/pages/ifc_models/show"
 require_relative "../support/pages/ifc_models/show_default"
 
-RSpec.describe "BIM filter spec", :js, with_config: { edition: "bim" } do
+RSpec.describe "BIM filter spec", :js, :selenium, with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %w(bim work_package_tracking)) }
   let(:open_status) { create(:status, is_closed: false) }
   let(:closed_status) { create(:status, is_closed: true) }

modules/bim/spec/features/card_view/bulk_actions_spec.rb

@@ -1,7 +1,7 @@
 require "spec_helper"
 require_relative "../../support/pages/ifc_models/show_default"
 
-RSpec.describe "Copy work packages through Rails view", :js, :with_cuprite, with_config: { edition: "bim" } do
+RSpec.describe "Copy work packages through Rails view", :js, with_config: { edition: "bim" } do
   shared_let(:project) { create(:project, name: "Source", enabled_module_names: %i[bim work_package_tracking]) }
 
   shared_let(:dev) do

modules/bim/spec/features/card_view/context_menu_spec.rb

@@ -2,7 +2,7 @@
 require_relative "../../../../../spec/features/work_packages/table/context_menu/context_menu_shared_examples"
 require_relative "../../support/pages/ifc_models/show_default"
 
-RSpec.describe "Work Package table hierarchy and sorting", :js, :with_cuprite, with_config: { edition: "bim" } do
+RSpec.describe "Work Package table hierarchy and sorting", :js, with_config: { edition: "bim" } do
   shared_let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking costs]) }
 
   let(:wp_table) { Pages::IfcModels::ShowDefault.new(project) }

modules/bim/spec/features/card_view/select_card_spec.rb

@@ -29,7 +29,10 @@
 require "spec_helper"
 require_relative "../../support/pages/ifc_models/show_default"
 
-RSpec.describe "Selecting cards in the card view (regression #31962)", :js, with_config: { edition: "bim" } do
+RSpec.describe "Selecting cards in the card view (regression #31962)",
+               :js,
+               :selenium,
+               with_config: { edition: "bim" } do
   let(:user) { create(:admin) }
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:wp_table) { Pages::IfcModels::ShowDefault.new(project) }

modules/bim/spec/features/card_view/wp_card_status_spec.rb

@@ -29,7 +29,7 @@
 require "spec_helper"
 require_relative "../../support/pages/ifc_models/show_default"
 
-RSpec.describe "Update status from WP card", :js, :with_cuprite, with_config: { edition: "bim" } do
+RSpec.describe "Update status from WP card", :js, with_config: { edition: "bim" } do
   let(:manager_role) do
     create(:project_role, permissions: %i[view_work_packages edit_work_packages view_ifc_models view_linked_issues])
   end

modules/bim/spec/features/display_representations/switch_display_representations_spec.rb

@@ -30,7 +30,9 @@
 require_relative "../../support/pages/ifc_models/show_default"
 
 RSpec.describe "Switching work package view",
-               :js, with_config: { edition: "bim" }, with_ee: %i[conditional_highlighting] do
+               :js,
+               :selenium,
+               with_config: { edition: "bim" }, with_ee: %i[conditional_highlighting] do
   let(:user) { create(:admin) }
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:wp_page) { Pages::IfcModels::ShowDefault.new(project) }

modules/bim/spec/features/ifc_models/direct_ifc_upload_spec.rb

@@ -29,7 +29,10 @@
 require "spec_helper"
 require_relative "ifc_upload_shared_examples"
 
-RSpec.describe "direct IFC upload", :js, with_config: { edition: "bim" }, with_direct_uploads: :redirect do
+RSpec.describe "direct IFC upload",
+               :js,
+               :selenium,
+               with_config: { edition: "bim" }, with_direct_uploads: :redirect do
   it_behaves_like "can upload an IFC file" do
     # with direct upload, we don't get the model name
     let(:model_name) { "model.ifc" }

modules/bim/spec/features/model_management_spec.rb

@@ -30,7 +30,7 @@
 
 require_relative "../support/pages/ifc_models/index"
 
-RSpec.describe "model management", :js, with_config: { edition: "bim" } do
+RSpec.describe "model management", :js, :selenium, with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:index_page) { Pages::IfcModels::Index.new(project) }
   let(:role) { create(:project_role, permissions: %i[view_ifc_models manage_bcf manage_ifc_models view_work_packages]) }

modules/bim/spec/features/model_viewer_spec.rb

@@ -28,7 +28,10 @@
 
 require_relative "../spec_helper"
 
-RSpec.describe "model viewer", :js, with_config: { edition: "bim" } do
+RSpec.describe "model viewer",
+               :js,
+               :selenium,
+               with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   # TODO: Add empty viewpoint and stub method to load viewpoints once defined
   let(:work_package) { create(:work_package, project:) }

modules/bim/spec/features/viewer/create_viewpoint_spec.rb

@@ -28,7 +28,10 @@
 
 require_relative "../../spec_helper"
 
-RSpec.describe "Create viewpoint from BCF details page", :js, with_config: { edition: "bim" } do
+RSpec.describe "Create viewpoint from BCF details page",
+               :js,
+               :selenium,
+               with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:user) { create(:admin) }
 

modules/bim/spec/features/viewer/delete_viewpoint_spec.rb

@@ -28,7 +28,7 @@
 
 require_relative "../../spec_helper"
 
-RSpec.describe "Delete viewpoint in model viewer", :js, with_config: { edition: "bim" } do
+RSpec.describe "Delete viewpoint in model viewer", :js, :selenium, with_config: { edition: "bim" } do
   let(:project) { create(:project, enabled_module_names: %i[bim work_package_tracking]) }
   let(:user) { create(:admin) }
 

modules/boards/spec/features/action_boards/assignee_board_spec.rb

@@ -30,7 +30,9 @@
 require_relative "../support/board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Assignee action board", :js,
+RSpec.describe "Assignee action board",
+               :js,
+               :selenium,
                with_ee: %i[board_view] do
   let(:bobself_user) do
     create(:user,

modules/boards/spec/features/action_boards/custom_field_filters_spec.rb

@@ -30,7 +30,10 @@
 require_relative "../support//board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Custom field filter in boards", :js, with_ee: %i[board_view] do
+RSpec.describe "Custom field filter in boards",
+               :js,
+               :selenium,
+               with_ee: %i[board_view] do
   let(:user) do
     create(:user,
            member_with_roles: { project => role })

modules/boards/spec/features/action_boards/status_board_spec.rb

@@ -30,7 +30,10 @@
 require_relative "../support//board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Status action board", :js, with_ee: %i[board_view] do
+RSpec.describe "Status action board",
+               :js,
+               :selenium,
+               with_ee: %i[board_view] do
   let(:user) do
     create(:user,
            member_with_roles: { project => role })

modules/boards/spec/features/action_boards/status_type_moving_board_spec.rb

@@ -32,6 +32,7 @@
 
 RSpec.describe "Status action board",
                :js,
+               :selenium,
                with_ee: %i[board_view] do
   let(:user) do
     create(:user,

modules/boards/spec/features/action_boards/subproject_board_spec.rb

@@ -30,7 +30,10 @@
 require_relative "../support//board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Subproject action board", :js, with_ee: %i[board_view] do
+RSpec.describe "Subproject action board",
+               :js,
+               :selenium,
+               with_ee: %i[board_view] do
   let(:user) do
     create(:user,
            member_with_roles: { project => role })

modules/boards/spec/features/action_boards/subtasks_board_spec.rb

@@ -30,7 +30,7 @@
 require_relative "../support//board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Subtasks action board", :js, with_ee: %i[board_view] do
+RSpec.describe "Subtasks action board", :js, :selenium, with_ee: %i[board_view] do
   let(:type) { create(:type_standard) }
   let(:project) { create(:project, types: [type], enabled_module_names: %i[work_package_tracking board_view]) }
   let(:role) { create(:project_role, permissions:) }

modules/boards/spec/features/action_boards/version_board_spec.rb

@@ -30,7 +30,10 @@
 require_relative "../support//board_index_page"
 require_relative "../support/board_page"
 
-RSpec.describe "Version action board", :js, with_ee: %i[board_view] do
+RSpec.describe "Version action board",
+               :js,
+               :selenium,
+               with_ee: %i[board_view] do
   let(:user) do
     create(:user, member_with_roles: { project => role, second_project => role })
   end

modules/boards/spec/features/board_enterprise_spec.rb

@@ -30,7 +30,7 @@
 require_relative "support/board_index_page"
 require_relative "support/board_page"
 
-RSpec.describe "Boards enterprise spec", :js, :with_cuprite do
+RSpec.describe "Boards enterprise spec", :js do
   shared_let(:admin) { create(:admin) }
 
   shared_let(:project) { create(:project, enabled_module_names: %i[work_package_tracking board_view]) }