lsa-mis · rsmoke · Mar 10, 2025 · Feb 19, 2025 · Feb 20, 2025 · Feb 20, 2025
@@ -59,3 +59,6 @@
   - Protect against common web vulnerabilities (XSS, CSRF, SQL injection).
 
   Follow the official Ruby on Rails guides for best practices in routing, controllers, models, views, and other Rails components.
+
+I approach code architecture through domain modeling first.
+I am a visual learner, I find analogies particularly helpful.
@@ -1,2 +1,91 @@
-@rsmoke
+# CODEOWNERS file for lsa_evaluate
+# Each line is a file pattern followed by one or more owners.
+# Order is important; the last matching pattern takes precedence.
+
+# Default owners for everything in the repo
+* @rsmoke
+
+#################################################
+# Repository Configuration
+#################################################
+
+# GitHub specific files and workflows
 /.github/ @rsmoke
+
+# Configuration files
+/config/ @rsmoke
+/.ruby-version @rsmoke
+/.tool-versions @rsmoke
+/.rubocop.yml @rsmoke
+/.rspec @rsmoke
+/.gitattributes @rsmoke
+/.gitignore @rsmoke
+/.babelrc @rsmoke
+/jest.config.js @rsmoke
+/Capfile @rsmoke
+/Procfile.dev @rsmoke
+/Rakefile @rsmoke
+/config.ru @rsmoke
+
+# Dependency management
+/Gemfile @rsmoke
+/Gemfile.lock @rsmoke
+/package.json @rsmoke
+/yarn.lock @rsmoke
+
+#################################################
+# Application Code
+#################################################
+
+# Core application code
+/app/ @rsmoke
+
+# MVC Components
+/app/models/ @rsmoke
+/app/views/ @rsmoke
+/app/controllers/ @rsmoke
+
+# Frontend assets
+/app/assets/ @rsmoke
+/app/javascript/ @rsmoke
+
+# Additional application components
+/app/helpers/ @rsmoke
+/app/mailers/ @rsmoke
+/app/jobs/ @rsmoke
+/app/channels/ @rsmoke
+/app/policies/ @rsmoke
+/app/services/ @rsmoke
+/app/forms/ @rsmoke
+/app/inputs/ @rsmoke
+
+# Database related files
+/db/ @rsmoke
+
+# Library code
+/lib/ @rsmoke
+/lib/tasks/ @rsmoke
+/lib/capistrano/ @rsmoke
+
+#################################################
+# Testing and Documentation
+#################################################
+
+# Test files
+/spec/ @rsmoke
+
+# Documentation
+*.md @rsmoke
+/LICENSE @rsmoke
+
+#################################################
+# Public and Binary Files
+#################################################
+
+# Public files
+/public/ @rsmoke
+
+# Binary and storage directories
+/bin/ @rsmoke
+/vendor/ @rsmoke
+/storage/ @rsmoke
@@ -268,9 +268,9 @@ GEM
       net-protocol
     net-ssh (7.2.3)
     nio4r (2.7.3)
-    nokogiri (1.17.1-arm64-darwin)
+    nokogiri (1.18.3-arm64-darwin)
       racc (~> 1.4)
-    nokogiri (1.17.1-x86_64-linux)
+    nokogiri (1.18.3-x86_64-linux-gnu)
       racc (~> 1.4)
     omniauth (2.1.2)
       hashie (>= 3.4.6)

@@ -4,8 +4,10 @@ module Users
   # The `OmniauthCallbacksController` class is responsible for handling callbacks from OmniAuth providers.
   # It inherits from the `Devise::OmniauthCallbacksController` class, which is provided by the Devise gem.
   class OmniauthCallbacksController < Devise::OmniauthCallbacksController
-    skip_before_action :verify_authenticity_token, only: :saml
+    # Instead of disabling CSRF protection, we'll configure it to work with SAML
+    protect_from_forgery with: :exception, except: :saml
     before_action :set_user, only: :saml
+
     attr_reader :user, :service
 
     def saml

@@ -18,7 +18,7 @@ def render_editable_content(page, section)
       safe_join([ content_html, edit_link ], ' ').html_safe
     else
       # If the user doesn't have the role, just render the content
-      content_html.html_safe
+      html_escape(content_html)
     end
   end
 

@@ -46,6 +46,34 @@
                     </div>
                   </div>
 
+                  <div class="row mb-2">
+                    <div class="col">
+                      <strong class="me-3">Minimum entries to be evaluated per judge:</strong>
+                      <%= round.required_entries_count %>
+                    </div>
+                  </div>
+
+                  <div class="row flex justify-content-space-around mb-2">
+                      <strong>Comment requirements:</strong>
+                      <div class="col-4">
+                        <p class="ms-3 small">Internal:</strong>
+                          <%= round.require_internal_comments ? 'Required' : 'Optional' %>
+                          <% if round.require_internal_comments && round.min_internal_comment_words > 0 %>
+                            (minimum <%= pluralize(round.min_internal_comment_words, 'word') %>)
+                          <% end %>
+                        </p>
+                      </div>
+                      <div class="col-4">
+                        <p class="ms-3 small">External:</strong>
+                          <%= round.require_external_comments ? 'Required' : 'Optional' %>
+                          <% if round.require_external_comments && round.min_external_comment_words > 0 %>
+                            (minimum <%= pluralize(round.min_external_comment_words, 'word') %>)
+                          <% end %>
+                        </p>
+                      </div>
+                    </div>
+                  </div>
+
                   <% if round.special_instructions.present? %>
                     <div class="row">
                       <div class="col">

@@ -60,6 +60,36 @@
                 </div>
               </div>
 
+              <div class="row mb-2">
+                <div class="col">
+                  <strong class="me-3">Minimum entries to be evaluated per judge:</strong>
+                  <%= round.required_entries_count %>
+                </div>
+              </div>
+
+              <div class="row flex justify-content-space-around">
+                <strong>Comment requirements:</strong>
+                <div class="col-4">
+                  <p class="ms-3 small">Internal:</strong>
+                    <%= round.require_internal_comments ? 'Required' : 'Optional' %>
+                    <% if round.require_internal_comments && round.min_internal_comment_words > 0 %>
+                      (minimum <%= pluralize(round.min_internal_comment_words, 'word') %>)
+                    <% end %>
+                  </p>
+                </div>
+                <div class="col-4">
+                  <p class="ms-3 small">External:</strong>
+                    <%= round.require_external_comments ? 'Required' : 'Optional' %>
+                    <% if round.require_external_comments && round.min_external_comment_words > 0 %>
+                      (minimum <%= pluralize(round.min_external_comment_words, 'word') %>)
+                    <% end %>
+                  </p>
+                </div>
+              </div>
+
+
+
+
               <div class="row">
                 <div class="col">
                   <div class="d-flex gap-2 flex-wrap">

@@ -33,7 +33,7 @@
           <p><strong>End Date for judging round:</strong> <%= format_datetime(@judging_round.end_date) %></p>
         </div>
         <div class="col-md-6">
-          <h5>Comment Requirements</h4>
+          <h5>Comment Requirements</h5>
           <p>
             <strong>Internal Comments:</strong>
             <%= @judging_round.require_internal_comments ? 'Required' : 'Optional' %>

@@ -29,6 +29,11 @@ class Application < Rails::Application # rubocop:disable Style/Documentation
     config.time_zone = 'Eastern Time (US & Canada)'
     config.active_record.default_timezone = :utc
     config.exceptions_app = self.routes
+
+    # Configure CSRF protection to work with OmniAuth SAML
+    # This allows SAML callbacks to work properly without disabling CSRF protection
+    config.action_controller.forgery_protection_origin_check = false
+
     # Configuration for the application, engines, and railties goes here.
     #
     # These settings can be overridden in specific environments using the files

@@ -0,0 +1,37 @@
+# frozen_string_literal: true
+
+# Configure OmniAuth to work properly with CSRF protection
+# This is needed because the omniauth-rails_csrf_protection gem requires
+# proper configuration to work with SAML callbacks
+
+# Set the full_host for OmniAuth to ensure proper callback URLs
+OmniAuth.config.full_host = lambda do |env|
+  scheme = env['rack.url_scheme']
+  host = env['HTTP_HOST'] || env['SERVER_NAME'] || env['SERVER_ADDR']
+  port = env['SERVER_PORT']
+
+  port = nil if (scheme == 'https' && port == '443') || (scheme == 'http' && port == '80')
+
+  if port
+    "#{scheme}://#{host}:#{port}"
+  else
+    "#{scheme}://#{host}"
+  end
+end
+
+# Configure OmniAuth to use a custom request phase for SAML
+# This helps with CSRF protection while still allowing SAML callbacks to work
+OmniAuth.config.request_validation_phase = lambda do |env|
+  # Skip CSRF validation for SAML callbacks
+  if env['PATH_INFO'] =~ %r{/auth/saml/callback}
+    # Still perform other validations if needed
+    # But skip CSRF token validation
+  else
+    # For all other OmniAuth paths, use the default CSRF protection
+    OmniAuth::RailsCsrfProtection::TokenVerifier.new.call(env)
+  end
+end
+
+# Set a custom path prefix for OmniAuth
+# This is optional but can be useful for routing
+OmniAuth.config.path_prefix = '/users/auth'
@@ -1,3 +1,5 @@
----
-# The authentication token for the application.
-authentication: <%= Rails.application.credentials.dig(:skylight, :authentication) %>
+deploy:
+  id: <%= ENV["HATCHBOX_RELEASE"] %>
+  git_sha: <%= ENV["HATCHBOX_REVISION"] %>
+  # The deploy description is optional.
+  description: "Deployed <%= ENV["HATCHBOX_REVISION"] %> on <%= Rails.env %>"
@@ -2001,9 +2001,9 @@ domexception@^4.0.0:
     webidl-conversions "^7.0.0"
 
 dompurify@^3.2.3:
-  version "3.2.3"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.3.tgz#05dd2175225324daabfca6603055a09b2382a4cd"
-  integrity sha512-U1U5Hzc2MO0oW3DF+G9qYN0aT7atAou4AgI0XjWz061nyBPbdxkfdhfy5uMgGn6+oLFCfn44ZGbdDqCzVmlOWA==
+  version "3.2.4"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.4.tgz#af5a5a11407524431456cf18836c55d13441cd8e"
+  integrity sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==
   optionalDependencies:
     "@types/trusted-types" "^2.0.7"