f97fbbb7-3701-4487-b9e0-8756f056f051

Committed 21 Oct 2025 09:38PM UTC coverage: 81.319% (-5.6%) from 86.877%

Build # f97fbbb7-3701-4487-b9e0-8756f056f051

Build Type

push

circleci

Committed by

web-flow

Commit Message

Bump vite from 5.4.20 to 5.4.21 in the npm_and_yarn group across 1 directory (#2062)

Bumps the npm_and_yarn group with 1 update in the / directory:
[vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).

Updates `vite` from 5.4.20 to 5.4.21
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/releases">vite's
releases</a>.</em></p>
<blockquote>
<h2>v5.4.21</h2>
<p>Please refer to <a
href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">CHANGELOG.md</a>
for details.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md">vite's
changelog</a>.</em></p>
<blockquote>
<h2><!-- raw HTML omitted -->5.4.21 (2025-10-20)<!-- raw HTML omitted
--></h2>
<ul>
<li>fix(dev): trim trailing slash before <code>server.fs.deny</code>
check (<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968">#20968</a>)
(<a
href="https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20970">#20970</a>)
(<a
href="https://github.com/vitejs/vite/commit/<a class=hub.com/pulibrary/tigerdata-app/commit/cad1d31d0635dd8fd4ddfe6e5a92eb9ff13cd06c">cad1d31d0<a href="https://github.com/pulibrary/tigerdata-app/commit/ae0dcda34690b8fb46a97623fedcc053b5c5b31d">&quot;&gt;cad1d31&lt;/a&gt;),
closes &lt;a
href=&quot;https://redirect.github.com/vitejs/vite/issues/20968&quot;&gt;#20968&lt;/a&gt;
&lt;a
href=&quot;https://redirect.github.com/vitejs/vite/issues/20970">#20970</a></li>
<li>chore: update CHANGELOG (<a
href="https://github.com/vitejs/vite/commit/<a class="double-link" href="https://github.com/pulibrary/tigerdata-app/commit/ca88ed7398288ce0c60176ac9a6392f10654c67c">ca88ed739</a><a href="https://github.com/pulibrary/tigerdata-app/commit/ae0dcda34690b8fb46a97623fedcc053b5c5b31d">&quot;&gt;ca88ed7&lt;/a&gt;)&lt;/li&gt;
&lt;/ul&gt;
&lt;/blockquote&gt;
&lt;/details&gt;
&lt;details&gt;
&lt;summary&gt;Commits&lt;/summary&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a
href=&quot;https://github.com/vitejs/vite/commit/</a><a class="double-link" href="https://github.com/pulibrary/tigerdata-app/commit/adce3c22c64cc9d44cc8f45cc92b543e3e4bf385">adce3c22c">adce3c2
release: v5.4.21
cad1d31
fix(dev): trim trailing slash before server.fs.deny check
(

Run Details

2490 of 3062 relevant lines covered (81.32%)

190.36 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.57

/app/models/user.rb

# frozen_string_literal: true

require "csv"
class User < ApplicationRecord
  # Include default devise modules. Others available are:
  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
  devise :rememberable, :omniauthable

  has_many :user_requests, dependent: :destroy

  paginates_per 100

  USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")

  attr_accessor :mediaflux_session

  def self.from_cas(access_token)
    user = User.find_by(provider: access_token.provider, uid: access_token.uid)
    if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded
      user.initialize_name_values(access_token.extra)
      user.save
    end
    user
  end

  # Users that can be project sponsors
  def self.sponsor_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_sponsor: true).or(User.where(developer: true))
    else
      User.where(eligible_sponsor: true)
    end
  end

  # Users that can be data managers
  def self.manager_users
    if Rails.env.development? || Rails.env.staging?
      User.where(eligible_manager: true).or(User.where(developer: true))
    else
      User.where(eligible_manager: true)
    end
  end

  def clear_mediaflux_session(session)
    Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")
    @mediaflux_session = nil
    session[:mediaflux_session] = nil
  end

  def mediaflux_from_session(session)
    logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"
    if session[:mediaflux_session].blank?
      logger.debug("!!!! Creating a new session !!! #{uid}")
      session[:mediaflux_session] = SystemUser.mediaflux_session
      session[:active_web_user] = false
    end
    @active_web_user = session[:active_web_user]
    @mediaflux_session = session[:mediaflux_session]
  end

  def mediaflux_login(token, session)
    logger.debug("mediaflux session created for #{uid}")
    logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")
    if logon_request.error?
      raise "Invalid Logon #{logon_request.response_error}"
    end
    @mediaflux_session = logon_request.session_token
    @active_web_user = true
    session[:mediaflux_session] = @mediaflux_session
    session[:active_web_user] = @active_web_user
    logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]}  user: #{uid}"

    User.update_user_roles(user: self)
  end

  def terminate_mediaflux_session
    return if @mediaflux_session.nil? # nothing to terminate
    logger.debug "!!!! Terminating mediaflux session"

    Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body
    @mediaflux_session = nil
  end

  # Initialize the name values from the CAS information.
  # Our name fields do not match their name fields, so we need to translate.
  def initialize_name_values(extra_cas_info)
    self.given_name = extra_cas_info.givenname
    self.family_name =  extra_cas_info.sn
    self.display_name = extra_cas_info.pudisplayname
  end

  # Return the display name if it exists, otherwise return the uid
  # @return [String]
  def display_name_safe
    return uid if display_name.blank?

    "#{display_name} (#{uid})"
  end

  # Is this user eligible to be a data sponsor in this environment?
  # @return [Boolean]
  def eligible_sponsor?
    return true if developer
    super
  end

  # Is this user eligible to be a data manger in this environment?
  # @return [Boolean]
  def eligible_manager?
    return true if developer
    super
  end

  def developer?
    return true if developer
    super
  end

  # Is this user eligible to be a data user in this environment?
  # @return [Boolean]
  def eligible_data_user?
    return true if developer
    return true if !eligible_sponsor? && !eligible_manager
  end

  # Is this user eligible to be a sysadmin in this environment?
  # @return [Boolean]
  def eligible_sysadmin?
    (!Rails.env.production? && (developer || sysadmin)) || (Rails.env.production? && sysadmin)
  end

  def eligible_to_create_new?
    return true if eligible_sysadmin?

    !Rails.env.production? && (eligible_sponsor? && trainer?)
  end

  # Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
  # to calculate what information will be stored in the session and to serialize an object
  # back from the session.
  #
  # By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
  # problems if we repopulate our User table and the IDs change. The implementation provided below
  # uses the User.uid field (which is unique, does not change, and it's required) as the value to
  # store in the session to prevent this issue.
  #
  # References:
  #   https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
  #   https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
  #   https://github.com/wardencommunity/warden/wiki/Setup
  def self.serialize_into_session(record)
    # The return value _must_ have at least two elements since the serialize_from_session() requires
    # two arguments (see below)
    [record.uid, ""]
  end

  def self.serialize_from_session(key, _salt, _opts = {})
    User.where(uid: key)&.first
  end

  # Fetches the most recent download jobs for the user
  def latest_downloads(limit: 10)
    @latest_downloads ||= begin
                            downloads = UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)
                            downloads.map{|download| UserRequestPresenter.new(download)}
                          end
  end

  # Updates the user's roles (sys admin, developer) depending on the information on Mediaflux.
  # This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
  def self.update_user_roles(user:)
    raise "User.update_user_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

    mediaflux_roles = mediaflux_roles(user:)
    update_developer_status(user:, mediaflux_roles:)
    update_sysadmin_status(user:, mediaflux_roles:)
  rescue => ex
    Rails.logger.error("Error updating roles for user (id: #{user.id}) status, error: #{ex.message}")
  end

  # Returns the roles in Mediaflux for the user in the session.
  # This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
  def self.mediaflux_roles(user:)
    raise "User.mediaflux_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?

    request = Mediaflux::ActorSelfDescribeRequest.new(session_token: user.mediaflux_session)
    request.resolve
    request.roles
  end

  private

  def self.update_developer_status(user:, mediaflux_roles:)
    # TODO: Figure out why the role name is different in staging from production:
    #   production:   "pu-smb-group:PU:tigerdata:librarydevelopers"
    #   staging:      "pu-oit-group:PU:tigerdata:librarydevelopers"
    #   development:  "pu-lib:developer"
    #   test:         "system-administrator"
    developer_now = mediaflux_roles.include?("pu-smb-group:PU:tigerdata:librarydevelopers") ||
      mediaflux_roles.include?("pu-oit-group:PU:tigerdata:librarydevelopers") ||
      mediaflux_roles.include?("pu-lib:developer") ||
      mediaflux_roles.include?("system-administrator")
    if user.developer != developer_now
      # Only update the record in the database if there is a change
      Rails.logger.info("Updating developer role for user #{user.id} to #{developer_now}")
      user.developer = developer_now
      user.save!
    end
  end

  def self.update_sysadmin_status(user:, mediaflux_roles:)
    sysadmin_now = mediaflux_roles.include?("system-administrator")
    if user.sysadmin != sysadmin_now
      # Only update the record in the database if there is a change
      Rails.logger.info("Updating sysadmin role for user #{user.id} to #{sysadmin_now}")
      user.sysadmin = sysadmin_now
      user.save!
    end
  end
end

1	# frozen_string_literal: true
2
3	require "csv"	3✔
4	class User < ApplicationRecord	3✔
5	# Include default devise modules. Others available are:
6	# :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
7	devise :rememberable, :omniauthable	3✔
8
9	has_many :user_requests, dependent: :destroy	3✔
10
11	paginates_per 100	3✔
12
13	USER_REGISTRATION_LIST = Rails.root.join("data", "user_registration_list_#{Rails.env}.csv")	3✔
14
15	attr_accessor :mediaflux_session	3✔
16
17	def self.from_cas(access_token)	3✔
18	user = User.find_by(provider: access_token.provider, uid: access_token.uid)	9✔
19	if user.present? && user.given_name.nil? # fix any users that do not have the name information loaded	9✔
20	user.initialize_name_values(access_token.extra)	7✔
21	user.save	7✔
22	end
23	user	9✔
24	end
25
26	# Users that can be project sponsors
27	def self.sponsor_users	3✔
28	if Rails.env.development? \|\| Rails.env.staging?	2✔
29	User.where(eligible_sponsor: true).or(User.where(developer: true))	1✔
30	else
31	User.where(eligible_sponsor: true)	1✔
32	end
33	end
34
35	# Users that can be data managers
36	def self.manager_users	3✔
37	if Rails.env.development? \|\| Rails.env.staging?	×
38	User.where(eligible_manager: true).or(User.where(developer: true))	×
39	else
40	User.where(eligible_manager: true)	×
41	end
42	end
43
44	def clear_mediaflux_session(session)	3✔
45	Rails.logger.debug("!!!!!!! Clearing Mediaflux session !!!!!!!!")	3✔
46	@mediaflux_session = nil	3✔
47	session[:mediaflux_session] = nil	3✔
48	end
49
50	def mediaflux_from_session(session)	3✔
51	logger.debug "Session Get #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	164✔
52	if session[:mediaflux_session].blank?	164✔
53	logger.debug("!!!! Creating a new session !!! #{uid}")	142✔
54	session[:mediaflux_session] = SystemUser.mediaflux_session	142✔
55	session[:active_web_user] = false	140✔
56	end
57	@active_web_user = session[:active_web_user]	162✔
58	@mediaflux_session = session[:mediaflux_session]	162✔
59	end
60
61	def mediaflux_login(token, session)	3✔
62	logger.debug("mediaflux session created for #{uid}")	×
63	logon_request = Mediaflux::LogonRequest.new(identity_token: token, token_type: "cas")	×
64	if logon_request.error?	×
65	raise "Invalid Logon #{logon_request.response_error}"	×
66	end
67	@mediaflux_session = logon_request.session_token	×
68	@active_web_user = true	×
69	session[:mediaflux_session] = @mediaflux_session	×
70	session[:active_web_user] = @active_web_user	×
71	logger.debug "Login Session #{session[:mediaflux_session]} cas: #{session[:active_web_user]} user: #{uid}"	×
72
73	User.update_user_roles(user: self)	×
74	end
75
76	def terminate_mediaflux_session	3✔
77	return if @mediaflux_session.nil? # nothing to terminate	×
78	logger.debug "!!!! Terminating mediaflux session"	×
79
80	Mediaflux::LogoutRequest.new(session_token: @mediaflux_session).response_body	×
81	@mediaflux_session = nil	×
82	end
83
84	# Initialize the name values from the CAS information.
85	# Our name fields do not match their name fields, so we need to translate.
86	def initialize_name_values(extra_cas_info)	3✔
87	self.given_name = extra_cas_info.givenname	7✔
88	self.family_name = extra_cas_info.sn	7✔
89	self.display_name = extra_cas_info.pudisplayname	7✔
90	end
91
92	# Return the display name if it exists, otherwise return the uid
93	# @return [String]
94	def display_name_safe	3✔
95	return uid if display_name.blank?	110✔
96
97	"#{display_name} (#{uid})"	104✔
98	end
99
100	# Is this user eligible to be a data sponsor in this environment?
101	# @return [Boolean]
102	def eligible_sponsor?	3✔
103	return true if developer	14✔
104	super	13✔
105	end
106
107	# Is this user eligible to be a data manger in this environment?
108	# @return [Boolean]
109	def eligible_manager?	3✔
110	return true if developer	4✔
111	super	3✔
112	end
113
114	def developer?	3✔
115	return true if developer	1✔
116	super	×
117	end
118
119	# Is this user eligible to be a data user in this environment?
120	# @return [Boolean]
121	def eligible_data_user?	3✔
122	return true if developer	3✔
123	return true if !eligible_sponsor? && !eligible_manager	3✔
124	end
125
126	# Is this user eligible to be a sysadmin in this environment?
127	# @return [Boolean]
128	def eligible_sysadmin?	3✔
129	(!Rails.env.production? && (developer \|\| sysadmin)) \|\| (Rails.env.production? && sysadmin)	55✔
130	end
131
132	def eligible_to_create_new?	3✔
133	return true if eligible_sysadmin?	6✔
134
135	!Rails.env.production? && (eligible_sponsor? && trainer?)	4✔
136	end
137
138	# Methods serialize_into_session() and serialize_from_session() are called by Warden/Devise
139	# to calculate what information will be stored in the session and to serialize an object
140	# back from the session.
141	#
142	# By default Warden/Devise store the database ID of the record (e.g. User.id) but this causes
143	# problems if we repopulate our User table and the IDs change. The implementation provided below
144	# uses the User.uid field (which is unique, does not change, and it's required) as the value to
145	# store in the session to prevent this issue.
146	#
147	# References:
148	# https://stackoverflow.com/questions/23597718/what-is-the-warden-data-in-a-rails-devise-session-composed-of/23683925#23683925
149	# https://web.archive.org/web/20211028103224/https://tadas-s.github.io/ruby-on-rails/2020/08/02/devise-serialize-into-session-trick/
150	# https://github.com/wardencommunity/warden/wiki/Setup
151	def self.serialize_into_session(record)	3✔
152	# The return value _must_ have at least two elements since the serialize_from_session() requires
153	# two arguments (see below)
154	[record.uid, ""]	150✔
155	end
156
157	def self.serialize_from_session(key, _salt, _opts = {})	3✔
158	User.where(uid: key)&.first	100✔
159	end
160
161	# Fetches the most recent download jobs for the user
162	def latest_downloads(limit: 10)	3✔
163	@latest_downloads \|\|= begin	6✔
164	downloads = UserRequest.where(user_id: id).where(["completion_time > ?", 7.days.ago]).order(created_at: "DESC").limit(limit)	6✔
165	downloads.map{\|download\| UserRequestPresenter.new(download)}	6✔
166	end
167	end
168
169	# Updates the user's roles (sys admin, developer) depending on the information on Mediaflux.
170	# This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
171	def self.update_user_roles(user:)	3✔
172	raise "User.update_user_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?	×
173
174	mediaflux_roles = mediaflux_roles(user:)	×
175	update_developer_status(user:, mediaflux_roles:)	×
176	update_sysadmin_status(user:, mediaflux_roles:)	×
177	rescue => ex
178	Rails.logger.error("Error updating roles for user (id: #{user.id}) status, error: #{ex.message}")	×
179	end
180
181	# Returns the roles in Mediaflux for the user in the session.
182	# This method is meant to be used only for the current logged in user since the roles depend on the Mediaflux session.
183	def self.mediaflux_roles(user:)	3✔
184	raise "User.mediaflux_roles called with for a user without a Mediaflux session" if user.mediaflux_session.nil?	2✔
185
186	request = Mediaflux::ActorSelfDescribeRequest.new(session_token: user.mediaflux_session)	2✔
187	request.resolve	2✔
188	request.roles	2✔
189	end
190
191	private	3✔
192
193	def self.update_developer_status(user:, mediaflux_roles:)	3✔
194	# TODO: Figure out why the role name is different in staging from production:
195	# production: "pu-smb-group:PU:tigerdata:librarydevelopers"
196	# staging: "pu-oit-group:PU:tigerdata:librarydevelopers"
197	# development: "pu-lib:developer"
198	# test: "system-administrator"
199	developer_now = mediaflux_roles.include?("pu-smb-group:PU:tigerdata:librarydevelopers") \|\|	×
200	mediaflux_roles.include?("pu-oit-group:PU:tigerdata:librarydevelopers") \|\|
201	mediaflux_roles.include?("pu-lib:developer") \|\|
202	mediaflux_roles.include?("system-administrator")
203	if user.developer != developer_now	×
204	# Only update the record in the database if there is a change
205	Rails.logger.info("Updating developer role for user #{user.id} to #{developer_now}")	×
206	user.developer = developer_now	×
207	user.save!	×
208	end
209	end
210
211	def self.update_sysadmin_status(user:, mediaflux_roles:)	3✔
212	sysadmin_now = mediaflux_roles.include?("system-administrator")	×
213	if user.sysadmin != sysadmin_now	×
214	# Only update the record in the database if there is a change
215	Rails.logger.info("Updating sysadmin role for user #{user.id} to #{sysadmin_now}")	×
216	user.sysadmin = sysadmin_now	×
217	user.save!	×
218	end
219	end
220	end

pulibrary / tigerdata-app / f97fbbb7-3701-4487-b9e0-8756f056f051

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous