Merge branch 'master' of ood:OSC/ondemand into files-busy-signal

CHANGELOG.md

@@ -8,7 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 
 ### Added
-- BatchConnect form labels can now be made dynamic with data-label-* in [3498](https://github.com/OSC/ondemand/pull/3498).
+- BatchConnect form labels can now be made dynamic with data-label-* in [3598](https://github.com/OSC/ondemand/pull/3598).
 - BatchConnect form auto_modules directive can now filter by string or regex in [3574](https://github.com/OSC/ondemand/pull/3574).
 - Saved settings widget in [#3545](https://github.com/OSC/ondemand/pull/3545).
 - BatchConnect cards can now edit and relaunch the session in [3358](https://github.com/OSC/ondemand/pull/3358).
@@ -96,6 +96,36 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   [3627](https://github.com/OSC/ondemand/pull/3627).  This prevents
   the leaking of sensitive environment variables to the job when `copy_environment`
   is used.
+- The shell app now has several configurations to stop or extend ssh sessions. This is
+  a security issue becuase an ssh session can remain open long after the authentication
+  system has ended that session. I.e., it can go on forever. So, the shell app now
+  disables ping pong by default and has configurations for how long sessions can
+  exist with and without activity in [3810](https://github.com/OSC/ondemand/pull/3815)
+  and [3805](https://github.com/OSC/ondemand/pull/3805).
+
+## [3.1.10] - 11-07-2024
+
+### Fixed
+
+- Fixed Ubuntu 24.04 packaging issue in [3936](https://github.com/OSC/ondemand/pull/3936).
+- MOTD in `md.erb` format should also respond to sanitize_html in [3876](https://github.com/OSC/ondemand/pull/3876).
+
+## [3.1.9] - 10-08-2024
+
+### Fixed
+
+- Support for higher versions of httpd in [3779](https://github.com/OSC/ondemand/pull/3779) and [3852](https://github.com/OSC/ondemand/pull/3852).
+- `ood_auth_map` now accounts for more than just characters in [3779](https://github.com/OSC/ondemand/pull/3779).
+- Uploads always succeed even when the chown operation afterwards fails in [3861](https://github.com/OSC/ondemand/pull/3861).
+- The ood_portal.conf now accounts for /dex (dex_uri) when enabling maintenance mode in [3779](https://github.com/OSC/ondemand/pull/3779).
+
+### Security
+
+- The shell app now has several configurations to stop or extend ssh sessions. This is
+  a security issue becuase an ssh session can remain open long after the authentication
+  system has ended that session. I.e., it can go on forever. So, the shell app now
+  disables ping pong by default and has configurations for how long sessions can
+  exist with and without activity in [3815](https://github.com/OSC/ondemand/pull/3815).
 
 ## [3.1.7] - 06-25-2024
 
@@ -1443,6 +1473,8 @@ Similar changelog as [3.0.0]. This version was not released to the general publi
 - From 1.3.7 - 1.4.2 updated app versions
 
 [Unreleased]: https://github.com/OSC/ondemand/compare/v3.1.0...HEAD
+[3.1.10]: https://github.com/OSC/ondemand/compare/v3.1.9...v3.1.10
+[3.1.9]: https://github.com/OSC/ondemand/compare/v3.1.7...v3.1.9
 [3.1.7]: https://github.com/OSC/ondemand/compare/v3.1.4...v3.1.7
 [3.1.4]: https://github.com/OSC/ondemand/compare/v3.1.1...v3.1.4
 [3.1.1]: https://github.com/OSC/ondemand/compare/v3.1.0...v3.1.1

apps/dashboard/config/configuration_singleton.rb

@@ -1,5 +1,6 @@
 require 'pathname'
 require 'dotenv'
+require_relative '../lib/current_user'
 
 # Dashboard app specific configuration singleton definition
 # following the first proposal in:
@@ -391,17 +392,17 @@ def ood_bc_card_time
   # Returns the number of milliseconds to wait between calls to the system status page
   # The default is 30s and the minimum is 10s.
   def status_poll_delay
-    status_poll_delay = ENV['STATUS_POLL_DELAY']
-    status_poll_delay_int = status_poll_delay.nil? ? config.fetch(:status_delay, '30000').to_i : status_poll_delay.to_i
+    status_poll_delay = ENV['OOD_STATUS_POLL_DELAY']
+    status_poll_delay_int = status_poll_delay.nil? ? config.fetch(:status_poll_delay, '30000').to_i : status_poll_delay.to_i
     status_poll_delay_int < 10_000 ? 10_000 : status_poll_delay_int
   end
 
   # Returns the number of milliseconds to wait between calls to the BatchConnect Sessions resource
   # to update the sessions card information.
   # The default and minimum value is 10s = 10_000
   def bc_sessions_poll_delay
-    bc_poll_delay = ENV['POLL_DELAY']
-    bc_poll_delay_int = bc_poll_delay.nil? ? config.fetch(:sessions_poll_delay, '10000').to_i : bc_poll_delay.to_i
+    bc_poll_delay = ENV['OOD_BC_SESSIONS_POLL_DELAY'] || ENV['POLL_DELAY']
+    bc_poll_delay_int = bc_poll_delay.nil? ? config.fetch(:bc_sessions_poll_delay, '10000').to_i : bc_poll_delay.to_i
     bc_poll_delay_int < 10_000 ? 10_000 : bc_poll_delay_int
   end
 
@@ -435,7 +436,10 @@ def can_access_core_app?(name)
 
   def read_config
     files = Pathname.glob(config_directory.join("*.{yml,yaml,yml.erb,yaml.erb}"))
-    files.sort.each_with_object({}) do |f, conf|
+    files.sort.select do |f|
+      # only resond to root owned files in production.
+      rails_env == 'production' ? File.stat(f).uid.zero? : true
+    end.each_with_object({}) do |f, conf|
       begin
         content = ERB.new(f.read, trim_mode: "-").result(binding)
         yml = YAML.safe_load(content, aliases: true) || {}

apps/dashboard/lib/current_user.rb

@@ -1,5 +1,9 @@
 # frozen_string_literal: true
 
+require 'etc'
+require 'singleton'
+require 'active_support/core_ext/module/delegation'
+
 # The CurrentUser class represents the current user on the system from Etc.
 # It has a name, a home directory, gid, uid and so on.
 #

apps/dashboard/test/config/configuration_singleton_test.rb

@@ -510,7 +510,7 @@ def no_config_env
   test 'bc_sessions_poll_delay reads from config' do
     Dir.mktmpdir do |dir|
       with_modified_env({ OOD_CONFIG_D_DIRECTORY: dir.to_s }) do
-        sessions_config = { 'sessions_poll_delay' => '99999' }
+        sessions_config = { 'bc_sessions_poll_delay' => '99999' }
         File.open("#{dir}/sessions_config.yml", 'w+') { |f| f.write(sessions_config.to_yaml) }
 
         assert_equal(99_999, ConfigurationSingleton.new.bc_sessions_poll_delay)
@@ -523,4 +523,16 @@ def no_config_env
       assert_equal(10_000, ConfigurationSingleton.new.bc_sessions_poll_delay)
     end
   end
+
+  test "bc_sessions_poll_delay respnods to new environment variable" do
+    with_modified_env('OOD_BC_SESSIONS_POLL_DELAY': '30000') do
+      assert_equal(30_000, ConfigurationSingleton.new.bc_sessions_poll_delay)
+    end
+  end
+
+  test "bc_sessions_poll_delay's new variable has precedence over the old" do
+    with_modified_env('OOD_BC_SESSIONS_POLL_DELAY': '30000', POLL_DELAY: '40000') do
+      assert_equal(30_000, ConfigurationSingleton.new.bc_sessions_poll_delay)
+    end
+  end
 end