From 81d7ec215c2cc38d0c2b953554e4c7183312dab1 Mon Sep 17 00:00:00 2001 From: Nursoltan Saipolda Date: Mon, 18 Jul 2022 15:35:30 +0800 Subject: [PATCH 1/6] add http security headers --- server.js | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/server.js b/server.js index 9b7653a5..7aa29253 100644 --- a/server.js +++ b/server.js @@ -16,6 +16,16 @@ function check () { return true } app.use(healthCheck.middleware([check])) +app.use((req, res, next) => { + res.header('Referrer-Policy', 'strict-origin-when-cross-origin'); + res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()'); + res.header('X-Content-Type-Options', 'nosniff'); + res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload'); + res.header('Cache-control', 'public, max-age=0'); + res.header('Pragma', 'no-cache'); + + next(); +}); // app.use(requireHTTPS) // removed because app servers don't handle https // app.use(express.static(__dirname)) app.use(express.static(path.join(__dirname, 'build'))) From 5d4ab00c01f1cdb35d9b746a3baa7d83f5976949 Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Sun, 24 Jul 2022 13:12:55 -0500 Subject: [PATCH 2/6] Add billing account start / end date to project page --- .circleci/config.yml | 2 +- .../ChallengeList/ChallengeList.module.scss | 8 ++++ .../ChallengeList/index.js | 39 +++++++++++++++---- src/components/ChallengesComponent/index.js | 12 ++++++ src/containers/Challenges/index.js | 16 ++++++++ src/reducers/projects.js | 34 ++++++++++++++-- 6 files changed, 99 insertions(+), 12 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ca26190c..34055c86 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -150,7 +150,7 @@ workflows: context : org-global filters: &filters-dev branches: - only: ['develop', 'jira-vuln-2333'] + only: ['develop', 'jira-vuln-2333', 'justin-fixes'] # Production builds are exectuted only on tagged commits to the # master branch. diff --git a/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss b/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss index f891e5fa..98b118bb 100644 --- a/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss +++ b/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss @@ -20,6 +20,14 @@ padding-bottom: 10px; } } + + .title { + font-weight: bold; + } + .error { + font-weight: bold; + color: #BE405E; + } } .header { diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js index 88634a4a..b830cde0 100644 --- a/src/components/ChallengesComponent/ChallengeList/index.js +++ b/src/components/ChallengesComponent/ChallengeList/index.js @@ -125,6 +125,10 @@ class ChallengeList extends Component { partiallyUpdateChallengeDetails, deleteChallenge, isBillingAccountExpired, + billingStartDate, + billingEndDate, + isBillingAccountLoadingFailed, + isBillingAccountLoading, selfService } = this.props if (warnMessage) { @@ -172,14 +176,29 @@ class ChallengeList extends Component { return (
- this.updateSearchParam(e.target.value, status)} - value={searchText} - /> + {!isBillingAccountLoading && !isBillingAccountLoadingFailed && !isBillingAccountExpired && ( +
+ Billing Account: {status} Start Date {billingStartDate} End Date {billingEndDate} +
+ )} + {!isBillingAccountLoading && !isBillingAccountLoadingFailed && isBillingAccountExpired && ( +
+ Billing Account: INACTIVE Start Date {billingStartDate} End Date {billingEndDate} +
+ )} + {!isBillingAccountLoading && isBillingAccountLoadingFailed && ( +
Billing Account failed to load
+ )} +
+ this.updateSearchParam(e.target.value, status)} + value={searchText} + /> +
{activeProject && ( { @@ -78,6 +82,10 @@ const ChallengesComponent = ({ partiallyUpdateChallengeDetails={partiallyUpdateChallengeDetails} deleteChallenge={deleteChallenge} isBillingAccountExpired={isBillingAccountExpired} + billingStartDate={billingStartDate} + billingEndDate={billingEndDate} + isBillingAccountLoadingFailed={isBillingAccountLoadingFailed} + isBillingAccountLoading={isBillingAccountLoading} selfService={selfService} auth={auth} /> @@ -106,6 +114,10 @@ ChallengesComponent.propTypes = { partiallyUpdateChallengeDetails: PropTypes.func.isRequired, deleteChallenge: PropTypes.func.isRequired, isBillingAccountExpired: PropTypes.bool, + billingStartDate: PropTypes.string, + billingEndDate: PropTypes.string, + isBillingAccountLoadingFailed: PropTypes.bool, + isBillingAccountLoading: PropTypes.bool, selfService: PropTypes.bool, auth: PropTypes.object.isRequired } diff --git a/src/containers/Challenges/index.js b/src/containers/Challenges/index.js index 60046ab1..f4b97591 100644 --- a/src/containers/Challenges/index.js +++ b/src/containers/Challenges/index.js @@ -87,6 +87,10 @@ class Challenges extends Component { partiallyUpdateChallengeDetails, deleteChallenge, isBillingAccountExpired, + billingStartDate, + billingEndDate, + isBillingAccountLoadingFailed, + isBillingAccountLoading, selfService, auth } = this.props @@ -155,6 +159,10 @@ class Challenges extends Component { partiallyUpdateChallengeDetails={partiallyUpdateChallengeDetails} deleteChallenge={deleteChallenge} isBillingAccountExpired={isBillingAccountExpired} + billingStartDate={billingStartDate} + billingEndDate={billingEndDate} + isBillingAccountLoadingFailed={isBillingAccountLoadingFailed} + isBillingAccountLoading={isBillingAccountLoading} selfService={selfService} auth={auth} /> @@ -186,6 +194,10 @@ Challenges.propTypes = { partiallyUpdateChallengeDetails: PropTypes.func.isRequired, deleteChallenge: PropTypes.func.isRequired, isBillingAccountExpired: PropTypes.bool, + billingStartDate: PropTypes.string, + billingEndDate: PropTypes.string, + isBillingAccountLoadingFailed: PropTypes.bool, + isBillingAccountLoading: PropTypes.bool, selfService: PropTypes.bool, auth: PropTypes.object.isRequired } @@ -197,6 +209,10 @@ const mapStateToProps = ({ challenges, sidebar, projects, auth }) => ({ projects: sidebar.projects, projectDetail: projects.projectDetail, isBillingAccountExpired: projects.isBillingAccountExpired, + billingStartDate: projects.billingStartDate, + billingEndDate: projects.billingEndDate, + isBillingAccountLoadingFailed: projects.isBillingAccountLoadingFailed, + isBillingAccountLoading: projects.isBillingAccountLoading, auth: auth }) diff --git a/src/reducers/projects.js b/src/reducers/projects.js index 464ef784..5bf67b96 100644 --- a/src/reducers/projects.js +++ b/src/reducers/projects.js @@ -13,12 +13,32 @@ import { LOAD_PROJECT_PHASES_PENDING, LOAD_PROJECT_PHASES_SUCCESS } from '../config/constants' +import moment from 'moment-timezone' + +/** + * checks if billing is expired or not + * @param {boolean} active if billing account is active or not + * @param {string} endDate the end date + * @returns if billing expired or not + */ +const checkBillingExpired = (active, endDate) => { + if (active) { + if (moment().isBefore(endDate)) { + return false + } + return true + } + return true +} const initialState = { isLoading: false, projectDetail: {}, isBillingAccountExpired: false, isBillingAccountLoading: false, + isBillingAccountLoadingFailed: false, + billingStartDate: null, + billingEndDate: null, isPhasesLoading: false, phases: [] } @@ -42,19 +62,27 @@ export default function (state = initialState, action) { return { ...state, isBillingAccountLoading: true, - isBillingAccountExpired: false + isBillingAccountExpired: false, + billingStartDate: '', + billingEndDate: '' } case LOAD_PROJECT_BILLING_ACCOUNT_SUCCESS: return { ...state, isBillingAccountLoading: false, - isBillingAccountExpired: !action.payload.active + isBillingAccountExpired: checkBillingExpired(action.payload.active, action.payload.endDate), + billingStartDate: action.payload.startDate, + billingEndDate: action.payload.endDate, + isBillingAccountLoadingFailed: false } case LOAD_PROJECT_BILLING_ACCOUNT_FAILURE: return { ...state, isBillingAccountLoading: false, - isBillingAccountExpired: false + isBillingAccountExpired: false, + billingStartDate: '', + billingEndDate: '', + isBillingAccountLoadingFailed: true } case LOAD_PROJECT_PHASES_PENDING: return { From ed16b1aed4b4a9e7bf8e0725e16dfacfe5236f31 Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 28 Jul 2022 07:32:54 -0500 Subject: [PATCH 3/6] Fix double API call for billing account and billing account look and feel --- .../ChallengeList/ChallengeList.module.scss | 6 ++++++ src/components/ChallengesComponent/ChallengeList/index.js | 4 ++-- src/containers/Challenges/index.js | 6 +++++- src/reducers/projects.js | 5 +++-- 4 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss b/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss index 98b118bb..428e1229 100644 --- a/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss +++ b/src/components/ChallengesComponent/ChallengeList/ChallengeList.module.scss @@ -28,6 +28,12 @@ font-weight: bold; color: #BE405E; } + .active { + color: #008000; + } + .inactive { + color: #BE405E; + } } .header { diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js index b830cde0..12864f68 100644 --- a/src/components/ChallengesComponent/ChallengeList/index.js +++ b/src/components/ChallengesComponent/ChallengeList/index.js @@ -178,12 +178,12 @@ class ChallengeList extends Component {
{!isBillingAccountLoading && !isBillingAccountLoadingFailed && !isBillingAccountExpired && (
- Billing Account: {status} Start Date {billingStartDate} End Date {billingEndDate} + Billing Account: {status} Start Date: {billingStartDate} End Date: {billingEndDate}
)} {!isBillingAccountLoading && !isBillingAccountLoadingFailed && isBillingAccountExpired && (
- Billing Account: INACTIVE Start Date {billingStartDate} End Date {billingEndDate} + Billing Account: INACTIVE Start Date: {billingStartDate} End Date: {billingEndDate}
)} {!isBillingAccountLoading && isBillingAccountLoadingFailed && ( diff --git a/src/containers/Challenges/index.js b/src/containers/Challenges/index.js index f4b97591..6a12f204 100644 --- a/src/containers/Challenges/index.js +++ b/src/containers/Challenges/index.js @@ -34,6 +34,7 @@ class Challenges extends Component { resetSidebarActiveParams() } else if (projectId || selfService) { if (projectId) { + window.localStorage.setItem('projectLoading', 'true') this.props.loadProject(projectId) } this.reloadChallenges(this.props) @@ -51,9 +52,12 @@ class Challenges extends Component { if (activeProjectId !== challengeProjectId || selfService) { const isAdmin = checkAdmin(this.props.auth.token) this.props.loadChallengesByPage(1, projectId ? parseInt(projectId) : -1, CHALLENGE_STATUS.ACTIVE, '', selfService, isAdmin ? null : this.props.auth.user.handle) - if (!selfService && (!reduxProjectInfo || `${reduxProjectInfo.id}` !== projectId) + const projectLoading = window.localStorage.getItem('projectLoading') !== null + if (!selfService && (!reduxProjectInfo || `${reduxProjectInfo.id}` !== projectId) && !projectLoading ) { loadProject(projectId) + } else { + window.localStorage.removeItem('projectLoading') } } } diff --git a/src/reducers/projects.js b/src/reducers/projects.js index 5bf67b96..bc3d04e5 100644 --- a/src/reducers/projects.js +++ b/src/reducers/projects.js @@ -30,6 +30,7 @@ const checkBillingExpired = (active, endDate) => { } return true } +const dateFormat = 'MMM DD, YYYY' const initialState = { isLoading: false, @@ -71,8 +72,8 @@ export default function (state = initialState, action) { ...state, isBillingAccountLoading: false, isBillingAccountExpired: checkBillingExpired(action.payload.active, action.payload.endDate), - billingStartDate: action.payload.startDate, - billingEndDate: action.payload.endDate, + billingStartDate: moment(action.payload.startDate).format(dateFormat), + billingEndDate: moment(action.payload.endDate).format(dateFormat), isBillingAccountLoadingFailed: false } case LOAD_PROJECT_BILLING_ACCOUNT_FAILURE: From ad14db501f96db8ea4109ad967340556e8d0c70b Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 28 Jul 2022 07:54:12 -0500 Subject: [PATCH 4/6] Update look and feel slightly for billing account --- src/components/ChallengesComponent/ChallengeList/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js index 12864f68..3400294e 100644 --- a/src/components/ChallengesComponent/ChallengeList/index.js +++ b/src/components/ChallengesComponent/ChallengeList/index.js @@ -178,12 +178,12 @@ class ChallengeList extends Component {
{!isBillingAccountLoading && !isBillingAccountLoadingFailed && !isBillingAccountExpired && (
- Billing Account: {status} Start Date: {billingStartDate} End Date: {billingEndDate} + Billing Account: {status}   Start Date: {billingStartDate}   End Date: {billingEndDate}
)} {!isBillingAccountLoading && !isBillingAccountLoadingFailed && isBillingAccountExpired && (
- Billing Account: INACTIVE Start Date: {billingStartDate} End Date: {billingEndDate} + Billing Account: INACTIVE   Start Date: {billingStartDate}   End Date: {billingEndDate}
)} {!isBillingAccountLoading && isBillingAccountLoadingFailed && ( From 7adb12192fd205a12a68dda69a6d9ddfc0832ffa Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 28 Jul 2022 08:15:53 -0500 Subject: [PATCH 5/6] One more UI tweak to billing account details display --- src/components/ChallengesComponent/ChallengeList/index.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js index 3400294e..b964809a 100644 --- a/src/components/ChallengesComponent/ChallengeList/index.js +++ b/src/components/ChallengesComponent/ChallengeList/index.js @@ -178,12 +178,12 @@ class ChallengeList extends Component {
{!isBillingAccountLoading && !isBillingAccountLoadingFailed && !isBillingAccountExpired && (
- Billing Account: {status}   Start Date: {billingStartDate}   End Date: {billingEndDate} + Billing Account: {status}   Start Date: {billingStartDate}   End Date: {billingEndDate}
)} {!isBillingAccountLoading && !isBillingAccountLoadingFailed && isBillingAccountExpired && (
- Billing Account: INACTIVE   Start Date: {billingStartDate}   End Date: {billingEndDate} + Billing Account: INACTIVE   Start Date:End Date: {billingEndDate}
)} {!isBillingAccountLoading && isBillingAccountLoadingFailed && ( From dfc8de19a8d16f7591c0cfe4df386bd7640ad75d Mon Sep 17 00:00:00 2001 From: Justin Gasper Date: Thu, 28 Jul 2022 08:26:16 -0500 Subject: [PATCH 6/6] Fix typo --- src/components/ChallengesComponent/ChallengeList/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/components/ChallengesComponent/ChallengeList/index.js b/src/components/ChallengesComponent/ChallengeList/index.js index b964809a..65329c5e 100644 --- a/src/components/ChallengesComponent/ChallengeList/index.js +++ b/src/components/ChallengesComponent/ChallengeList/index.js @@ -183,7 +183,7 @@ class ChallengeList extends Component { )} {!isBillingAccountLoading && !isBillingAccountLoadingFailed && isBillingAccountExpired && (
- Billing Account: INACTIVE   Start Date:End Date: {billingEndDate} + Billing Account: INACTIVE   Start Date: {billingStartDate}   End Date: {billingEndDate}
)} {!isBillingAccountLoading && isBillingAccountLoadingFailed && (