From f365ca5e3b4082542f1167849205af96a89a522c Mon Sep 17 00:00:00 2001
From: Daria Mayorova <mayorova@users.noreply.github.com>
Date: Wed, 25 Sep 2024 16:01:12 +0200
Subject: [PATCH 1/2] Remove psych hardcoded version and use alias explicitly

---
 Gemfile                                       | 3 ---
 Gemfile.lock                                  | 2 --
 app/lib/backend/storage.rb                    | 2 +-
 test/unit/three_scale/middleware/cors_test.rb | 2 +-
 4 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/Gemfile b/Gemfile
index c5c7567249..6a98ef3ff9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -20,9 +20,6 @@ gem "activejob-uniqueness"
 # Needed for XML serialization of ActiveRecord::Base
 gem 'activemodel-serializers-xml'
 
-# Fixing https://github.com/ruby/psych/pull/438, remove after upgrading Ruby
-gem 'psych', '~> 3.2.0'
-
 gem 'protected_attributes_continued', '~> 1.8.2'
 
 gem 'rails-observers'
diff --git a/Gemfile.lock b/Gemfile.lock
index 1bb4bc7fd8..7f431485b3 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -591,7 +591,6 @@ GEM
     pry-stack_explorer (0.6.1)
       binding_of_caller (~> 1.0)
       pry (~> 0.13)
-    psych (3.2.1)
     public_suffix (4.0.7)
     raabro (1.4.0)
     racc (1.8.1)
@@ -1056,7 +1055,6 @@ DEPENDENCIES
   pry-rails
   pry-shell
   pry-stack_explorer
-  psych (~> 3.2.0)
   rack (~> 2.2.8)
   rack-cors
   rack-no_animations (~> 1.0.3)
diff --git a/app/lib/backend/storage.rb b/app/lib/backend/storage.rb
index c10cd1df7e..b6e3f54022 100644
--- a/app/lib/backend/storage.rb
+++ b/app/lib/backend/storage.rb
@@ -6,7 +6,7 @@ class Storage < ::System::RedisPool
     def self.parse_config
       config = File.read("#{Rails.root}/config/backend_redis.yml")
       config = ERB.new(config).result(binding)
-      config = YAML.load(config)
+      config = YAML.load(config, aliases: true)
       config.fetch(Rails.env).deep_symbolize_keys
     end
 
diff --git a/test/unit/three_scale/middleware/cors_test.rb b/test/unit/three_scale/middleware/cors_test.rb
index 3dc966abaa..36c07b4e75 100644
--- a/test/unit/three_scale/middleware/cors_test.rb
+++ b/test/unit/three_scale/middleware/cors_test.rb
@@ -76,7 +76,7 @@ class ThreeScale::Middleware::CorsTest < ActiveSupport::TestCase
   end
 
   test 'provider signup path excluded in default configs' do
-    cors_config = YAML.load_file(Rails.root.join("config/cors.yml")).deep_symbolize_keys
+    cors_config = YAML.load_file(Rails.root.join("config/cors.yml"), aliases: true, permitted_classes: [Symbol, Regexp]).deep_symbolize_keys
     rails_envs = %i[development test production]
     rails_envs.each do |rails_env|
       stub_config = cors_config[rails_env]

From 10253aa43ff8429be81ac5bbeb4b3db5b7d43c80 Mon Sep 17 00:00:00 2001
From: Daria Mayorova <mayorova@users.noreply.github.com>
Date: Fri, 27 Sep 2024 15:54:51 +0200
Subject: [PATCH 2/2] Fix serialization for scheduled jobs

---
 app/lib/three_scale/jobs.rb            | 9 ++++++++-
 test/unit/lib/three_scale/jobs_test.rb | 8 ++++----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/lib/three_scale/jobs.rb b/app/lib/three_scale/jobs.rb
index 05e83c73a2..a3507ee3f3 100644
--- a/app/lib/three_scale/jobs.rb
+++ b/app/lib/three_scale/jobs.rb
@@ -7,6 +7,8 @@ module ThreeScale
   module Jobs
 
     class Task
+      attr_reader :object
+
       def initialize(object, method, *args)
         @object = object
         @method = method
@@ -43,7 +45,8 @@ def map(tasks)
 
         def deserialize(args)
           hash = normalize_task_args(args)
-          klass, method, arguments = YAML.load(hash[:init_args]) # rubocop:disable Security/YAMLLoad
+          permitted_classes = ActiveRecord::Base.yaml_column_permitted_classes + ThreeScale::Jobs::JOB_CLASSES
+          klass, method, arguments = YAML.load(hash[:init_args], permitted_classes: permitted_classes)
           hash[:klass].constantize.new(klass, method, *arguments)
         end
 
@@ -130,5 +133,9 @@ def run
     HOUR = Task.map([
                       [Rails, :env]
                     ]).freeze # just a fake job to ensure cron works
+
+    PERIODS = [HOUR, DAILY, WEEK, MONTH, BILLING]
+    
+    JOB_CLASSES = ThreeScale::Jobs::PERIODS.flatten.map(&:object)
   end
 end
diff --git a/test/unit/lib/three_scale/jobs_test.rb b/test/unit/lib/three_scale/jobs_test.rb
index 8d55fd4556..7a2ac91816 100644
--- a/test/unit/lib/three_scale/jobs_test.rb
+++ b/test/unit/lib/three_scale/jobs_test.rb
@@ -26,14 +26,14 @@ def test_rake_task_serialize
   end
 
   def test_task_serialize
-    task = ThreeScale::Jobs::Task.new(Account, :new, org_name: 'Company')
-    serialized = YAML.dump([Account, :new, {org_name: 'Company'}])
+    task = ThreeScale::Jobs::Task.new(DestroyAllDeletedObjectsWorker, :perform_later, 'Service')
+    serialized = YAML.dump([DestroyAllDeletedObjectsWorker, :perform_later, 'Service'])
     assert_equal({klass: "ThreeScale::Jobs::Task", init_args: serialized}, task.serialize)
   end
 
   def test_task_deserialize
-    task = ThreeScale::Jobs::Task.new(Account, :new, org_name: 'Company')
-    serialized = YAML.dump([Account, :new, [{org_name: 'Company'}]])
+    task = ThreeScale::Jobs::Task.new(DestroyAllDeletedObjectsWorker, :perform_later, 'Service')
+    serialized = YAML.dump([DestroyAllDeletedObjectsWorker, :perform_later, ['Service']])
     assert_equal(task, ThreeScale::Jobs::Task.deserialize(klass: 'ThreeScale::Jobs::Task', init_args: serialized))
   end