diff --git a/Gemfile b/Gemfile index c475eceeac1..e5d4d9e5fac 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source "https://rubygems.org" ruby "~> 3.2.0" -gem "rails", "7.2.1" +gem "rails", "7.1.3.4" gem "ast" gem "bootsnap", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 5ad3b121c34..a121d272b59 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,76 +1,80 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.1) - actionpack (= 7.2.1) - activesupport (= 7.2.1) + actioncable (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.1) - actionpack (= 7.2.1) - activejob (= 7.2.1) - activerecord (= 7.2.1) - activestorage (= 7.2.1) - activesupport (= 7.2.1) - mail (>= 2.8.0) - actionmailer (7.2.1) - actionpack (= 7.2.1) - actionview (= 7.2.1) - activejob (= 7.2.1) - activesupport (= 7.2.1) - mail (>= 2.8.0) + actionmailbox (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (>= 2.7.1) + net-imap + net-pop + net-smtp + actionmailer (7.1.3.4) + actionpack (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activesupport (= 7.1.3.4) + mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.2) - actionpack (7.2.1) - actionview (= 7.2.1) - activesupport (= 7.2.1) + actionpack (7.1.3.4) + actionview (= 7.1.3.4) + activesupport (= 7.1.3.4) nokogiri (>= 1.8.5) racc - rack (>= 2.2.4, < 3.2) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - useragent (~> 0.16) - actiontext (7.2.1) - actionpack (= 7.2.1) - activerecord (= 7.2.1) - activestorage (= 7.2.1) - activesupport (= 7.2.1) + actiontext (7.1.3.4) + actionpack (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.1) - activesupport (= 7.2.1) + actionview (7.1.3.4) + activesupport (= 7.1.3.4) builder (~> 3.1) erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.1) - activesupport (= 7.2.1) + activejob (7.1.3.4) + activesupport (= 7.1.3.4) globalid (>= 0.3.6) - activemodel (7.2.1) - activesupport (= 7.2.1) - activerecord (7.2.1) - activemodel (= 7.2.1) - activesupport (= 7.2.1) + activemodel (7.1.3.4) + activesupport (= 7.1.3.4) + activerecord (7.1.3.4) + activemodel (= 7.1.3.4) + activesupport (= 7.1.3.4) timeout (>= 0.4.0) - activestorage (7.2.1) - actionpack (= 7.2.1) - activejob (= 7.2.1) - activerecord (= 7.2.1) - activesupport (= 7.2.1) + activestorage (7.1.3.4) + actionpack (= 7.1.3.4) + activejob (= 7.1.3.4) + activerecord (= 7.1.3.4) + activesupport (= 7.1.3.4) marcel (~> 1.0) - activesupport (7.2.1) + activesupport (7.1.3.4) base64 bigdecimal - concurrent-ruby (~> 1.0, >= 1.3.1) + concurrent-ruby (~> 1.0, >= 1.0.2) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) - logger (>= 1.4.2) minitest (>= 5.1) - securerandom (>= 0.3) - tzinfo (~> 2.0, >= 2.0.5) + mutex_m + tzinfo (~> 2.0) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) @@ -134,7 +138,7 @@ GEM faker (3.4.1) i18n (>= 1.8.11, < 2) ffi (1.16.3) - gds-api-adapters (97.5.0) + gds-api-adapters (97.4.1) addressable link_header null_logger @@ -229,7 +233,7 @@ GEM listen (3.9.0) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) - logger (1.6.2) + logger (1.6.1) logstasher (2.1.5) activesupport (>= 5.2) request_store @@ -247,7 +251,7 @@ GEM mime-types (3.6.0) logger mime-types-data (~> 3.2015) - mime-types-data (3.2024.1203) + mime-types-data (3.2024.1105) mini_mime (1.1.5) mini_portile2 (2.8.8) minitest (5.25.4) @@ -506,21 +510,20 @@ GEM rack (>= 1.3) rackup (2.2.1) rack (>= 3) - webrick (~> 1.8) - rails (7.2.1) - actioncable (= 7.2.1) - actionmailbox (= 7.2.1) - actionmailer (= 7.2.1) - actionpack (= 7.2.1) - actiontext (= 7.2.1) - actionview (= 7.2.1) - activejob (= 7.2.1) - activemodel (= 7.2.1) - activerecord (= 7.2.1) - activestorage (= 7.2.1) - activesupport (= 7.2.1) + rails (7.1.3.4) + actioncable (= 7.1.3.4) + actionmailbox (= 7.1.3.4) + actionmailer (= 7.1.3.4) + actionpack (= 7.1.3.4) + actiontext (= 7.1.3.4) + actionview (= 7.1.3.4) + activejob (= 7.1.3.4) + activemodel (= 7.1.3.4) + activerecord (= 7.1.3.4) + activestorage (= 7.1.3.4) + activesupport (= 7.1.3.4) bundler (>= 1.15.0) - railties (= 7.2.1) + railties (= 7.1.3.4) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -535,10 +538,10 @@ GEM rails-i18n (7.0.10) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) - railties (7.2.1) - actionpack (= 7.2.1) - activesupport (= 7.2.1) - irb (~> 1.13) + railties (7.1.3.4) + actionpack (= 7.1.3.4) + activesupport (= 7.1.3.4) + irb rackup (>= 1.0.0) rake (>= 12.2) thor (~> 1.0, >= 1.2.2) @@ -608,7 +611,6 @@ GEM google-protobuf (~> 4.26) sass-embedded (1.77.8-x86_64-linux-gnu) google-protobuf (~> 4.26) - securerandom (0.3.1) selenium-webdriver (4.21.1) base64 (~> 0.2) rexml (~> 3.2, >= 3.2.5) @@ -660,7 +662,6 @@ GEM concurrent-ruby (~> 1.0) uk_postcode (2.1.8) unicode-display_width (2.6.0) - useragent (0.16.10) webmock (3.24.0) addressable (>= 2.8.0) crack (>= 0.3.2) @@ -707,7 +708,7 @@ DEPENDENCIES parser plek pry - rails (= 7.2.1) + rails (= 7.1.3.4) rails-controller-testing rails-i18n railties diff --git a/bin/setup b/bin/setup index b7760d4df3e..57b65c85d98 100755 --- a/bin/setup +++ b/bin/setup @@ -1,11 +1,11 @@ #!/usr/bin/env ruby require "fileutils" +# path to your application root. APP_ROOT = File.expand_path("..", __dir__) -APP_NAME = "smart-answers" def system!(*args) - system(*args, exception: true) + system(*args) || abort("\n== Command #{args} failed ==") end FileUtils.chdir APP_ROOT do @@ -22,8 +22,4 @@ FileUtils.chdir APP_ROOT do puts "\n== Restarting application server ==" system! "bin/rails restart" - - # puts "\n== Configuring puma-dev ==" - # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" - # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" end diff --git a/config/application.rb b/config/application.rb index 2d62be05acf..74c415432b3 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,19 +1,9 @@ require_relative "boot" -# We don't need activerecord or action_mailer -require "rails" -# Pick the frameworks you want: +# Don't include all of rails, we don't need activerecord or action_mailer +require "action_controller/railtie" require "active_model/railtie" require "sprockets/railtie" -# require "active_job/railtie" -# require "active_record/railtie" -# require "active_storage/engine" -require "action_controller/railtie" -# require "action_mailer/railtie" -# require "action_mailbox/engine" -# require "action_text/engine" -require "action_view/railtie" -# require "action_cable/engine" require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems @@ -25,26 +15,38 @@ class Application < Rails::Application include GovukPublishingComponents::AppHelpers::AssetHelper # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 7.2 + config.load_defaults 7.0 config.govuk_time_zone = "London" + # Settings in config/environments/* take precedence over those specified here. + # Application configuration should go into files in config/initializers + # -- all .rb files in that directory are automatically loaded. Rails.application.config.action_view.form_with_generates_remote_forms = false # Custom directories with classes and modules you want to be autoloadable. config.autoload_paths += %W[#{config.root}/lib #{config.root}/app/presenters] + config.allow_forgery_protection = false + # Only load the plugins named here, in the order given (default is alphabetical). + # :all can be used as a placeholder for all plugins not explicitly named. + # config.plugins = [ :exception_notification, :ssl_requirement, :all ] - # New for rails 7.1 to enable previous autoload behaviour - config.add_autoload_paths_to_load_path = true + # Activate observers that should always be running. + # config.active_record.observers = :cacher, :garbage_collector, :forum_observer - # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. - config.allow_forgery_protection = false + # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. + # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. + # config.time_zone = 'Central Time (US & Canada)' # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. config.i18n.enforce_available_locales = false config.i18n.default_locale = :"en-GB" - config.i18n.fallbacks = true config.i18n.load_path += Dir[Rails.root.join("config/locales/**/*.yml")] + config.i18n.fallbacks = true + + # Configure the default encoding used in templates for Ruby 1.9. + config.encoding = "utf-8" + + # Configure sensitive parameters which will be filtered from the log file. + config.filter_parameters += %i[password] # Path within public/ where assets are compiled to config.assets.prefix = "/assets/smartanswers" @@ -63,14 +65,9 @@ class Application < Rails::Application config.action_dispatch.ignore_accept_header = true - # Force lib autoload, which was removed by Rails 3.0 and enforced by Zeitwerk - config.autoload_paths << Rails.root.join("lib") + config.eager_load_paths << Rails.root.join("lib") # Allow requests for all domains e.g. .dev.gov.uk config.hosts.clear - # Please, add to the `ignore` list any other `lib` subdirectories that do - # not contain `.rb` files, or that should not be reloaded or eager loaded. - # Common ones are `templates`, `generators`, or `middleware`, for example. - config.autoload_lib(ignore: %w[assets data generators tasks]) end end diff --git a/config/boot.rb b/config/boot.rb index 988a5ddc460..997563c2aff 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,4 @@ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. -require "bootsnap/setup" # Speed up boot time by caching expensive operations. +require "bootsnap/setup" diff --git a/config/environments/development.rb b/config/environments/development.rb index 2e56a385322..20461c38208 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -6,7 +6,7 @@ # In the development environment your application's code is reloaded any time # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. - config.enable_reloading = true + config.cache_classes = false # Do not eager load code on boot. config.eager_load = false @@ -14,7 +14,7 @@ # Show full error reports. config.consider_all_requests_local = true - # Enable server timing. + # Enable server timing config.server_timing = true # Enable/disable caching. By default caching is disabled. @@ -24,7 +24,9 @@ config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } + config.public_file_server.headers = { + "Cache-Control" => "public, max-age=#{2.days.to_i}", + } else config.action_controller.perform_caching = false @@ -50,11 +52,8 @@ # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. - config.action_view.annotate_rendered_view_with_filenames = true + # config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions. - config.action_controller.raise_on_missing_callback_actions = true - - # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. - # config.generators.apply_rubocop_autocorrect_after_generate! + # Uncomment if you wish to allow Action Cable access from any origin. + # config.action_cable.disable_request_forgery_protection = true end diff --git a/config/environments/production.rb b/config/environments/production.rb index cc0c4c9c14c..db2eea71c8f 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -4,7 +4,7 @@ # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.enable_reloading = false + config.cache_classes = true # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers @@ -16,8 +16,8 @@ config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment - # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). + # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] + # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true # Disable serving static files from the `/public` folder by default since @@ -27,7 +27,7 @@ # Compress JavaScripts. config.assets.js_compressor = :terser - # Do not fall back to assets pipeline if a precompiled asset is missed. + # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. @@ -37,27 +37,23 @@ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX - # Assume all access to the app is happening through a SSL-terminating reverse proxy. - # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. - # config.assume_ssl = true - # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Skip http-to-https redirect for the default health check endpoint. - # config.ssl_options = { redirect: { exclude: ->(request) { request.path == "/up" } } } + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", :info) # Prepend all log lines with the following tags. config.log_tags = [:request_id] - # "info" includes generic and useful information about system operation, but avoids logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). If you - # want to log everything, set the level to "debug". - config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") - # Use a different cache store in production. # config.cache_store = :mem_cache_store + # Use a real queuing backend for Active Job (and separate queues per environment). + # config.active_job.queue_adapter = :resque + # config.active_job.queue_name_prefix = "smart_answers_production" + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true @@ -86,11 +82,4 @@ logger.formatter = config.log_formatter config.logger = ActiveSupport::TaggedLogging.new(logger) end - # Enable DNS rebinding protection and other `Host` header attacks. - # config.hosts = [ - # "example.com", # Allow requests from example.com - # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` - # ] - # Skip DNS rebinding protection for the default health check endpoint. - # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } end diff --git a/config/environments/test.rb b/config/environments/test.rb index 6ee40cf5683..3cb4315a5bb 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -8,24 +8,26 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # While tests run files are not watched, reloading is not necessary. - config.enable_reloading = false + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = true - # Eager loading loads your entire application. When running a single test locally, - # this is usually not necessary, and can slow down your test suite. However, it's - # recommended that you enable it in continuous integration systems to ensure eager - # loading is working properly before deploying your code. + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{1.hour.to_i}" } + config.public_file_server.enabled = true + config.public_file_server.headers = { + "Cache-Control" => "public, max-age=#{1.hour.to_i}", + } # Show full error reports and disable caching. - config.consider_all_requests_local = true + config.consider_all_requests_local = true config.action_controller.perform_caching = false config.cache_store = :null_store - # Render exception templates for rescuable exceptions and raise for other exceptions. + # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = :none # Disable request forgery protection in test environment. @@ -45,7 +47,4 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - - # Raise error when a before_action's only/except options reference missing actions. - config.action_controller.raise_on_missing_callback_actions = true end diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index bd5bcd2b6ae..4070490afaa 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -9,4 +9,3 @@ # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets # folder are already added. -# Rails.application.config.assets.precompile += %w[ admin.js admin.css ] diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 58277c14bca..63d4f8be0e7 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,8 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. -# Use this to limit dissemination of sensitive information. -# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += %i[ - passw email secret token _key crypt salt certificate otp ssn + password passw secret token _key crypt salt certificate otp ssn ] diff --git a/config/initializers/new_framework_defaults_7_2.rb b/config/initializers/new_framework_defaults_7_2.rb deleted file mode 100644 index b549c4a258a..00000000000 --- a/config/initializers/new_framework_defaults_7_2.rb +++ /dev/null @@ -1,70 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 7.2 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `7.2`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -### -# Controls whether Active Job's `#perform_later` and similar methods automatically defer -# the job queuing to after the current Active Record transaction is committed. -# -# Example: -# Topic.transaction do -# topic = Topic.create(...) -# NewTopicNotificationJob.perform_later(topic) -# end -# -# In this example, if the configuration is set to `:never`, the job will -# be enqueued immediately, even though the `Topic` hasn't been committed yet. -# Because of this, if the job is picked up almost immediately, or if the -# transaction doesn't succeed for some reason, the job will fail to find this -# topic in the database. -# -# If `enqueue_after_transaction_commit` is set to `:default`, the queue adapter -# will define the behaviour. -# -# Note: Active Job backends can disable this feature. This is generally done by -# backends that use the same database as Active Record as a queue, hence they -# don't need this feature. -#++ -# Rails.application.config.active_job.enqueue_after_transaction_commit = :default - -### -# Adds image/webp to the list of content types Active Storage considers as an image -# Prevents automatic conversion to a fallback PNG, and assumes clients support WebP, as they support gif, jpeg, and png. -# This is possible due to broad browser support for WebP, but older browsers and email clients may still not support -# WebP. Requires imagemagick/libvips built with WebP support. -#++ -# Rails.application.config.active_storage.web_image_content_types = %w[image/png image/jpeg image/gif image/webp] - -### -# Enable validation of migration timestamps. When set, an ActiveRecord::InvalidMigrationTimestampError -# will be raised if the timestamp prefix for a migration is more than a day ahead of the timestamp -# associated with the current time. This is done to prevent forward-dating of migration files, which can -# impact migration generation and other migration commands. -# -# Applications with existing timestamped migrations that do not adhere to the -# expected format can disable validation by setting this config to `false`. -#++ -# Rails.application.config.active_record.validate_migration_timestamps = true - -### -# Controls whether the PostgresqlAdapter should decode dates automatically with manual queries. -# -# Example: -# ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.select_value("select '2024-01-01'::date") #=> Date -# -# This query used to return a `String`. -#++ -# Rails.application.config.active_record.postgresql_adapter_decode_dates = true - -### -# Enables YJIT as of Ruby 3.3, to bring sizeable performance improvements. If you are -# deploying to a memory constrained environment you may want to set this to `false`. -#++ -# Rails.application.config.yjit = true diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb index 7db3b9577e6..00f64d71b03 100644 --- a/config/initializers/permissions_policy.rb +++ b/config/initializers/permissions_policy.rb @@ -1,13 +1,11 @@ -# Be sure to restart your server when you modify this file. - # Define an application-wide HTTP permissions policy. For further -# information see: https://developers.google.com/web/updates/2018/06/feature-policy - -# Rails.application.config.permissions_policy do |policy| -# policy.camera :none -# policy.gyroscope :none -# policy.microphone :none -# policy.usb :none -# policy.fullscreen :self -# policy.payment :self, "https://secure.example.com" +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" # end