diff --git a/Gemfile b/Gemfile index 741b1f54..b3b2900b 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,8 @@ source 'https://rubygems.org' ruby '3.2.2' -gem 'rails', '~> 6.1.7' +gem 'rails', '~> 7.0.4' +gem 'sprockets-rails' gem 'pg' gem 'puma' @@ -47,8 +48,7 @@ group :development do gem 'listen' # Spring speeds up development by keeping your application running in the # background. Read more: https://github.com/rails/spring - gem 'spring' - gem 'spring-watcher-listen' + gem 'spring', '~> 4.1' gem 'spring-commands-rspec' gem 'guard', require: false gem 'guard-rspec', require: false diff --git a/Gemfile.lock b/Gemfile.lock index cf6c5f95..ab8d6dc8 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,76 +1,82 @@ GIT remote: https://github.com/DavyJonesLocker/capybara-email.git - revision: e1f61aa9b486da6a8485dd6a18a4221e78cda6e7 + revision: 668f5a35205ef872b7152a57cf4d4f2a3567fa53 ref: e1f61aa9b4 branch: master specs: - capybara-email (3.0.1) + capybara-email (3.0.2) capybara (>= 2.4, < 4.0) mail GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.3) - actionpack (= 6.1.7.3) - activesupport (= 6.1.7.3) + actioncable (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.3) - actionpack (= 6.1.7.3) - activejob (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + actionmailbox (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (>= 2.7.1) - actionmailer (6.1.7.3) - actionpack (= 6.1.7.3) - actionview (= 6.1.7.3) - activejob (= 6.1.7.3) - activesupport (= 6.1.7.3) + net-imap + net-pop + net-smtp + actionmailer (7.0.4.3) + actionpack (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.3) - actionview (= 6.1.7.3) - activesupport (= 6.1.7.3) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.4.3) + actionview (= 7.0.4.3) + activesupport (= 7.0.4.3) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.3) - actionpack (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + actiontext (7.0.4.3) + actionpack (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.3) - activesupport (= 6.1.7.3) + actionview (7.0.4.3) + activesupport (= 7.0.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.3) - activesupport (= 6.1.7.3) + activejob (7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.3.6) - activemodel (6.1.7.3) - activesupport (= 6.1.7.3) - activerecord (6.1.7.3) - activemodel (= 6.1.7.3) - activesupport (= 6.1.7.3) - activestorage (6.1.7.3) - actionpack (= 6.1.7.3) - activejob (= 6.1.7.3) - activerecord (= 6.1.7.3) - activesupport (= 6.1.7.3) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activerecord (7.0.4.3) + activemodel (= 7.0.4.3) + activesupport (= 7.0.4.3) + activestorage (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activesupport (= 7.0.4.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.3) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) - addressable (2.8.2) + addressable (2.8.4) public_suffix (>= 2.0.2, < 6.0) ast (2.4.2) bcrypt (3.1.18) @@ -95,7 +101,7 @@ GEM crack (0.4.5) rexml crass (1.0.6) - createsend (5.1.1) + createsend (6.0.0) hashie (~> 3.0) httparty (~> 0.14) json (>= 1.0) @@ -119,7 +125,7 @@ GEM factory_bot (~> 6.2.0) railties (>= 5.0.0) ffi (1.15.5) - formatador (0.3.0) + formatador (1.1.0) globalid (1.1.0) activesupport (>= 5.0) guard (2.18.0) @@ -207,7 +213,7 @@ GEM nenv (~> 0.1) shellany (~> 0.0) orm_adapter (0.5.0) - parallel (1.22.1) + parallel (1.23.0) parser (3.2.2.0) ast (~> 2.4.1) pg (1.4.6) @@ -227,8 +233,8 @@ GEM pry (>= 0.13, < 0.15) pry-rails (0.3.9) pry (>= 0.10.4) - public_suffix (4.0.7) - puma (5.6.5) + public_suffix (5.0.1) + puma (6.2.2) nio4r (~> 2.0) pygmentize (0.0.3) racc (1.6.2) @@ -237,21 +243,20 @@ GEM rack rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.3) - actioncable (= 6.1.7.3) - actionmailbox (= 6.1.7.3) - actionmailer (= 6.1.7.3) - actionpack (= 6.1.7.3) - actiontext (= 6.1.7.3) - actionview (= 6.1.7.3) - activejob (= 6.1.7.3) - activemodel (= 6.1.7.3) - activerecord (= 6.1.7.3) - activestorage (= 6.1.7.3) - activesupport (= 6.1.7.3) + rails (7.0.4.3) + actioncable (= 7.0.4.3) + actionmailbox (= 7.0.4.3) + actionmailer (= 7.0.4.3) + actionpack (= 7.0.4.3) + actiontext (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activemodel (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) bundler (>= 1.15.0) - railties (= 6.1.7.3) - sprockets-rails (>= 2.0.0) + railties (= 7.0.4.3) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -266,19 +271,20 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (6.1.7.3) - actionpack (= 6.1.7.3) - activesupport (= 6.1.7.3) + railties (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.0.6) rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) redcarpet (3.6.0) - regexp_parser (2.7.0) + regexp_parser (2.8.0) responders (3.1.0) actionpack (>= 5.2) railties (>= 5.2) @@ -287,7 +293,7 @@ GEM rspec-core (~> 3.12.0) rspec-expectations (~> 3.12.0) rspec-mocks (~> 3.12.0) - rspec-core (3.12.1) + rspec-core (3.12.2) rspec-support (~> 3.12.0) rspec-expectations (3.12.2) diff-lcs (>= 1.2.0, < 2.0) @@ -304,7 +310,7 @@ GEM rspec-mocks (~> 3.10) rspec-support (~> 3.10) rspec-support (3.12.0) - rubocop (1.49.0) + rubocop (1.50.2) json (~> 2.3) parallel (~> 1.10) parser (>= 3.2.0.0) @@ -316,10 +322,10 @@ GEM unicode-display_width (>= 2.4.0, < 3.0) rubocop-ast (1.28.0) parser (>= 3.2.1.0) - rubocop-performance (1.16.0) + rubocop-performance (1.17.1) rubocop (>= 1.7.0, < 2.0) rubocop-ast (>= 0.4.0) - rubocop-rails (2.18.0) + rubocop-rails (2.19.1) activesupport (>= 4.2.0) rack (>= 1.1) rubocop (>= 1.33.0, < 2.0) @@ -334,12 +340,9 @@ GEM simplecov_json_formatter (~> 0.1) simplecov-html (0.12.3) simplecov_json_formatter (0.1.4) - spring (2.1.1) + spring (4.1.1) spring-commands-rspec (1.0.4) spring (>= 0.9.1) - spring-watcher-listen (2.0.1) - listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) sprockets (4.2.0) concurrent-ruby (~> 1.0) rack (>= 2.2.4, < 4) @@ -405,7 +408,7 @@ DEPENDENCIES pry-rails puma pygmentize - rails (~> 6.1.7) + rails (~> 7.0.4) rails-controller-testing rails_12factor redcarpet @@ -415,9 +418,9 @@ DEPENDENCIES rubocop-rails sassc simplecov - spring + spring (~> 4.1) spring-commands-rspec - spring-watcher-listen + sprockets-rails tzinfo-data validates_email_format_of warden diff --git a/bin/rails b/bin/rails index 21d3e02d..efc03774 100755 --- a/bin/rails +++ b/bin/rails @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) -APP_PATH = File.expand_path('../config/application', __dir__) +APP_PATH = File.expand_path("../config/application", __dir__) require_relative "../config/boot" require "rails/commands" diff --git a/bin/rake b/bin/rake index 7327f471..4fbf10b9 100755 --- a/bin/rake +++ b/bin/rake @@ -1,5 +1,4 @@ #!/usr/bin/env ruby -load File.expand_path("spring", __dir__) require_relative "../config/boot" require "rake" Rake.application.run diff --git a/bin/setup b/bin/setup index 5853b5ea..ec47b79b 100755 --- a/bin/setup +++ b/bin/setup @@ -1,36 +1,33 @@ #!/usr/bin/env ruby -require 'fileutils' +require "fileutils" # path to your application root. -APP_ROOT = File.expand_path('..', __dir__) +APP_ROOT = File.expand_path("..", __dir__) def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end FileUtils.chdir APP_ROOT do - # This script is a way to setup or update your development environment automatically. - # This script is idempotent, so that you can run it at anytime and get an expectable outcome. + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. - puts '== Installing dependencies ==' - system! 'gem install bundler --conservative' - system('bundle check') || system!('bundle install') - - # Install JavaScript dependencies - # system('bin/yarn') + puts "== Installing dependencies ==" + system! "gem install bundler --conservative" + system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # FileUtils.cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! 'bin/rails db:prepare' + system! "bin/rails db:prepare" puts "\n== Removing old logs and tempfiles ==" - system! 'bin/rails log:clear tmp:clear' + system! "bin/rails log:clear tmp:clear" puts "\n== Restarting application server ==" - system! 'bin/rails restart' + system! "bin/rails restart" end diff --git a/config/application.rb b/config/application.rb index c6cd1a80..e36caf4f 100644 --- a/config/application.rb +++ b/config/application.rb @@ -1,14 +1,19 @@ -require_relative 'boot' +require_relative "boot" require "rails" # Pick the frameworks you want: require "active_model/railtie" require "active_job/railtie" require "active_record/railtie" +# require "active_storage/engine" require "action_controller/railtie" require "action_mailer/railtie" +# require "action_mailbox/engine" +# require "action_text/engine" require "action_view/railtie" require "sprockets/railtie" +# require "action_cable/engine" +# require "rails/test_unit/railtie" # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. @@ -16,12 +21,16 @@ module RubyAu class Application < Rails::Application + # Initialize configuration defaults for originally generated Rails version. config.load_defaults 6.1 - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. + # Configuration for the application, engines, and railties goes here. + # + # These settings can be overridden in specific environments using the files + # in config/environments, which are processed later. + # + # config.time_zone = "Central Time (US & Canada)" + # config.eager_load_paths << Rails.root.join("extras") config.eager_load_paths += %W(#{config.root}/lib) config.generators do |g| @@ -30,5 +39,7 @@ class Application < Rails::Application end config.generators.javascript_engine = :js + # Don't generate system test files. + config.generators.system_tests = nil end end diff --git a/config/boot.rb b/config/boot.rb index 30f5120d..28201161 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,3 +1,3 @@ -ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -require 'bundler/setup' # Set up gems listed in the Gemfile. +require "bundler/setup" # Set up gems listed in the Gemfile. diff --git a/config/environment.rb b/config/environment.rb index 426333bb..cac53157 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -1,5 +1,5 @@ # Load the Rails application. -require_relative 'application' +require_relative "application" # Initialize the Rails application. Rails.application.initialize! diff --git a/config/environments/development.rb b/config/environments/development.rb index a4225605..b77f3196 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,13 +1,10 @@ require "active_support/core_ext/integer/time" Rails.application.configure do - # Verifies that versions and hashed value of the package contents in the project's package.json - config.webpacker.check_yarn_integrity = true - # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -17,15 +14,18 @@ # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. - if Rails.root.join('tmp/caching-dev.txt').exist? + if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true config.cache_store = :memory_store config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{2.days.to_i}" + "Cache-Control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false diff --git a/config/environments/production.rb b/config/environments/production.rb index 078025c4..735a87b7 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,11 +1,7 @@ require "active_support/core_ext/integer/time" Rails.application.configure do - # Verifies that versions and hashed value of the package contents in the project's package.json - config.webpacker.check_yarn_integrity = false - - # Settings specified here will take precedence over those in - # config/application.rb. + # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. config.cache_classes = true @@ -20,61 +16,44 @@ config.consider_all_requests_local = false config.action_controller.perform_caching = true + # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] + # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # config.require_master_key = true + # Disable serving static files from the `/public` folder by default since # Apache or NGINX already handles this. - config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? + config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present? - # Compress JavaScripts and CSS. - # config.assets.js_compressor = :uglifier + # Compress CSS using a preprocessor. # config.assets.css_compressor = :sass # Do not fallback to assets pipeline if a precompiled asset is missed. config.assets.compile = false - # Asset digests allow you to set far-future HTTP expiration dates on all - # assets, - # yet still be able to expire them through the digest params. - config.assets.digest = true - - # `config.assets.precompile` and `config.assets.version` have moved to - # config/initializers/assets.rb - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = 'http://assets.example.com' + # config.asset_host = "http://assets.example.com" # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX - - # Action Cable endpoint configuration - # config.action_cable.url = 'wss://example.com/cable' - # config.action_cable.allowed_request_origins = [ - # 'http://example.com', - # /http:\/\/example.*/ - # ] + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache + # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - config.force_ssl = true + # config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). config.log_level = :info # Prepend all log lines with the following tags. config.log_tags = [:request_id] - # Use a different logger for distributed setups. - # require 'syslog/logger' - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') - - config.logger = ActiveSupport::TaggedLogging.new(Logger.new($stdout)) if ENV["RAILS_LOG_TO_STDOUT"].present? - # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment) + # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "ruby_au_#{Rails.env}" + # config.active_job.queue_name_prefix = "ruby_au_production" + config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. @@ -85,21 +64,15 @@ # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Log disallowed deprecations. - config.active_support.disallowed_deprecation = :log - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new # Use a different logger for distributed setups. - # require 'syslog/logger' - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') + # require "syslog/logger" + # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name") if ENV["RAILS_LOG_TO_STDOUT"].present? logger = ActiveSupport::Logger.new($stdout) @@ -109,38 +82,4 @@ # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - - # Inserts middleware to perform automatic connection switching. - # The `database_selector` hash is used to pass options to the DatabaseSelector - # middleware. The `delay` is used to determine how long to wait after a write - # to send a subsequent read to the primary. - # - # The `database_resolver` class is used by the middleware to determine which - # database is appropriate to use based on the time delay. - # - # The `database_resolver_context` class is used by the middleware to set - # timestamps for the last write to the primary. The resolver uses the context - # class timestamps to determine how long to wait before reading from the - # replica. - # - # By default Rails will store a last write timestamp in the session. The - # DatabaseSelector middleware is designed as such you can define your own - # strategy for connection switching and pass that into the middleware through - # these configuration options. - # config.active_record.database_selector = { delay: 2.seconds } - # config.active_record.database_resolver = ActiveRecord::Middleware::DatabaseSelector::Resolver - # config.active_record.database_resolver_context = ActiveRecord::Middleware::DatabaseSelector::Resolver::Session - - config.action_mailer.default_url_options = { host: 'ruby.org.au' } - config.action_mailer.delivery_method = :smtp - config.action_mailer.perform_deliveries = true - config.action_mailer.smtp_settings = { - user_name: ENV['SENDGRID_USERNAME'], - password: ENV['SENDGRID_PASSWORD'], - domain: 'ruby.org.au', - address: 'smtp.sendgrid.net', - port: 587, - authentication: :plain, - enable_starttls_auto: true - } end diff --git a/config/environments/test.rb b/config/environments/test.rb index 02320c9c..783ded0e 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,25 +1,26 @@ +require "active_support/core_ext/integer/time" + # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped # and recreated between test runs. Don't rely on the data there! -require "active_support/core_ext/integer/time" - Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. + # Turn false under Spring and add config.action_view.cache_template_loading = true. config.cache_classes = false config.action_view.cache_template_loading = true - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. config.eager_load = false # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true config.public_file_server.headers = { - 'Cache-Control' => "public, max-age=#{1.hour.to_i}" + "Cache-Control" => "public, max-age=#{1.hour.to_i}" } # Show full error reports and disable caching. diff --git a/config/initializers/assets.rb b/config/initializers/assets.rb index 4b828e80..2eeef966 100644 --- a/config/initializers/assets.rb +++ b/config/initializers/assets.rb @@ -1,12 +1,10 @@ # Be sure to restart your server when you modify this file. # Version of your assets, change this if you want to expire all your assets. -Rails.application.config.assets.version = '1.0' +Rails.application.config.assets.version = "1.0" # Add additional assets to the asset load path. # Rails.application.config.assets.paths << Emoji.images_path -# Add Yarn node_modules folder to the asset load path. -Rails.application.config.assets.paths << Rails.root.join('node_modules') # Precompile additional assets. # application.js, application.css, and all non-JS/CSS in the app/assets diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 35d0f26f..54f47cf1 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -1,30 +1,25 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -# Rails.application.config.content_security_policy do |policy| -# policy.default_src :self, :https -# policy.font_src :self, :https, :data -# policy.img_src :self, :https, :data -# policy.object_src :none -# policy.script_src :self, :https -# policy.style_src :self, :https -# # If you are using webpack-dev-server then specify webpack-dev-server host -# policy.connect_src :self, :https, "http://localhost:3035", "ws://localhost:3035" if Rails.env.development? - -# # Specify URI for violation reports -# # policy.report_uri "/csp-violation-report-endpoint" +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true # end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Set the nonce only to specific directives -# Rails.application.config.content_security_policy_nonce_directives = %w(script-src) - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/cors.rb b/config/initializers/cors.rb index 3b1c1b5e..e5a82f16 100644 --- a/config/initializers/cors.rb +++ b/config/initializers/cors.rb @@ -7,9 +7,9 @@ # Rails.application.config.middleware.insert_before 0, Rack::Cors do # allow do -# origins 'example.com' +# origins "example.com" # -# resource '*', +# resource "*", # headers: :any, # methods: [:get, :post, :put, :patch, :delete, :options, :head] # end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4b34a036..adc6568c 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,6 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. Rails.application.config.filter_parameters += [ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf9..3860f659 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,13 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/config/routes.rb b/config/routes.rb index db344aea..129ea5a7 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -59,5 +59,5 @@ get "/code-of-conduct-enforcement", to: redirect("/policies/code-of-conduct-enforcement") get "/code-of-conduct-reporting", to: redirect("/policies/code-of-conduct-reporting") - get "/*id" => 'pages#show', as: :page, format: false, constraints: RootRouteConstraints + get "/*id" => 'pages#show', as: :page, format: false # constraints: RootRouteConstraints end diff --git a/db/schema.rb b/db/schema.rb index 305d7523..adf4227b 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2020_10_10_015538) do +ActiveRecord::Schema[6.1].define(version: 2020_10_10_015538) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/spec/controllers/pages_controller_spec.rb b/spec/controllers/pages_controller_spec.rb index d3db3342..d9a30f51 100644 --- a/spec/controllers/pages_controller_spec.rb +++ b/spec/controllers/pages_controller_spec.rb @@ -13,11 +13,11 @@ end describe "on GET to /committee-members" do - before { get :show, params: { id: "committee-members.html" } } + before { get :show, params: { id: "committee-members" } } it "responds with success and render template" do expect(response).to be_successful - expect(response).to render_template("committee-members.html") + expect(response).to render_template("committee-members") end end diff --git a/spec/features/committee_imports_members_spec.rb b/spec/features/committee_imports_members_spec.rb index 32862fe9..1d620358 100644 --- a/spec/features/committee_imports_members_spec.rb +++ b/spec/features/committee_imports_members_spec.rb @@ -73,7 +73,7 @@ scenario "accepts an invitation" do stub_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/.*\.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/.*\.json} ).and_return( body: JSON.dump("State" => "Active"), headers: { "Content-Type" => "application/json" } @@ -97,7 +97,7 @@ expect( a_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/.*\.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/.*\.json} ) ).to have_been_made.times(MailingList.all.length) @@ -113,7 +113,7 @@ scenario "accepts an invitation without a provided name" do stub_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/.*\.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/.*\.json} ).and_return( body: JSON.dump("State" => "Active"), headers: { "Content-Type" => "application/json" } @@ -138,7 +138,7 @@ expect( a_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/.*\.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/.*\.json} ) ).to have_been_made.times(MailingList.all.length) diff --git a/spec/features/committee_manages_list_webhooks_spec.rb b/spec/features/committee_manages_list_webhooks_spec.rb index 0f94f316..9ec8f08f 100644 --- a/spec/features/committee_manages_list_webhooks_spec.rb +++ b/spec/features/committee_manages_list_webhooks_spec.rb @@ -5,14 +5,14 @@ RSpec.feature "Committee manages list webhooks", type: :request do scenario "registering webhooks" do MailingList.all.each do |list| - stub_request(:post, "https://api.createsend.com/api/v3.2/lists/#{list.api_id}/webhooks.json") + stub_request(:post, "https://api.createsend.com/api/v3.3/lists/#{list.api_id}/webhooks.json") end MailingList::CreateWebhooks.call MailingList.all.each do |list| expect( - a_request(:post, "https://api.createsend.com/api/v3.2/lists/#{list.api_id}/webhooks.json") + a_request(:post, "https://api.createsend.com/api/v3.3/lists/#{list.api_id}/webhooks.json") ).to have_been_made end end diff --git a/spec/features/committee_sychronises_mailing_lists_spec.rb b/spec/features/committee_sychronises_mailing_lists_spec.rb index 98d09604..f27f31cc 100644 --- a/spec/features/committee_sychronises_mailing_lists_spec.rb +++ b/spec/features/committee_sychronises_mailing_lists_spec.rb @@ -10,7 +10,7 @@ jules = FactoryBot.create :user stub_request( - :get, %r{https://api.createsend.com/api/v3.2/lists/conf-key/active.json} + :get, %r{https://api.createsend.com/api/v3.3/lists/conf-key/active.json} ).to_return( body: JSON.dump( { @@ -26,7 +26,7 @@ ) stub_request( - :get, %r{https://api.createsend.com/api/v3.2/lists/girls-key/active.json} + :get, %r{https://api.createsend.com/api/v3.3/lists/girls-key/active.json} ).to_return( body: JSON.dump( { @@ -42,7 +42,7 @@ ) stub_request( - :get, %r{https://api.createsend.com/api/v3.2/lists/camp-key/active.json} + :get, %r{https://api.createsend.com/api/v3.3/lists/camp-key/active.json} ).to_return( body: JSON.dump( { diff --git a/spec/features/user_confirms_email_spec.rb b/spec/features/user_confirms_email_spec.rb index 8e44e575..bfac468d 100644 --- a/spec/features/user_confirms_email_spec.rb +++ b/spec/features/user_confirms_email_spec.rb @@ -11,21 +11,21 @@ scenario "by clicking the link in an email" do stub_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/camp-key.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/camp-key.json} ).and_return( body: JSON.dump("State" => "Active"), headers: { "Content-Type" => "application/json" } ) stub_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/conf-key.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/conf-key.json} ).and_return( body: JSON.dump("State" => "Unsubscribed"), headers: { "Content-Type" => "application/json" } ) stub_request( - :get, %r{https://api.createsend.com/api/v3.2/subscribers/girls-key.json} + :get, %r{https://api.createsend.com/api/v3.3/subscribers/girls-key.json} ).and_return( status: 400, body: JSON.dump("Code" => 203, "Message" => "Subscriber not in list"), @@ -33,7 +33,7 @@ ) stub_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/camp-key.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/camp-key.json" ) user @@ -56,7 +56,7 @@ expect( a_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/camp-key.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/camp-key.json" ) ).to have_been_made.once end diff --git a/spec/features/user_edits_details_spec.rb b/spec/features/user_edits_details_spec.rb index 64eacc28..73acbd82 100644 --- a/spec/features/user_edits_details_spec.rb +++ b/spec/features/user_edits_details_spec.rb @@ -12,10 +12,10 @@ user.update mailing_lists: { "RubyConf AU" => "true" } new_email = 'bigbunnyfoofoo@gmail.com' stub_request( - :post, %r{https://api.createsend.com/api/v3.2/subscribers/conf-key.json} + :post, %r{https://api.createsend.com/api/v3.3/subscribers/conf-key.json} ) stub_request( - :put, %r{https://api.createsend.com/api/v3.2/subscribers/conf-key.json} + :put, %r{https://api.createsend.com/api/v3.3/subscribers/conf-key.json} ) click_on 'Edit' @@ -40,14 +40,14 @@ expect( a_request( - :post, %r{https://api.createsend.com/api/v3.2/subscribers/conf-key.json} + :post, %r{https://api.createsend.com/api/v3.3/subscribers/conf-key.json} ) ).to have_been_made end scenario "subscribing to a mailing list" do stub_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/girls-key.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/girls-key.json" ) click_on "Edit" @@ -60,7 +60,7 @@ expect( a_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/girls-key.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/girls-key.json" ) ).to have_been_made.once end @@ -68,7 +68,7 @@ scenario "unsubscribing from a mailing list" do user.update mailing_lists: { "RailsGirls" => "true" } stub_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/girls-key/unsubscribe.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/girls-key/unsubscribe.json" ) click_on "Edit" @@ -81,7 +81,7 @@ expect( a_request( - :post, "https://api.createsend.com/api/v3.2/subscribers/girls-key/unsubscribe.json" + :post, "https://api.createsend.com/api/v3.3/subscribers/girls-key/unsubscribe.json" ) ).to have_been_made.once end