(merge) Merge branch 'v6' into dev

.dockerignore

@@ -1,5 +1,6 @@
 # Ignore bundler config.
 config/database.yml
+config/auth_provider.yml
 
 # Ignore database files.
 postgresql

.gitignore

@@ -26,6 +26,7 @@
 # Ignore application configurations
 /config/application.yml
 /config/database.yml
+/config/auth_provider.yml
 .env
 
 *.DS_Store

.nvmrc

@@ -1 +1 @@
-16.13.2
+18.15.0

.rubocop.yml

@@ -6,6 +6,8 @@ Layout/LineLength:
   Max: 145
 Metrics/MethodLength:
   Max: 35
+  Exclude:
+    - 'app/pdfs/pdf/*.rb'
 Metrics/CyclomaticComplexity:
   Max: 14
 Metrics/PerceivedComplexity:
@@ -19,6 +21,7 @@ Metrics/BlockLength:
   Exclude:
     - 'lib/tasks/**/*.rake'
     - 'config/routes.rb'
+    - 'config/environments/*.rb'
     - 'app/pdfs/pdf/*.rb'
     - 'test/**/*.rb'
     - '**/*_concern.rb'
@@ -38,6 +41,8 @@ Rails/RedundantPresenceValidationOnBelongsTo:
   Enabled: false
 Style/DateTime:
   Enabled: true
+Style/HashSyntax:
+  EnforcedShorthandSyntax: never
 Rails/TimeZone:
   Enabled: true
 Rails/UnknownEnv:

.ruby-version

@@ -1 +1 @@
-ruby-2.6.10
+ruby-3.2.1

CHANGELOG.md

@@ -1,6 +1,39 @@
 # Changelog Fab-manager
 
+- Updated ruby to 3.2
+- Updated rails to 7.0
+- Updated puma to 6.1
+- Updated responders to 3.0
+- Updated devise to 4.9
+- Updated sassc to 2.4
+- Updated sentry to 5.8
+- Updated web-console to 4.2
+- Updated shakapacker to 6.6
+- Updated bootsnap to 1.16
+- Updated pg to 1.4
+- Updated nodejs to 18.15
+- Updated oj to 3.14
+- Updated multi_json to 1.15
+- Updated spring to 4.0
+- Updated spring-watcher-listen to 2.1
+- Updated omniauth to 2.1
+- Updated omniauth-rails_csrf_protection to 1.0
+- Updated omniauth_openid_connect to 0.6
+- Updated the invoices chaining method with a more flexible model
+- Fill the holes in the logical sequence of invoices references with nil invoices
+- Use a cached configuration file to read the authentication provider settings
+- Order numbers are now saved in database instead of generated on-the-fly
+- OpenAPI availabilities endpoint
+- Ability to filter OpenAPI reservations endpoint by availability_id
+- Support for ARM64 CPU architecture
+- Fix a bug: by default, invoices should be ordered by date descending
+- Fix a bug: broken display after a plan category was deleted
 - Fix a bug: unable to update recurring event
+- Fix a security issue: updated json5 to 2.2.2 to fix [CVE-2022-46175](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46175)
+- Fix a security issue: updated terser to 5.16.8 to fix [CVE-2022-25858](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25858)
+- [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/mount-auth-provider.sh | bash`
+- [TODO DEPLOY] `rails fablab:auth:write_provider`
+- [TODO DEPLOY] `rails fablab:restore_order_number` THEN `rails fablab:fix_references`
 
 ## v5.9.1 2023 March 22
 

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.6.10-alpine
+FROM ruby:3.2.1-alpine
 MAINTAINER contact@fab-manager.com
 
 # Install upgrade system packages

Gemfile

@@ -3,12 +3,18 @@
 source 'https://rubygems.org'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 5.2.8'
+gem 'rails', '~> 7.0'
 # Used by rails 5.2 to reduce the app boot time by over 50%
 gem 'bootsnap'
 # Use Puma as web server
-gem 'puma', '4.3.12'
+gem 'puma', '6.1.0'
-gem 'shakapacker', '6.5.5'
+gem 'shakapacker', '6.6.0'
+
+# rails 6 compatibility with ruby 3 (may not be required after upgrade to rails 7)
+gem 'matrix'
+gem 'net-imap', require: false
+gem 'net-pop', require: false
+gem 'net-smtp', require: false
 
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 2.5'
@@ -17,7 +23,7 @@ gem 'json', '>= 2.3.0'
 gem 'jsonpath'
 
 gem 'forgery'
-gem 'responders', '~> 2.0'
+gem 'responders', '~> 3.0'
 
 group :development, :test do
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
@@ -33,26 +39,26 @@ group :development do
   gem 'bullet'
   gem 'coveralls_reborn', '~> 0.18.0', require: false
   gem 'foreman'
-  gem 'web-console', '>= 3.3.0'
+  gem 'web-console', '>= 4.2.0'
   # Preview mail in the browser
   gem 'listen', '~> 3.0.5'
   gem 'overcommit'
+  gem 'pry'
   gem 'rb-readline'
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'railroady'
   gem 'rubocop', '~> 1.31', require: false
   gem 'rubocop-rails', require: false
-  gem 'spring'
+  gem 'spring', '~> 4'
-  gem 'spring-watcher-listen', '~> 2.0.0'
+  gem 'spring-watcher-listen', '~> 2.1.0'
 end
 
 group :test do
   gem 'database_cleaner'
   gem 'faker'
   gem 'minitest-reporters'
-  gem 'pdf-reader'
   gem 'rubyXL'
-  gem 'vcr', '6.0.0'
+  gem 'vcr', '~> 6.1.0'
   gem 'webmock'
 end
 
@@ -62,11 +68,11 @@ gem 'pg'
 gem 'pg_search'
 
 # authentication
-gem 'devise', '>= 4.6.0'
+gem 'devise', '>= 4.9'
-gem 'omniauth', '~> 1.9.2'
+gem 'omniauth', '~> 2.1'
 gem 'omniauth-oauth2'
 gem 'omniauth_openid_connect'
-gem 'omniauth-rails_csrf_protection', '~> 0.1'
+gem 'omniauth-rails_csrf_protection', '~> 1.0'
 
 gem 'rolify'
 
@@ -95,6 +101,7 @@ gem 'stripe', '5.29.0'
 gem 'recurrence'
 
 # PDF
+gem 'pdf-reader'
 gem 'prawn'
 gem 'prawn-table'
 
@@ -107,9 +114,6 @@ gem 'pundit'
 
 gem 'oj'
 
-gem 'actionpack-page_caching', '1.2.2'
-gem 'rails-observers'
-
 gem 'chroma'
 
 gem 'message_format'
@@ -136,7 +140,7 @@ gem 'icalendar'
 gem 'tzinfo-data'
 
 # compilation of dynamic stylesheets (home page & theme)
-gem 'sassc', '= 2.1.0'
+gem 'sassc', '= 2.4.0'
 
 gem 'redis-session-store'
 

Gemfile.lock

@@ -1,64 +1,85 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    Ascii85 (1.0.3)
+    Ascii85 (1.1.0)
     aasm (5.0.8)
       concurrent-ruby (~> 1.0)
-    actioncable (5.2.8.1)
+    actioncable (7.0.4.3)
-      actionpack (= 5.2.8.1)
+      actionpack (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailer (5.2.8.1)
+    actionmailbox (7.0.4.3)
-      actionpack (= 5.2.8.1)
+      actionpack (= 7.0.4.3)
-      actionview (= 5.2.8.1)
+      activejob (= 7.0.4.3)
-      activejob (= 5.2.8.1)
+      activerecord (= 7.0.4.3)
+      activestorage (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+      mail (>= 2.7.1)
+      net-imap
+      net-pop
+      net-smtp
+    actionmailer (7.0.4.3)
+      actionpack (= 7.0.4.3)
+      actionview (= 7.0.4.3)
+      activejob (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
       mail (~> 2.5, >= 2.5.4)
+      net-imap
+      net-pop
+      net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (5.2.8.1)
+    actionpack (7.0.4.3)
-      actionview (= 5.2.8.1)
+      actionview (= 7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activesupport (= 7.0.4.3)
-      rack (~> 2.0, >= 2.0.8)
+      rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.2)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionpack-page_caching (1.2.2)
+    actiontext (7.0.4.3)
-      actionpack (>= 5.0.0)
+      actionpack (= 7.0.4.3)
-    actionview (5.2.8.1)
+      activerecord (= 7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activestorage (= 7.0.4.3)
+      activesupport (= 7.0.4.3)
+      globalid (>= 0.6.0)
+      nokogiri (>= 1.8.5)
+    actionview (7.0.4.3)
+      activesupport (= 7.0.4.3)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.0, >= 1.0.3)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    active_record_query_trace (1.7)
+    active_record_query_trace (1.8)
-    activejob (5.2.8.1)
+    activejob (7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activesupport (= 7.0.4.3)
       globalid (>= 0.3.6)
-    activemodel (5.2.8.1)
+    activemodel (7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activesupport (= 7.0.4.3)
-    activerecord (5.2.8.1)
+    activerecord (7.0.4.3)
-      activemodel (= 5.2.8.1)
+      activemodel (= 7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activesupport (= 7.0.4.3)
-      arel (>= 9.0)
+    activestorage (7.0.4.3)
-    activestorage (5.2.8.1)
+      actionpack (= 7.0.4.3)
-      actionpack (= 5.2.8.1)
+      activejob (= 7.0.4.3)
-      activerecord (= 5.2.8.1)
+      activerecord (= 7.0.4.3)
-      marcel (~> 1.0.0)
+      activesupport (= 7.0.4.3)
-    activesupport (5.2.8.1)
+      marcel (~> 1.0)
+      mini_mime (>= 1.1.0)
+    activesupport (7.0.4.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
+      i18n (>= 1.6, < 2)
-      minitest (~> 5.1)
+      minitest (>= 5.1)
-      tzinfo (~> 1.1)
+      tzinfo (~> 2.0)
     acts_as_list (1.0.4)
       activerecord (>= 4.2)
-    addressable (2.8.0)
+    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 5.0)
+      public_suffix (>= 2.0.2, < 6.0)
     aes_key_wrap (1.1.0)
     afm (0.2.2)
     ansi (1.5.0)
     api-pagination (4.8.2)
     apipie-rails (0.5.17)
       rails (>= 4.1)
-    arel (9.0.0)
     ast (2.4.2)
     attr_required (1.0.1)
     awesome_print (1.8.0)
@@ -66,11 +87,11 @@ GEM
       descendants_tracker (~> 0.0.4)
       ice_nine (~> 0.11.0)
       thread_safe (~> 0.3, >= 0.3.1)
-    bcrypt (3.1.13)
+    bcrypt (3.1.18)
-    bindata (2.4.10)
+    bindata (2.4.15)
     bindex (0.8.1)
-    bootsnap (1.4.6)
+    bootsnap (1.16.0)
-      msgpack (~> 1.0)
+      msgpack (~> 1.2)
     brpoplpush-redis_script (0.1.2)
       concurrent-ruby (~> 1.0, >= 1.0.5)
       redis (>= 1.0, <= 5.0)
@@ -98,9 +119,10 @@ GEM
     childprocess (4.1.0)
     chroma (0.2.0)
     cldr-plurals-runtime-rb (1.0.1)
+    coderay (1.1.3)
     coercible (1.0.0)
       descendants_tracker (~> 0.0.1)
-    concurrent-ruby (1.1.10)
+    concurrent-ruby (1.2.2)
     connection_pool (2.2.5)
     coveralls_reborn (0.18.0)
       simplecov (>= 0.18.1, < 0.20.0)
@@ -111,19 +133,20 @@ GEM
       safe_yaml (~> 1.0.0)
     crass (1.0.6)
     database_cleaner (1.8.3)
+    date (3.3.3)
     descendants_tracker (0.0.4)
       thread_safe (~> 0.3, >= 0.3.1)
-    devise (4.7.1)
+    devise (4.9.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
       responders
       warden (~> 1.2.3)
     docile (1.3.2)
-    dotenv (2.7.5)
+    dotenv (2.8.1)
-    dotenv-rails (2.7.5)
+    dotenv-rails (2.8.1)
-      dotenv (= 2.7.5)
+      dotenv (= 2.8.1)
-      railties (>= 3.2, < 6.1)
+      railties (>= 3.2)
     elasticsearch (5.0.5)
       elasticsearch-api (= 5.0.5)
       elasticsearch-transport (= 5.0.5)
@@ -145,7 +168,7 @@ GEM
       faraday
       multi_json
     equalizer (0.0.11)
-    erubi (1.10.0)
+    erubi (1.12.0)
     et-orbi (1.2.7)
       tzinfo
     faker (2.10.2)
@@ -160,7 +183,7 @@ GEM
     fugit (1.5.3)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
-    globalid (1.0.1)
+    globalid (1.1.0)
       activesupport (>= 5.0)
     hashdiff (1.0.1)
     hashery (2.1.2)
@@ -185,10 +208,11 @@ GEM
     jbuilder_cache_multi (0.1.0)
       jbuilder (>= 1.5.0, < 3)
     json (2.3.1)
-    json-jwt (1.13.0)
+    json-jwt (1.15.3)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
+      httpclient
     jsonpath (1.1.0)
       multi_json
     jwt (2.2.1)
@@ -210,9 +234,13 @@ GEM
     loofah (2.19.1)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
-    mail (2.7.1)
+    mail (2.8.1)
       mini_mime (>= 0.1.1)
+      net-imap
+      net-pop
+      net-smtp
     marcel (1.0.2)
+    matrix (0.4.2)
     message_format (0.0.6)
       twitter_cldr (~> 5.0)
     method_source (1.0.0)
@@ -221,20 +249,27 @@ GEM
       rake
     mini_magick (4.10.1)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.0)
+    minitest (5.18.0)
-    minitest (5.17.0)
     minitest-reporters (1.4.2)
       ansi
       builder
       minitest (>= 5.0)
       ruby-progressbar
-    msgpack (1.3.3)
+    msgpack (1.6.1)
-    multi_json (1.14.1)
+    multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
+    net-imap (0.3.4)
+      date
+      net-protocol
+    net-pop (0.1.2)
+      net-protocol
+    net-protocol (0.2.1)
+      timeout
+    net-smtp (0.3.3)
+      net-protocol
     nio4r (2.5.8)
-    nokogiri (1.13.10)
+    nokogiri (1.14.2-x86_64-linux)
-      mini_portile2 (~> 2.8.0)
       racc (~> 1.4)
     oauth2 (1.4.4)
       faraday (>= 0.8, < 2.0)
@@ -242,30 +277,31 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    oj (3.10.5)
+    oj (3.14.2)
-    omniauth (1.9.2)
+    omniauth (2.1.1)
       hashie (>= 3.4.6)
-      rack (>= 1.6.2, < 3)
+      rack (>= 2.2.3)
-    omniauth-oauth2 (1.6.0)
+      rack-protection
-      oauth2 (~> 1.1)
+    omniauth-oauth2 (1.8.0)
-      omniauth (~> 1.9)
+      oauth2 (>= 1.4, < 3)
-    omniauth-rails_csrf_protection (0.1.2)
+      omniauth (~> 2.0)
+    omniauth-rails_csrf_protection (1.0.1)
       actionpack (>= 4.2)
-      omniauth (>= 1.3.1)
+      omniauth (~> 2.0)
-    omniauth_openid_connect (0.4.0)
+    omniauth_openid_connect (0.6.1)
-      addressable (~> 2.5)
       omniauth (>= 1.9, < 3)
       openid_connect (~> 1.1)
-    openid_connect (1.3.0)
+    openid_connect (1.4.2)
       activemodel
       attr_required (>= 1.0.0)
-      json-jwt (>= 1.5.0)
+      json-jwt (>= 1.15.0)
-      rack-oauth2 (>= 1.6.1)
+      net-smtp
-      swd (>= 1.0.0)
+      rack-oauth2 (~> 1.21)
+      swd (~> 1.3)
       tzinfo
       validate_email
       validate_url
-      webfinger (>= 1.0.1)
+      webfinger (~> 1.2)
     openlab_ruby (0.0.7)
       httparty (~> 0.20)
     orm_adapter (0.5.0)
@@ -276,67 +312,72 @@ GEM
     parallel (1.19.1)
     parser (3.1.2.0)
       ast (~> 2.4.1)
-    pdf-core (0.7.0)
+    pdf-core (0.9.0)
-    pdf-reader (2.4.0)
+    pdf-reader (2.11.0)
-      Ascii85 (~> 1.0.0)
+      Ascii85 (~> 1.0)
       afm (~> 0.2.1)
       hashery (~> 2.0)
       ruby-rc4
       ttfunk
-    pg (1.2.2)
+    pg (1.4.6)
     pg_search (2.3.2)
       activerecord (>= 5.2)
       activesupport (>= 5.2)
-    prawn (2.2.2)
+    prawn (2.4.0)
-      pdf-core (~> 0.7.0)
+      pdf-core (~> 0.9.0)
-      ttfunk (~> 1.5)
+      ttfunk (~> 1.7)
     prawn-table (0.2.2)
       prawn (>= 1.3.0, < 3.0.0)
-    public_suffix (4.0.6)
+    pry (0.14.2)
-    puma (4.3.12)
+      coderay (~> 1.1)
+      method_source (~> 1.0)
+    public_suffix (5.0.1)
+    puma (6.1.0)
       nio4r (~> 2.0)
     pundit (2.1.0)
       activesupport (>= 3.0.0)
     raabro (1.4.0)
-    racc (1.6.1)
+    racc (1.6.2)
     rack (2.2.6.4)
-    rack-oauth2 (1.19.0)
+    rack-oauth2 (1.21.3)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
       rack (>= 2.1.0)
+    rack-protection (3.0.5)
+      rack
     rack-proxy (0.7.6)
       rack
-    rack-test (2.0.2)
+    rack-test (2.1.0)
       rack (>= 1.3)
     railroady (1.5.3)
-    rails (5.2.8.1)
+    rails (7.0.4.3)
-      actioncable (= 5.2.8.1)
+      actioncable (= 7.0.4.3)
-      actionmailer (= 5.2.8.1)
+      actionmailbox (= 7.0.4.3)
-      actionpack (= 5.2.8.1)
+      actionmailer (= 7.0.4.3)
-      actionview (= 5.2.8.1)
+      actionpack (= 7.0.4.3)
-      activejob (= 5.2.8.1)
+      actiontext (= 7.0.4.3)
-      activemodel (= 5.2.8.1)
+      actionview (= 7.0.4.3)
-      activerecord (= 5.2.8.1)
+      activejob (= 7.0.4.3)
-      activestorage (= 5.2.8.1)
+      activemodel (= 7.0.4.3)
-      activesupport (= 5.2.8.1)
+      activerecord (= 7.0.4.3)
-      bundler (>= 1.3.0)
+      activestorage (= 7.0.4.3)
-      railties (= 5.2.8.1)
+      activesupport (= 7.0.4.3)
-      sprockets-rails (>= 2.0.0)
+      bundler (>= 1.15.0)
+      railties (= 7.0.4.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.4)
+    rails-html-sanitizer (1.5.0)
       loofah (~> 2.19, >= 2.19.1)
-    rails-observers (0.1.5)
+    railties (7.0.4.3)
-      activemodel (>= 4.0)
+      actionpack (= 7.0.4.3)
-    railties (5.2.8.1)
+      activesupport (= 7.0.4.3)
-      actionpack (= 5.2.8.1)
-      activesupport (= 5.2.8.1)
       method_source
-      rake (>= 0.8.7)
+      rake (>= 12.2)
-      thor (>= 0.19.0, < 2.0)
+      thor (~> 1.0)
+      zeitwerk (~> 2.5)
     rainbow (3.0.0)
     rake (13.0.6)
     rb-fsevent (0.10.3)
@@ -352,11 +393,11 @@ GEM
       redis (>= 3, < 5)
     regexp_parser (2.5.0)
     repost (0.3.2)
-    responders (2.4.1)
+    responders (3.1.0)
-      actionpack (>= 4.2.0, < 6.0)
+      actionpack (>= 5.2)
-      railties (>= 4.2.0, < 6.0)
+      railties (>= 5.2)
     rexml (3.2.5)
-    rolify (5.2.0)
+    rolify (5.3.0)
     rubocop (1.31.2)
       json (~> 2.3)
       parallel (~> 1.10)
@@ -377,26 +418,26 @@ GEM
     ruby-rc4 (0.1.5)
     ruby-vips (2.1.4)
       ffi (~> 1.12)
-    rubyXL (3.4.14)
+    rubyXL (3.4.25)
       nokogiri (>= 1.10.8)
       rubyzip (>= 1.3.0)
-    rubyzip (2.3.0)
+    rubyzip (2.3.2)
     rufus-scheduler (3.8.1)
       fugit (~> 1.1, >= 1.1.6)
     safe_yaml (1.0.5)
-    sassc (2.1.0)
+    sassc (2.4.0)
       ffi (~> 1.9)
     seed_dump (3.3.1)
       activerecord (>= 4)
       activesupport (>= 4)
     semantic_range (3.0.0)
-    sentry-rails (5.7.0)
+    sentry-rails (5.8.0)
       railties (>= 5.0)
-      sentry-ruby (~> 5.7.0)
+      sentry-ruby (~> 5.8.0)
-    sentry-ruby (5.7.0)
+    sentry-ruby (5.8.0)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-    sha3 (1.0.1)
+    sha3 (1.0.5)
-    shakapacker (6.5.5)
+    shakapacker (6.6.0)
       activesupport (>= 5.2)
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
@@ -418,19 +459,11 @@ GEM
     simplecov (0.19.0)
       docile (~> 1.1)
       simplecov-html (~> 0.11)
-    simplecov-html (0.12.2)
+    simplecov-html (0.12.3)
-    spring (2.0.2)
+    spring (4.1.1)
-      activesupport (>= 4.2)
+    spring-watcher-listen (2.1.0)
-    spring-watcher-listen (2.0.1)
       listen (>= 2.7, < 4.0)
-      spring (>= 1.2, < 3.0)
+      spring (>= 4)
-    sprockets (4.1.1)
-      concurrent-ruby (~> 1.0)
-      rack (> 1, < 3)
-    sprockets-rails (3.4.2)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      sprockets (>= 3.0.0)
     ssrf_filter (1.0.7)
     stripe (5.29.0)
     swd (1.3.0)
@@ -438,22 +471,23 @@ GEM
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
     sync (0.5.0)
-    sys-filesystem (1.3.3)
+    sys-filesystem (1.4.3)
-      ffi
+      ffi (~> 1.1)
     term-ansicolor (1.7.1)
       tins (~> 1.0)
     thor (1.2.1)
     thread_safe (0.3.6)
     tilt (2.0.10)
+    timeout (0.3.2)
     tins (1.25.0)
       sync
-    ttfunk (1.5.1)
+    ttfunk (1.7.0)
     twitter_cldr (5.4.0)
       camertron-eprun
       cldr-plurals-runtime-rb (~> 1.0)
       tzinfo
-    tzinfo (1.2.10)
+    tzinfo (2.0.6)
-      thread_safe (~> 0.1)
+      concurrent-ruby (~> 1.0)
     tzinfo-data (1.2020.4)
       tzinfo (>= 1.0.0)
     unicode-display_width (1.4.1)
@@ -461,22 +495,22 @@ GEM
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
-    validate_url (1.0.13)
+    validate_url (1.0.15)
       activemodel (>= 3.0.0)
       public_suffix
-    vcr (6.0.0)
+    vcr (6.1.0)
     virtus (1.0.5)
       axiom-types (~> 0.1)
       coercible (~> 1.0)
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
-    warden (1.2.8)
+    warden (1.2.9)
-      rack (>= 2.0.6)
+      rack (>= 2.0.9)
-    web-console (3.7.0)
+    web-console (4.2.0)
-      actionview (>= 5.0)
+      actionview (>= 6.0.0)
-      activemodel (>= 5.0)
+      activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
-      railties (>= 5.0)
+      railties (>= 6.0.0)
     webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
@@ -487,13 +521,13 @@ GEM
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
+    zeitwerk (2.6.7)
 
 PLATFORMS
-  ruby
+  x86_64-linux
 
 DEPENDENCIES
   aasm
-  actionpack-page_caching (= 1.2.2)
   active_record_query_trace
   acts_as_list
   api-pagination
@@ -507,7 +541,7 @@ DEPENDENCIES
   chroma
   coveralls_reborn (~> 0.18.0)
   database_cleaner
-  devise (>= 4.6.0)
+  devise (>= 4.9)
   dotenv-rails
   elasticsearch-model (~> 5)
   elasticsearch-persistence (~> 5)
@@ -524,13 +558,17 @@ DEPENDENCIES
   jsonpath
   kaminari
   listen (~> 3.0.5)
+  matrix
   message_format
   mini_magick
   minitest-reporters
+  net-imap
+  net-pop
+  net-smtp
   oj
-  omniauth (~> 1.9.2)
+  omniauth (~> 2.1)
   omniauth-oauth2
-  omniauth-rails_csrf_protection (~> 0.1)
+  omniauth-rails_csrf_protection (~> 1.0)
   omniauth_openid_connect
   openlab_ruby
   overcommit
@@ -539,37 +577,37 @@ DEPENDENCIES
   pg_search
   prawn
   prawn-table
-  puma (= 4.3.12)
+  pry
+  puma (= 6.1.0)
   pundit
   railroady
-  rails (~> 5.2.8)
+  rails (~> 7.0)
-  rails-observers
   rb-readline
   recurrence
   redis-session-store
   repost
-  responders (~> 2.0)
+  responders (~> 3.0)
   rolify
   rubocop (~> 1.31)
   rubocop-rails
   rubyXL
   rubyzip (>= 1.3.0)
-  sassc (= 2.1.0)
+  sassc (= 2.4.0)
   seed_dump
   sentry-rails
   sentry-ruby
   sha3
-  shakapacker (= 6.5.5)
+  shakapacker (= 6.6.0)
   sidekiq (>= 6.0.7)
   sidekiq-scheduler
   sidekiq-unique-jobs (~> 7.1.23)
-  spring
+  spring (~> 4)
-  spring-watcher-listen (~> 2.0.0)
+  spring-watcher-listen (~> 2.1.0)
   stripe (= 5.29.0)
   sys-filesystem
   tzinfo-data
-  vcr (= 6.0.0)
+  vcr (~> 6.1.0)
-  web-console (>= 3.3.0)
+  web-console (>= 4.2.0)
   webmock
 
 BUNDLED WITH

Procfile

@@ -1,3 +1,3 @@
-web:    bundle exec rails server puma -p $PORT
+web:    bundle exec rails server -u puma -p $PORT
 worker: bundle exec sidekiq -C ./config/sidekiq.yml
 webpack: bin/webpacker-dev-server

app/controllers/api/abuses_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Abuse.
 # Typical action is an user reporting an abuse on a project
-class API::AbusesController < API::ApiController
+class API::AbusesController < API::APIController
   before_action :authenticate_user!, except: :create
   before_action :set_abuse, only: %i[destroy]
 

app/controllers/api/accounting_exports_controller.rb

@@ -1,8 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for exporting accounting data to external accounting softwares
-class API::AccountingExportsController < API::ApiController
+class API::AccountingExportsController < API::APIController
-
   before_action :authenticate_user!
 
   def export
@@ -27,7 +26,7 @@ class API::AccountingExportsController < API::ApiController
         render json: @export.errors, status: :unprocessable_entity
       end
     else
-      send_file File.join(Rails.root, export.file),
+      send_file Rails.root.join(export.file),
                 type: 'text/csv',
                 disposition: 'attachment'
     end

app/controllers/api/accounting_periods_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of AccountingPeriod
-class API::AccountingPeriodsController < API::ApiController
+class API::AccountingPeriodsController < API::APIController
   before_action :authenticate_user!
   before_action :set_period, only: %i[show download_archive]
 

app/controllers/api/admins_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type User with role 'admin'.
-class API::AdminsController < API::ApiController
+class API::AdminsController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/age_ranges_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type AgeRange
 # AgeRange are used in Events
-class API::AgeRangesController < API::ApiController
+class API::AgeRangesController < API::APIController
   before_action :authenticate_user!, except: [:index]
   before_action :set_age_range, only: %i[show update destroy]
 

app/controllers/api/analytics_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for fabAnalytics
-class API::AnalyticsController < API::ApiController
+class API::AnalyticsController < API::APIController
   before_action :authenticate_user!
 
   def data

app/controllers/api/api_controller.rb

@@ -1,6 +1,4 @@
 # frozen_string_literal: true
 
-class API::ApiController < ApplicationController
+class API::APIController < ApplicationController
-
-
 end

app/controllers/api/auth_providers_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type AuthProvider
 # AuthProvider are used to connect users through single-sign on systems
-class API::AuthProvidersController < API::ApiController
+class API::AuthProvidersController < API::APIController
   before_action :set_provider, only: %i[show update destroy]
   def index
     @providers = policy_scope(AuthProvider)

app/controllers/api/availabilities_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Availability
-class API::AvailabilitiesController < API::ApiController
+class API::AvailabilitiesController < API::APIController
   before_action :authenticate_user!, except: [:public]
   before_action :set_availability, only: %i[show update reservations lock]
   before_action :set_operator_role, only: %i[machine spaces trainings]

app/controllers/api/cart_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller to manage user's cart
-class API::CartController < API::ApiController
+class API::CartController < API::APIController
   include API::OrderConcern
 
   before_action :current_order, except: %i[create]
@@ -17,7 +17,7 @@ class API::CartController < API::ApiController
     authorize @current_order, policy_class: CartPolicy
     service = Cart::CreateCartItemService.new(@current_order)
     @item = service.create(params)
-    if @item.save({ context: @current_order.order_items })
+    if @item.save(**{ context: @current_order.order_items })
       render 'api/orders/item', status: :created
     else
       render json: @item.errors.full_messages, status: :unprocessable_entity

app/controllers/api/categories_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Category
 # Categories are used to classify Events
-class API::CategoriesController < API::ApiController
+class API::CategoriesController < API::APIController
   before_action :authenticate_user!, except: [:index]
   before_action :set_category, only: %i[show update destroy]
 
@@ -22,7 +22,6 @@ class API::CategoriesController < API::ApiController
     end
   end
 
-
   def update
     authorize Category
     if @category.update(category_params)

app/controllers/api/checkout_controller.rb

@@ -4,7 +4,7 @@ require 'stripe/helper'
 require 'pay_zen/helper'
 
 # API Controller for cart checkout
-class API::CheckoutController < API::ApiController
+class API::CheckoutController < API::APIController
   include ::API::OrderConcern
   before_action :authenticate_user!
   before_action :current_order

app/controllers/api/components_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Component
 # Components are used in Projects
-class API::ComponentsController < API::ApiController
+class API::ComponentsController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_component, only: %i[show update destroy]
 

app/controllers/api/coupons_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Coupon
 # Coupons are used in payments
-class API::CouponsController < API::ApiController
+class API::CouponsController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!, except: %i[validate]

app/controllers/api/credits_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Credit
 # Credits are used to give free reservations to users
-class API::CreditsController < API::ApiController
+class API::CreditsController < API::APIController
   before_action :authenticate_user!
   before_action :set_credit, only: %i[show update destroy]
 
@@ -15,6 +15,8 @@ class API::CreditsController < API::ApiController
                end
   end
 
+  def show; end
+
   def create
     authorize Credit
     @credit = Credit.new(credit_params)

app/controllers/api/custom_assets_controller.rb

@@ -2,9 +2,9 @@
 
 # API Controller for resources of type CustomAsset
 # CustomAssets are used in settings
-class API::CustomAssetsController < API::ApiController
+class API::CustomAssetsController < API::APIController
-  before_action :authenticate_user!, only: %i[index update create destroy]
+  before_action :authenticate_user!, only: %i[update create]
-  before_action :set_custom_asset, only: %i[show update destroy]
+  before_action :set_custom_asset, only: %i[show update]
 
   # PUT /api/custom_assets/1/
   def update
@@ -40,5 +40,4 @@ class API::CustomAssetsController < API::ApiController
   def custom_asset_params
     params.required(:custom_asset).permit(:name, custom_asset_file_attributes: [:attachment])
   end
-
 end

app/controllers/api/event_themes_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type EventTheme
 # EventTheme are used to classify Events
-class API::EventThemesController < API::ApiController
+class API::EventThemesController < API::APIController
   before_action :authenticate_user!, except: [:index]
   before_action :set_event_theme, only: %i[show update destroy]
 
@@ -22,7 +22,6 @@ class API::EventThemesController < API::ApiController
     end
   end
 
-
   def update
     authorize EventTheme
     if @event_theme.update(event_theme_params)

app/controllers/api/events_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Event
-class API::EventsController < API::ApiController
+class API::EventsController < API::APIController
   before_action :set_event, only: %i[show update destroy]
 
   def index

app/controllers/api/exports_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Export
 # Export are used to download data tables in offline files
-class API::ExportsController < API::ApiController
+class API::ExportsController < API::APIController
   before_action :authenticate_user!
   before_action :set_export, only: [:download]
 

app/controllers/api/files_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for handling special actions on files
-class API::FilesController < API::ApiController
+class API::FilesController < API::APIController
   before_action :authenticate_user!
 
   # test the mime type of the uploaded file

app/controllers/api/groups_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Group
 # Groups are used for categorizing Users
-class API::GroupsController < API::ApiController
+class API::GroupsController < API::APIController
   before_action :authenticate_user!, except: :index
 
   def index

app/controllers/api/i_calendar_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type iCalendar
-class API::ICalendarController < API::ApiController
+class API::ICalendarController < API::APIController
   before_action :authenticate_user!, except: %i[index events]
   before_action :set_i_cal, only: [:destroy]
   respond_to :json

app/controllers/api/imports_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Import
-class API::ImportsController < API::ApiController
+class API::ImportsController < API::APIController
   before_action :authenticate_user!
 
   def show

app/controllers/api/invoices_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of Invoice and Avoir
-class API::InvoicesController < API::ApiController
+class API::InvoicesController < API::APIController
   before_action :authenticate_user!
   before_action :set_invoice, only: %i[show download]
 

app/controllers/api/licences_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Licence
 # Licenses are used in Projects
-class API::LicencesController < API::ApiController
+class API::LicencesController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_licence, only: %i[show update destroy]
 

app/controllers/api/machine_categories_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Machine Category
 # Categories are used to classify Machine
-class API::MachineCategoriesController < API::ApiController
+class API::MachineCategoriesController < API::APIController
   before_action :authenticate_user!, except: [:index]
   before_action :set_machine_category, only: %i[show update destroy]
 

app/controllers/api/machines_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Machine
-class API::MachinesController < API::ApiController
+class API::MachinesController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_machine, only: %i[update destroy]
   respond_to :json

app/controllers/api/members_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type User with role 'member'
-class API::MembersController < API::ApiController
+class API::MembersController < API::APIController
   before_action :authenticate_user!, except: [:last_subscribed]
   before_action :set_member, only: %i[update destroy merge complete_tour update_role validate]
   before_action :set_operator, only: %i[show update create merge validate]

app/controllers/api/notification_preferences_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Notification Preferences
-class API::NotificationPreferencesController < API::ApiController
+class API::NotificationPreferencesController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/notification_types_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Notification Types
-class API::NotificationTypesController < API::ApiController
+class API::NotificationTypesController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/notifications_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Notification
 # Notifications are scoped by user
-class API::NotificationsController < API::ApiController
+class API::NotificationsController < API::APIController
   before_action :authenticate_user!
   before_action :set_notification, only: :update
 

app/controllers/api/open_api_clients_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type OpenAPI::Client
 # OpenAPI::Clients are used to allow access to the public API
-class API::OpenAPIClientsController < API::ApiController
+class API::OpenAPIClientsController < API::APIController
   before_action :authenticate_user!
 
   def index
@@ -40,7 +40,7 @@ class API::OpenAPIClientsController < API::ApiController
     @client = OpenAPI::Client.find(params[:id])
     authorize @client
     @client.destroy
-    head 204
+    head :no_content
   end
 
   private

app/controllers/api/openlab_projects_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Openlab::Projects
 # Openlab::Projects are Projects shared between different instances
-class API::OpenlabProjectsController < API::ApiController
+class API::OpenlabProjectsController < API::APIController
   before_action :init_openlab
 
   def index

app/controllers/api/orders_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Order
 # Orders are used in store
-class API::OrdersController < API::ApiController
+class API::OrdersController < API::APIController
   before_action :authenticate_user!, except: %i[withdrawal_instructions]
   before_action :set_order, only: %i[show update destroy withdrawal_instructions]
 

app/controllers/api/payment_schedules_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of PaymentSchedule
-class API::PaymentSchedulesController < API::ApiController
+class API::PaymentSchedulesController < API::APIController
   before_action :authenticate_user!
   before_action :set_payment_schedule, only: %i[download cancel update]
   before_action :set_payment_schedule_item, only: %i[show_item cash_check confirm_transfer refresh_item pay_item]

app/controllers/api/payments_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Abstract API Controller to be extended by each payment gateway/mean, for handling the payments processes in the front-end
-class API::PaymentsController < API::ApiController
+class API::PaymentsController < API::APIController
   before_action :authenticate_user!
 
   # This method must be overridden by the the gateways controllers that inherits API::PaymentsControllers

app/controllers/api/plan_categories_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type PlanCategory
 # PlanCategory are used to sort plans
-class API::PlanCategoriesController < API::ApiController
+class API::PlanCategoriesController < API::APIController
   before_action :authenticate_user!, except: :index
   before_action :set_category, only: %i[show update destroy]
 

app/controllers/api/plans_controller.rb

@@ -3,7 +3,7 @@
 # API Controller for resources of type Plan and PartnerPlan.
 # Plan are used to define subscription's characteristics.
 # PartnerPlan is a special kind of plan which send notifications to an external user
-class API::PlansController < API::ApiController
+class API::PlansController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!, except: %i[index durations]

app/controllers/api/prepaid_packs_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type PrepaidPack
 # PrepaidPacks are used to provide discounts to users that bought many hours at once
-class API::PrepaidPacksController < API::ApiController
+class API::PrepaidPacksController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!, except: :index

app/controllers/api/price_categories_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type PriceCategory
 # PriceCategories are used in Events
-class API::PriceCategoriesController < API::ApiController
+class API::PriceCategoriesController < API::APIController
   before_action :authenticate_user!, only: %i[update show create destroy]
   before_action :set_price_category, only: %i[show update destroy]
 

app/controllers/api/prices_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Price
 # Prices are used in reservations (Machine, Space)
-class API::PricesController < API::ApiController
+class API::PricesController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!

app/controllers/api/pricing_controller.rb

@@ -3,7 +3,7 @@
 # @deprecated
 # <b>DEPRECATED:</b> Please use <tt>API::PriceController</tt> instead.
 # API Controller for managing Plans prices
-class API::PricingController < API::ApiController
+class API::PricingController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!, except: %i[index update]

app/controllers/api/product_categories_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type ProductCategory
 # ProductCategories are used to group Products
-class API::ProductCategoriesController < API::ApiController
+class API::ProductCategoriesController < API::APIController
   before_action :authenticate_user!, except: :index
   before_action :set_product_category, only: %i[update destroy position]
 

app/controllers/api/products_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Product
 # Products are used in store
-class API::ProductsController < API::ApiController
+class API::ProductsController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_product, only: %i[update clone destroy]
 

app/controllers/api/profile_custom_fields_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type ProfileCustomField
 # ProfileCustomFields are fields configured by an admin, added to the user's profile
-class API::ProfileCustomFieldsController < API::ApiController
+class API::ProfileCustomFieldsController < API::APIController
   before_action :authenticate_user!, except: :index
   before_action :set_profile_custom_field, only: %i[show update destroy]
 

app/controllers/api/projects_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Project
-class API::ProjectsController < API::ApiController
+class API::ProjectsController < API::APIController
   before_action :authenticate_user!, except: %i[index show last_published search]
   before_action :set_project, only: %i[update destroy]
   respond_to :json

app/controllers/api/reservations_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Reservation
 # Reservations are used for Training, Machine, Space and Event
-class API::ReservationsController < API::ApiController
+class API::ReservationsController < API::APIController
   before_action :authenticate_user!
   before_action :set_reservation, only: %i[show update]
   respond_to :json

app/controllers/api/settings_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Setting
-class API::SettingsController < API::ApiController
+class API::SettingsController < API::APIController
   before_action :authenticate_user!, only: %i[update bulk_update reset]
 
   def index
@@ -47,7 +47,7 @@ class API::SettingsController < API::ApiController
         end
 
         @settings.push db_setting
-        may_rollback(params[:transactional]) if db_setting.errors.keys.count.positive?
+        may_rollback(params[:transactional]) if db_setting.errors.attribute_names.count.positive?
       end
     end
     SettingService.run_after_update(updated_settings)
@@ -93,9 +93,9 @@ class API::SettingsController < API::ApiController
   end
 
   # run the given block in a transaction if `should` is true. Just run it normally otherwise
-  def may_transaction(should, &block)
+  def may_transaction(should, &)
     if should == 'true'
-      ActiveRecord::Base.transaction(&block)
+      ActiveRecord::Base.transaction(&)
     else
       yield
     end

app/controllers/api/slots_reservations_controller.rb

@@ -3,7 +3,7 @@
 # API Controller for resources of type Slot
 # Slots are used to cut Availabilities into reservable slots. The duration of these slots is configured per
 # availability by Availability.slot_duration, or otherwise globally by Setting.get('slot_duration')
-class API::SlotsReservationsController < API::ApiController
+class API::SlotsReservationsController < API::APIController
   before_action :authenticate_user!
   before_action :set_slots_reservation, only: %i[update cancel]
   respond_to :json

app/controllers/api/spaces_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Space
-class API::SpacesController < API::ApiController
+class API::SpacesController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_space, only: %i[update destroy]
   respond_to :json

app/controllers/api/statistics_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for various statistical resources (gateway to elasticsearch DB)
-class API::StatisticsController < API::ApiController
+class API::StatisticsController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/stylesheets_controller.rb

@@ -2,9 +2,7 @@
 
 # API Controller for resources of type Stylesheet
 # Stylesheets are used to customize the appearance of Fab-manager
-class API::StylesheetsController < API::ApiController
+class API::StylesheetsController < API::APIController
-  caches_page :show # magic happens here
-
   def show
     @stylesheet = Stylesheet.find(params[:id])
   end

app/controllers/api/subscriptions_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Subscription
-class API::SubscriptionsController < API::ApiController
+class API::SubscriptionsController < API::APIController
   before_action :set_subscription, only: %i[show payment_details cancel]
   before_action :authenticate_user!
 

app/controllers/api/supporting_document_files_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type SupportingDocumentFile
 # SupportingDocumentFiles are used in settings
-class API::SupportingDocumentFilesController < API::ApiController
+class API::SupportingDocumentFilesController < API::APIController
   before_action :authenticate_user!
   before_action :set_supporting_document_file, only: %i[show update download]
 

app/controllers/api/supporting_document_refusals_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type SupportingDocumentRefusal
 # SupportingDocumentRefusal are used by admin refuse user's proof of identity file
-class API::SupportingDocumentRefusalsController < API::ApiController
+class API::SupportingDocumentRefusalsController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/supporting_document_types_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type SupportingDocumentType
 # ProofOfIdentityTypes are used to provide admin config proof of identity type by group
-class API::SupportingDocumentTypesController < API::ApiController
+class API::SupportingDocumentTypesController < API::APIController
   before_action :authenticate_user!, except: :index
   before_action :set_supporting_document_type, only: %i[show update destroy]
 

app/controllers/api/tags_controller.rb

@@ -2,8 +2,7 @@
 
 # API Controller for resources of type Tag
 # Tags are used to restrict access to Availabilities
-class API::TagsController < API::ApiController
+class API::TagsController < API::APIController
-
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_tag, only: %i[show update destroy]
 

app/controllers/api/themes_controller.rb

@@ -2,7 +2,7 @@
 
 # API Controller for resources of type Theme
 # Themes are used in Projects
-class API::ThemesController < API::ApiController
+class API::ThemesController < API::APIController
   before_action :authenticate_user!, except: %i[index show]
   before_action :set_theme, only: %i[show update destroy]
 

app/controllers/api/trainings_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Training
-class API::TrainingsController < API::ApiController
+class API::TrainingsController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!, except: %i[index show]

app/controllers/api/trainings_pricings_controller.rb

@@ -3,7 +3,7 @@
 # @deprecated
 # <b>DEPRECATED:</b> Please use <tt>API::PriceController</tt> instead.
 # API Controller for managing Training prices
-class API::TrainingsPricingsController < API::ApiController
+class API::TrainingsPricingsController < API::APIController
   include ApplicationHelper
 
   before_action :authenticate_user!

app/controllers/api/translations_controller.rb

@@ -1,12 +1,12 @@
 # frozen_string_literal: true
 
 # API Controller for managing front-end translations
-class API::TranslationsController < API::ApiController
+class API::TranslationsController < API::APIController
   before_action :set_locale
 
   def show
     translations = I18n.t params[:state]
-    if translations.class.name == String.name && translations.start_with?('translation missing')
+    if translations.instance_of?(String) && translations.start_with?('translation missing')
       render json: { error: translations }, status: :unprocessable_entity
     else
       path = params[:state]
@@ -20,5 +20,4 @@ class API::TranslationsController < API::ApiController
   def set_locale
     I18n.locale = params[:locale] || I18n.default_locale
   end
-
 end

app/controllers/api/user_packs_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type StatisticProfilePrepaidPack
-class API::UserPacksController < API::ApiController
+class API::UserPacksController < API::APIController
   before_action :authenticate_user!
 
   def index

app/controllers/api/users_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Users with role :partner or :manager
-class API::UsersController < API::ApiController
+class API::UsersController < API::APIController
   before_action :authenticate_user!
   before_action :set_user, only: %i[destroy]
 

app/controllers/api/version_controller.rb

@@ -3,7 +3,7 @@
 require 'version'
 
 # API Controller to get the Fab-manager version
-class API::VersionController < API::ApiController
+class API::VersionController < API::APIController
   before_action :authenticate_user!
 
   def show

app/controllers/api/wallet_controller.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # API Controller for resources of type Wallet
-class API::WalletController < API::ApiController
+class API::WalletController < API::APIController
   before_action :authenticate_user!
 
   def by_user

app/controllers/application_controller.rb

@@ -7,7 +7,6 @@ class ApplicationController < ActionController::Base
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
   after_action :set_csrf_cookie
-  cache_sweeper :stylesheet_sweeper
 
   respond_to :html, :json
 
@@ -42,7 +41,7 @@ class ApplicationController < ActionController::Base
                                         {
                                           profile_attributes: %i[phone last_name first_name interest software_mastered],
                                           invoicing_profile_attributes: [
-                                            organization_attributes: [:name, address_attributes: [:address]],
+                                            organization_attributes: [:name, { address_attributes: [:address] }],
                                             user_profile_custom_fields_attributes: %i[profile_custom_field_id value],
                                             address_attributes: [:address]
                                           ],
@@ -60,14 +59,14 @@ class ApplicationController < ActionController::Base
   end
 
   def permission_denied
-    head 403
+    head :forbidden
   end
 
   # Set the configured locale for each action (API call)
   # @see https://guides.rubyonrails.org/i18n.html
-  def switch_locale(&action)
+  def switch_locale(&)
     locale = params[:locale] || Rails.application.secrets.rails_locale
-    I18n.with_locale(locale, &action)
+    I18n.with_locale(locale, &)
   end
 
   # @return [User]

app/controllers/open_api/v1/accounting_controller.rb

@@ -4,9 +4,9 @@ require_relative 'concerns/accountings_filters_concern'
 
 # authorized 3rd party softwares can fetch the accounting lines through the OpenAPI
 class OpenAPI::V1::AccountingController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
-  include AccountingsFiltersConcern
+  include OpenAPI::V1::Concerns::AccountingsFiltersConcern
   expose_doc
 
   def index

app/controllers/open_api/v1/availabilities_controller.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require_relative 'concerns/reservations_filters_concern'
+
+# public API controller for resources of type Reservation
+class OpenAPI::V1::AvailabilitiesController < OpenAPI::V1::BaseController
+  extend OpenAPI::APIDoc
+  include Rails::Pagination
+  include OpenAPI::V1::Concerns::AvailabilitiesFiltersConcern
+  expose_doc
+
+  def index
+    @availabilities = Availability.order(start_at: :desc)
+                                  .includes(:slots)
+
+    @availabilities = filter_by_after(@availabilities, params)
+    @availabilities = filter_by_before(@availabilities, params)
+    @availabilities = filter_by_id(@availabilities, params)
+    @availabilities = filter_by_available_type(@availabilities, params)
+    @availabilities = filter_by_available_id(@availabilities, params)
+
+    @availabilities = @availabilities.page(page).per(per_page)
+    paginate @availabilities, per_page: per_page
+  end
+
+  private
+
+  def page
+    params[:page] || 1
+  end
+
+  def per_page
+    params[:per_page] || 20
+  end
+end

app/controllers/open_api/v1/bookable_machines_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can list the bookable machines through the OpenAPI
 class OpenAPI::V1::BookableMachinesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   def index

app/controllers/open_api/v1/concerns/accountings_filters_concern.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Filter the list of accounting lines by the given parameters
-module AccountingsFiltersConcern
+module OpenAPI::V1::Concerns::AccountingsFiltersConcern
   extend ActiveSupport::Concern
 
   included do

app/controllers/open_api/v1/concerns/availabilities_filters_concern.rb

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+# Filter the list of availabilities by the given parameters
+module OpenAPI::V1::Concerns::AvailabilitiesFiltersConcern
+  extend ActiveSupport::Concern
+
+  included do
+    # @param availabilities [ActiveRecord::Relation<Availability>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_id(availabilities, filters)
+      return availabilities if filters[:id].blank?
+
+      availabilities.where(id: may_array(filters[:id]))
+    end
+
+    # @param availabilities [ActiveRecord::Relation<Availability>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_after(availabilities, filters)
+      return availabilities if filters[:after].blank?
+
+      availabilities.where('availabilities.start_at >= ?', Time.zone.parse(filters[:after]))
+    end
+
+    # @param availabilities [ActiveRecord::Relation<Availability>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_before(availabilities, filters)
+      return availabilities if filters[:before].blank?
+
+      availabilities.where('availabilities.end_at <= ?', Time.zone.parse(filters[:before]))
+    end
+
+    # @param availabilities [ActiveRecord::Relation<Availability>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_available_type(availabilities, filters)
+      return availabilities if filters[:available_type].blank?
+
+      availabilities.where(available_type: format_type(filters[:available_type]))
+    end
+
+    # @param availabilities [ActiveRecord::Relation<Availability>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_available_id(availabilities, filters)
+      return availabilities if filters[:available_id].blank? || filters[:available_type].blank?
+
+      join_table = join_table(filters)
+      availabilities.joins(join_table).where(join_table => { where_clause(filters) => may_array(filters[:available_id]) })
+    end
+
+    # @param type [ActionController::Parameters]
+    # @return [String]
+    def format_type(type)
+      types = {
+        'Machine' => 'machines',
+        'Space' => 'space',
+        'Training' => 'training',
+        'Event' => 'event'
+      }
+      types[type]
+    end
+
+    # @param filters [ActionController::Parameters]
+    # @return [Symbol]
+    def join_table(filters)
+      tables = {
+        'Machine' => :machines_availabilities,
+        'Space' => :spaces_availabilities,
+        'Training' => :trainings_availabilities,
+        'Event' => :event
+      }
+      tables[filters[:available_type]]
+    end
+
+    # @param filters [ActionController::Parameters]
+    # @return [Symbol]
+    def where_clause(filters)
+      clauses = {
+        'Machine' => :machine_id,
+        'Space' => :space_id,
+        'Training' => :training_id,
+        'Event' => :id
+      }
+      clauses[filters[:available_type]]
+    end
+  end
+end

app/controllers/open_api/v1/concerns/reservations_filters_concern.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Filter the list of reservations by the given parameters
-module ReservationsFiltersConcern
+module OpenAPI::V1::Concerns::ReservationsFiltersConcern
   extend ActiveSupport::Concern
 
   included do
@@ -45,6 +45,15 @@ module ReservationsFiltersConcern
       reservations.where(reservable_id: may_array(filters[:reservable_id]))
     end
 
+    # @param reservations [ActiveRecord::Relation<Reservation>]
+    # @param filters [ActionController::Parameters]
+    def filter_by_availability_id(reservations, filters)
+      return reservations if filters[:availability_id].blank?
+
+      reservations.joins(:slots_reservations, :slots)
+                  .where(slots_reservations: { slots: { availability_id: may_array(filters[:availability_id]) } })
+    end
+
     # @param type [String]
     def format_type(type)
       type.singularize.classify

app/controllers/open_api/v1/concerns/subscriptions_filters_concern.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # Filter the list of subscriptions by the given parameters
-module SubscriptionsFiltersConcern
+module OpenAPI::V1::Concerns::SubscriptionsFiltersConcern
   extend ActiveSupport::Concern
 
   included do

app/controllers/open_api/v1/events_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can manage the events through the OpenAPI
 class OpenAPI::V1::EventsController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
   expose_doc
 

app/controllers/open_api/v1/invoices_controller.rb

@@ -2,7 +2,7 @@
 
 # OpenAPI controller for the invoices
 class OpenAPI::V1::InvoicesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
   expose_doc
 

app/controllers/open_api/v1/machines_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can manage the machines through the OpenAPI
 class OpenAPI::V1::MachinesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   before_action :set_machine, only: %i[show update destroy]

app/controllers/open_api/v1/plan_categories_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can fetch data about plan categories through the OpenAPI
 class OpenAPI::V1::PlanCategoriesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   def index

app/controllers/open_api/v1/plans_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can fetch data about plans through the OpenAPI
 class OpenAPI::V1::PlansController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   before_action :set_plan, only: %i[show]

app/controllers/open_api/v1/prices_controller.rb

@@ -2,7 +2,7 @@
 
 # public API controller for resources of type Price
 class OpenAPI::V1::PricesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
   expose_doc
 

app/controllers/open_api/v1/reservations_controller.rb

@@ -4,9 +4,9 @@ require_relative 'concerns/reservations_filters_concern'
 
 # public API controller for resources of type Reservation
 class OpenAPI::V1::ReservationsController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
-  include ReservationsFiltersConcern
+  include OpenAPI::V1::Concerns::ReservationsFiltersConcern
   expose_doc
 
   def index
@@ -19,6 +19,7 @@ class OpenAPI::V1::ReservationsController < OpenAPI::V1::BaseController
     @reservations = filter_by_user(@reservations, params)
     @reservations = filter_by_reservable_type(@reservations, params)
     @reservations = filter_by_reservable_id(@reservations, params)
+    @reservations = filter_by_availability_id(@reservations, params)
 
     @reservations = @reservations.page(page).per(per_page)
     paginate @reservations, per_page: per_page

app/controllers/open_api/v1/spaces_controller.rb

@@ -2,7 +2,7 @@
 
 # authorized 3rd party softwares can fetch data about spaces through the OpenAPI
 class OpenAPI::V1::SpacesController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   before_action :set_space, only: %i[show]

app/controllers/open_api/v1/subscriptions_controller.rb

@@ -4,9 +4,9 @@ require_relative 'concerns/subscriptions_filters_concern'
 
 # authorized 3rd party softwares can fetch the subscriptions through the OpenAPI
 class OpenAPI::V1::SubscriptionsController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
-  include SubscriptionsFiltersConcern
+  include OpenAPI::V1::Concerns::SubscriptionsFiltersConcern
   expose_doc
 
   def index

app/controllers/open_api/v1/trainings_controller.rb

@@ -2,7 +2,7 @@
 
 # public API controller for resources of type Training
 class OpenAPI::V1::TrainingsController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   expose_doc
 
   def index

app/controllers/open_api/v1/user_trainings_controller.rb

@@ -2,7 +2,7 @@
 
 # public API controller for user's trainings
 class OpenAPI::V1::UserTrainingsController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
   expose_doc
 

app/controllers/open_api/v1/users_controller.rb

@@ -2,7 +2,7 @@
 
 # public API controller for users
 class OpenAPI::V1::UsersController < OpenAPI::V1::BaseController
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
   include Rails::Pagination
   expose_doc
 

app/controllers/sessions_controller.rb

@@ -2,13 +2,22 @@
 
 # Devise controller for handling client sessions
 class SessionsController < Devise::SessionsController
-
   def new
-    active_provider = AuthProvider.active
+    active_provider = Rails.configuration.auth_provider
-    if active_provider.providable_type != DatabaseProvider.name
+    if active_provider.providable_type == 'DatabaseProvider'
-      redirect_post "/users/auth/#{active_provider.strategy_name}", params: { authenticity_token: form_authenticity_token }
-    else
       super
+    else
+      redirect_post "/users/auth/#{active_provider.strategy_name}"
     end
   end
+
+  # FIXME, Method DELETE is not allowed by Access-Control-Allow-Methods in preflight response.
+  # def destroy
+  #   active_provider = Rails.configuration.auth_provider
+  #   if active_provider.providable_type == 'OpenIdConnectProvider'
+  #     redirect_to "/users/auth/#{active_provider.strategy_name}/logout"
+  #   else
+  #     super
+  #   end
+  # end
 end

app/controllers/users/omniauth_callbacks_controller.rb

@@ -5,7 +5,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
   require 'sso_logger'
   logger = SsoLogger.new
 
-  active_provider = AuthProvider.active
+  active_provider = Rails.configuration.auth_provider
   define_method active_provider.strategy_name do
     logger.info "[Users::OmniauthCallbacksController##{active_provider.strategy_name}] initiated"
     if request.env['omniauth.params'].blank?
@@ -18,7 +18,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
         logger.debug 'trying to create a new user'
         # If the username is mapped, we just check its uniqueness as it would break the postgresql
         # unique constraint otherwise. If the name is not unique, another unique is generated
-        if active_provider.sso_fields.include?('user.username')
+        if active_provider.db.sso_fields.include?('user.username')
           logger.debug 'the username was already in use, generating a new one'
           @user.username = generate_unique_username(@user.username)
         end
@@ -26,7 +26,7 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
         # unique random string, because:
         # - if it is the same user, his email will be filled from the SSO when he merge his accounts
         # - if it is not the same user, this will prevent the raise of PG::UniqueViolation
-        if active_provider.sso_fields.include?('user.email') && email_exists?(@user.email)
+        if active_provider.db.sso_fields.include?('user.email') && email_exists?(@user.email)
           logger.debug 'the email was already in use, marking it as duplicate'
           old_mail = @user.email
           @user.email = "<#{old_mail}>#{Devise.friendly_token}-duplicate"
@@ -46,13 +46,14 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
           @user.email = User.find(@user.id).email
         end
       end
+      # For users imported from the SSO, we consider the SSO as a source of trust so the email is automatically validated
+      @user.confirmed_at = Time.current if active_provider.db.sso_fields.include?('user.email') && !email_exists?(@user.email)
 
-      # We BYPASS THE VALIDATION because, in case of a new user, we want to save him anyway, we'll ask him later to complete his profile (on first login).
+      # We BYPASS THE VALIDATION because, in case of a new user, we want to save him anyway,
+      # we'll ask him later to complete his profile (on first login).
       # In case of an existing user, we trust the SSO validation as we want the SSO to have authority on users management and policy.
       logger.debug 'saving the user'
-      unless @user.save(validate: false)
+      logger.error "unable to save the user, an error occurred : #{@user.errors.full_messages.join(', ')}" unless @user.save(validate: false)
-        logger.error "unable to save the user, an error occurred : #{@user.errors.full_messages.join(', ')}"
-      end
 
       logger.debug 'signing-in the user and redirecting'
       sign_in_and_redirect @user, event: :authentication # this will throw if @user is not activated
@@ -77,7 +78,6 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
         raise e
       end
     end
-
   end
 
   private

app/doc/open_api/api_doc.rb

@@ -4,11 +4,11 @@
 #
 # Controller extension with common API documentation shortcuts
 #
-module OpenAPI::ApiDoc
+module OpenAPI::APIDoc
   # Apipie doesn't allow to append anything to esisting
   #  description. It raises an error on double definition.
   #
-  def append_desc(desc = "")
+  def append_desc(desc = '')
     _apipie_dsl_data[:description] << desc << "\n"
   end
 
@@ -20,7 +20,7 @@ module OpenAPI::ApiDoc
   #
   def to_markdown_code(code)
     code.split("\n").map do |line|
-      (" " * 4) + line
+      (' ' * 4) + line
     end.join("\n")
   end
 
@@ -33,9 +33,8 @@ module OpenAPI::ApiDoc
   # @param schemas [Array<String>]
   #
   def include_response_schema(*schemas)
-    root = Rails.root.join('app/doc/responses')
     _apipie_dsl_data[:description] = _apipie_dsl_data[:description].strip_heredoc
-    append_desc("## Response schema")
+    append_desc('## Response schema')
 
     schemas.each do |relative_path|
       append_desc MarkdownJsonSchema.read(relative_path)

app/doc/open_api/application_doc.rb

@@ -19,7 +19,7 @@
 #   end
 #
 class OpenAPI::ApplicationDoc
-  extend OpenAPI::ApiDoc
+  extend OpenAPI::APIDoc
 
   class << self
     # Stores provided resource description
@@ -53,7 +53,7 @@ class OpenAPI::ApplicationDoc
     # @return [Hash]
     #
     def docs
-      @_docs ||= {}
+      @docs ||= {}
     end
 
     def define_param_group(param_group_name, &block)
@@ -61,7 +61,7 @@ class OpenAPI::ApplicationDoc
     end
 
     def param_groups
-      @_param_groups ||= {}
+      @param_groups ||= {}
     end
 
     # Applies all defined DSL to provided controller class

app/doc/open_api/v1/availabilities_doc.rb

@@ -0,0 +1,163 @@
+# frozen_string_literal: true
+
+# openAPI documentation for reservations endpoint
+class OpenAPI::V1::AvailabilitiesDoc < OpenAPI::V1::BaseDoc
+  resource_description do
+    short 'Availabilities'
+    desc 'Slots availables for reservation'
+    formats FORMATS
+    api_version API_VERSION
+  end
+
+  include OpenAPI::V1::Concerns::ParamGroups
+
+  doc_for :index do
+    api :GET, "/#{API_VERSION}/availabilities", 'Availabilities index'
+    description 'Index of reservable availabilities and their slots, paginated. Ordered by *start_at* descendant.'
+    param_group :pagination
+    param :after, DateTime, optional: true, desc: 'Filter availabilities to those starting after the given date.'
+    param :before, DateTime, optional: true, desc: 'Filter availabilities to those ending before the given date.'
+    param :user_id, [Integer, Array], optional: true, desc: 'Scope the request to one or various users.'
+    param :available_type, %w[Event Machine Space Training], optional: true, desc: 'Scope the request to a specific type of reservable.'
+    param :available_id, [Integer, Array], optional: true, desc: 'Scope the request to one or various reservables. <br>' \
+                                                                 '<b>WARNING</b>: filtering by <i>available_id</i> is only available if ' \
+                                                                 'filter <i>available_type</i> is provided'
+
+    example <<-AVAILABILITIES
+      # /open_api/v1/availabilities?available_type=Machine&page=1&per_page=3
+      {
+        "availabilities": [
+          {
+              "id": 5115,
+              "start_at": "2023-07-13T14:00:00.000+02:00",
+              "end_at": "2023-07-13T18:00:00.000+02:00",
+              "created_at": "2023-01-24T12:28:25.905+01:00",
+              "available_type": "Machine",
+              "available_ids": [
+                  5,
+                  9,
+                  10,
+                  15,
+                  8,
+                  12,
+                  17,
+                  16,
+                  3,
+                  2,
+                  14,
+                  18
+              ],
+              "slots": [
+                  {
+                      "id": 17792,
+                      "start_at": "2023-07-13T14:00:00.000+02:00",
+                      "end_at": "2023-07-13T15:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17793,
+                      "start_at": "2023-07-13T15:00:00.000+02:00",
+                      "end_at": "2023-07-13T16:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17794,
+                      "start_at": "2023-07-13T16:00:00.000+02:00",
+                      "end_at": "2023-07-13T17:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17795,
+                      "start_at": "2023-07-13T17:00:00.000+02:00",
+                      "end_at": "2023-07-13T18:00:00.000+02:00"
+                  }
+              ]
+          },
+          {
+              "id": 5112,
+              "start_at": "2023-07-07T14:00:00.000+02:00",
+              "end_at": "2023-07-07T18:00:00.000+02:00",
+              "created_at": "2023-01-24T12:26:45.997+01:00",
+              "available_type": "Machine",
+              "available_ids": [
+                  5,
+                  9,
+                  10,
+                  15,
+                  8,
+                  12,
+                  17,
+                  16,
+                  3,
+                  2,
+                  14,
+                  18
+              ],
+              "slots": [
+                  {
+                      "id": 17786,
+                      "start_at": "2023-07-07T14:00:00.000+02:00",
+                      "end_at": "2023-07-07T15:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17787,
+                      "start_at": "2023-07-07T15:00:00.000+02:00",
+                      "end_at": "2023-07-07T16:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17788,
+                      "start_at": "2023-07-07T16:00:00.000+02:00",
+                      "end_at": "2023-07-07T17:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17789,
+                      "start_at": "2023-07-07T17:00:00.000+02:00",
+                      "end_at": "2023-07-07T18:00:00.000+02:00"
+                  }
+              ]
+          },
+          {
+              "id": 5111,
+              "start_at": "2023-07-06T14:00:00.000+02:00",
+              "end_at": "2023-07-06T18:00:00.000+02:00",
+              "created_at": "2023-01-24T12:26:37.189+01:00",
+              "available_type": "Machine",
+              "available_ids": [
+                  5,
+                  9,
+                  10,
+                  15,
+                  8,
+                  12,
+                  17,
+                  16,
+                  3,
+                  2,
+                  14,
+                  18
+              ],
+              "slots": [
+                  {
+                      "id": 17782,
+                      "start_at": "2023-07-06T14:00:00.000+02:00",
+                      "end_at": "2023-07-06T15:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17783,
+                      "start_at": "2023-07-06T15:00:00.000+02:00",
+                      "end_at": "2023-07-06T16:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17784,
+                      "start_at": "2023-07-06T16:00:00.000+02:00",
+                      "end_at": "2023-07-06T17:00:00.000+02:00"
+                  },
+                  {
+                      "id": 17785,
+                      "start_at": "2023-07-06T17:00:00.000+02:00",
+                      "end_at": "2023-07-06T18:00:00.000+02:00"
+                  }
+              ]
+          }
+      ]
+      }
+    AVAILABILITIES
+  end
+end