diff --git a/CHANGELOG.md b/CHANGELOG.md index 2ebe372e3..ee6a8d9bc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog Fab-manager +## v4.7.3 2021 March 03 +- Improved the setup script +- Fix a bug: unable to install a new instance with an external reverse proxy +- Fix a bug: do not display "powered by disqus" if Disqus is disabled +- Fix a bug: do not send notifications each hour for payment schedules deadlines +- Fix a security issue: updated rails to 5.2.4.5 to fix [CVE-2021-22880](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22880) +- [TODO DEPLOY] -> (only dev) `bundle install` + ## v4.7.2 2021 March 1st - Updated yq to v4 - Fix a bug: unable to upgrade using the easy upgrade command diff --git a/Gemfile.lock b/Gemfile.lock index 182b7fd1a..ee8c4a8b3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,46 +4,46 @@ GEM Ascii85 (1.0.3) aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (5.2.4.4) - actionpack (= 5.2.4.4) + actioncable (5.2.4.5) + actionpack (= 5.2.4.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) + actionmailer (5.2.4.5) + actionpack (= 5.2.4.5) + actionview (= 5.2.4.5) + activejob (= 5.2.4.5) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.4.4) - actionview (= 5.2.4.4) - activesupport (= 5.2.4.4) + actionpack (5.2.4.5) + actionview (= 5.2.4.5) + activesupport (= 5.2.4.5) rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) actionpack-page_caching (1.2.2) actionpack (>= 5.0.0) - actionview (5.2.4.4) - activesupport (= 5.2.4.4) + actionview (5.2.4.5) + activesupport (= 5.2.4.5) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) active_record_query_trace (1.7) - activejob (5.2.4.4) - activesupport (= 5.2.4.4) + activejob (5.2.4.5) + activesupport (= 5.2.4.5) globalid (>= 0.3.6) - activemodel (5.2.4.4) - activesupport (= 5.2.4.4) - activerecord (5.2.4.4) - activemodel (= 5.2.4.4) - activesupport (= 5.2.4.4) + activemodel (5.2.4.5) + activesupport (= 5.2.4.5) + activerecord (5.2.4.5) + activemodel (= 5.2.4.5) + activesupport (= 5.2.4.5) arel (>= 9.0) - activestorage (5.2.4.4) - actionpack (= 5.2.4.4) - activerecord (= 5.2.4.4) + activestorage (5.2.4.5) + actionpack (= 5.2.4.5) + activerecord (= 5.2.4.5) marcel (~> 0.3.1) - activesupport (5.2.4.4) + activesupport (5.2.4.5) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -157,7 +157,7 @@ GEM httparty (0.18.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.8.8) + i18n (1.8.9) concurrent-ruby (~> 1.0) icalendar (2.5.3) ice_cube (~> 0.16) @@ -205,7 +205,7 @@ GEM mini_magick (4.10.1) mini_mime (1.0.2) mini_portile2 (2.5.0) - minitest (5.14.3) + minitest (5.14.4) minitest-reporters (1.4.2) ansi builder @@ -215,7 +215,7 @@ GEM multi_json (1.14.1) multi_xml (0.6.0) multipart-post (2.1.1) - nio4r (2.5.4) + nio4r (2.5.5) nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) @@ -276,18 +276,18 @@ GEM rack-test (1.1.0) rack (>= 1.0, < 3) railroady (1.5.3) - rails (5.2.4.4) - actioncable (= 5.2.4.4) - actionmailer (= 5.2.4.4) - actionpack (= 5.2.4.4) - actionview (= 5.2.4.4) - activejob (= 5.2.4.4) - activemodel (= 5.2.4.4) - activerecord (= 5.2.4.4) - activestorage (= 5.2.4.4) - activesupport (= 5.2.4.4) + rails (5.2.4.5) + actioncable (= 5.2.4.5) + actionmailer (= 5.2.4.5) + actionpack (= 5.2.4.5) + actionview (= 5.2.4.5) + activejob (= 5.2.4.5) + activemodel (= 5.2.4.5) + activerecord (= 5.2.4.5) + activestorage (= 5.2.4.5) + activesupport (= 5.2.4.5) bundler (>= 1.3.0) - railties (= 5.2.4.4) + railties (= 5.2.4.5) sprockets-rails (>= 2.0.0) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) @@ -301,14 +301,14 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (5.2.4.4) - actionpack (= 5.2.4.4) - activesupport (= 5.2.4.4) + railties (5.2.4.5) + actionpack (= 5.2.4.5) + activesupport (= 5.2.4.5) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) - rake (13.0.1) + rake (13.0.3) rb-fsevent (0.10.3) rb-inotify (0.10.1) ffi (~> 1.0) @@ -367,7 +367,7 @@ GEM spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) - sprockets (3.7.2) + sprockets (4.0.2) concurrent-ruby (~> 1.0) rack (> 1, < 3) sprockets-rails (3.2.2) diff --git a/app/frontend/templates/projects/show.html b/app/frontend/templates/projects/show.html index f526e1587..e79c9b7d8 100644 --- a/app/frontend/templates/projects/show.html +++ b/app/frontend/templates/projects/show.html @@ -62,7 +62,7 @@ {{ 'app.public.projects_show.share_on_twitter' | translate }} -
+
diff --git a/app/workers/payment_schedule_item_worker.rb b/app/workers/payment_schedule_item_worker.rb index 56348aa6b..0120dbb78 100644 --- a/app/workers/payment_schedule_item_worker.rb +++ b/app/workers/payment_schedule_item_worker.rb @@ -29,12 +29,15 @@ class PaymentScheduleItemWorker psi.update_attributes(state: 'paid', payment_method: 'stripe', stp_invoice_id: stp_invoice.id) elsif stp_subscription.status == 'past_due' || stp_invoice.status == 'open' ##### Stripe / Payment error - NotificationCenter.call type: 'notify_admin_payment_schedule_failed', - receiver: User.admins_and_managers, - attached_object: psi - NotificationCenter.call type: 'notify_member_payment_schedule_failed', - receiver: psi.payment_schedule.user, - attached_object: psi + if psi.state == 'new' + # notify only for new deadlines, to prevent spamming + NotificationCenter.call type: 'notify_admin_payment_schedule_failed', + receiver: User.admins_and_managers, + attached_object: psi + NotificationCenter.call type: 'notify_member_payment_schedule_failed', + receiver: psi.payment_schedule.user, + attached_object: psi + end stp_payment_intent = Stripe::PaymentIntent.retrieve(stp_invoice.payment_intent, api_key: stripe_key) psi.update_attributes(state: stp_payment_intent.status, stp_invoice_id: stp_invoice.id, @@ -42,8 +45,8 @@ class PaymentScheduleItemWorker else psi.update_attributes(state: 'error') end - else - ### Check + elsif psi.state == 'new' + ### Check (only new deadlines, to prevent spamming) NotificationCenter.call type: 'notify_admin_payment_schedule_check_deadline', receiver: User.admins_and_managers, attached_object: psi diff --git a/package.json b/package.json index 0da893056..360eee85c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "fab-manager", - "version": "4.7.2", + "version": "4.7.3", "description": "Fab-manager is the FabLab management solution. It provides a comprehensive, web-based, open-source tool to simplify your administrative tasks and your marker's projects.", "keywords": [ "fablab", diff --git a/setup/setup.sh b/setup/setup.sh index 756f511dc..e5fd65074 100755 --- a/setup/setup.sh +++ b/setup/setup.sh @@ -165,12 +165,23 @@ prepare_nginx() if [ "$confirm" != "n" ]; then echo "Adding a network configuration to the docker-compose.yml file..." yq -i eval '.networks.web.external = "true"' docker-compose.yml - yq -i eval '.networks.db = ""' docker-compose.yml + yq -i eval '.networks.db = null' docker-compose.yml yq -i eval '.services.fabmanager.networks += ["web"]' docker-compose.yml yq -i eval '.services.fabmanager.networks += ["db"]' docker-compose.yml yq -i eval '.services.postgres.networks += ["db"]' docker-compose.yml yq -i eval '.services.redis.networks += ["db"]' docker-compose.yml fi + read -rp "Do you want to rename the Fab-manager's service? (Y/n) " confirm " value " value