diff --git a/CHANGELOG.md b/CHANGELOG.md index 82dc50bdc..940fcd16c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Changelog Fab-manager - Updated ruby to 3.2 -- Updated rails to 6.1 +- Updated rails to 7.0 - Updated puma to 6.1 - Updated responders to 3.0 - Updated devise to 4.9 @@ -14,6 +14,10 @@ - Updated nodejs to 18.15 - Updated oj to 3.14 - Updated multi_json to 1.15 +- Updated spring to 4.0 +- Updated spring-watcher-listen to 2.1 +- Fill the holes in the logical sequence of invoices references with nil invoices +- Updated the invoices chaining method with a more flexible model - Fix a bug: broken display after a plan category was deleted - [TODO DEPLOY] `rails fablab:restore_order_number` THEN `rails fablab:fix_references` diff --git a/Gemfile b/Gemfile index 87b0c492c..8191c720d 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' -gem 'rails', '~> 6.1' +gem 'rails', '~> 7.0' # Used by rails 5.2 to reduce the app boot time by over 50% gem 'bootsnap' # Use Puma as web server @@ -49,8 +49,8 @@ group :development do gem 'railroady' gem 'rubocop', '~> 1.31', require: false gem 'rubocop-rails', require: false - gem 'spring' - gem 'spring-watcher-listen', '~> 2.0.0' + gem 'spring', '~> 4' + gem 'spring-watcher-listen', '~> 2.1.0' end group :test do diff --git a/Gemfile.lock b/Gemfile.lock index b9b663b55..c5a78789e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -4,66 +4,72 @@ GEM Ascii85 (1.1.0) aasm (5.0.8) concurrent-ruby (~> 1.0) - actioncable (6.1.7.2) - actionpack (= 6.1.7.2) - activesupport (= 6.1.7.2) + actioncable (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.2) - actionpack (= 6.1.7.2) - activejob (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + actionmailbox (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (>= 2.7.1) - actionmailer (6.1.7.2) - actionpack (= 6.1.7.2) - actionview (= 6.1.7.2) - activejob (= 6.1.7.2) - activesupport (= 6.1.7.2) + net-imap + net-pop + net-smtp + actionmailer (7.0.4.3) + actionpack (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activesupport (= 7.0.4.3) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.2) - actionview (= 6.1.7.2) - activesupport (= 6.1.7.2) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.4.3) + actionview (= 7.0.4.3) + activesupport (= 7.0.4.3) + rack (~> 2.0, >= 2.2.0) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.2) - actionpack (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + actiontext (7.0.4.3) + actionpack (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.2) - activesupport (= 6.1.7.2) + actionview (7.0.4.3) + activesupport (= 7.0.4.3) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) active_record_query_trace (1.8) - activejob (6.1.7.2) - activesupport (= 6.1.7.2) + activejob (7.0.4.3) + activesupport (= 7.0.4.3) globalid (>= 0.3.6) - activemodel (6.1.7.2) - activesupport (= 6.1.7.2) - activerecord (6.1.7.2) - activemodel (= 6.1.7.2) - activesupport (= 6.1.7.2) - activestorage (6.1.7.2) - actionpack (= 6.1.7.2) - activejob (= 6.1.7.2) - activerecord (= 6.1.7.2) - activesupport (= 6.1.7.2) + activemodel (7.0.4.3) + activesupport (= 7.0.4.3) + activerecord (7.0.4.3) + activemodel (= 7.0.4.3) + activesupport (= 7.0.4.3) + activestorage (7.0.4.3) + actionpack (= 7.0.4.3) + activejob (= 7.0.4.3) + activerecord (= 7.0.4.3) + activesupport (= 7.0.4.3) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.2) + activesupport (7.0.4.3) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) acts_as_list (1.0.4) activerecord (>= 4.2) addressable (2.8.0) @@ -339,32 +345,32 @@ GEM rack-test (2.1.0) rack (>= 1.3) railroady (1.5.3) - rails (6.1.7.2) - actioncable (= 6.1.7.2) - actionmailbox (= 6.1.7.2) - actionmailer (= 6.1.7.2) - actionpack (= 6.1.7.2) - actiontext (= 6.1.7.2) - actionview (= 6.1.7.2) - activejob (= 6.1.7.2) - activemodel (= 6.1.7.2) - activerecord (= 6.1.7.2) - activestorage (= 6.1.7.2) - activesupport (= 6.1.7.2) + rails (7.0.4.3) + actioncable (= 7.0.4.3) + actionmailbox (= 7.0.4.3) + actionmailer (= 7.0.4.3) + actionpack (= 7.0.4.3) + actiontext (= 7.0.4.3) + actionview (= 7.0.4.3) + activejob (= 7.0.4.3) + activemodel (= 7.0.4.3) + activerecord (= 7.0.4.3) + activestorage (= 7.0.4.3) + activesupport (= 7.0.4.3) bundler (>= 1.15.0) - railties (= 6.1.7.2) - sprockets-rails (>= 2.0.0) + railties (= 7.0.4.3) rails-dom-testing (2.0.3) activesupport (>= 4.2.0) nokogiri (>= 1.6) rails-html-sanitizer (1.5.0) loofah (~> 2.19, >= 2.19.1) - railties (6.1.7.2) - actionpack (= 6.1.7.2) - activesupport (= 6.1.7.2) + railties (7.0.4.3) + actionpack (= 7.0.4.3) + activesupport (= 7.0.4.3) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.0.0) rake (13.0.6) rb-fsevent (0.10.3) @@ -447,18 +453,10 @@ GEM docile (~> 1.1) simplecov-html (~> 0.11) simplecov-html (0.12.3) - spring (2.0.2) - activesupport (>= 4.2) - spring-watcher-listen (2.0.1) + spring (4.1.1) + spring-watcher-listen (2.1.0) listen (>= 2.7, < 4.0) - spring (>= 1.2, < 3.0) - sprockets (4.2.0) - concurrent-ruby (~> 1.0) - rack (>= 2.2.4, < 4) - sprockets-rails (3.4.2) - actionpack (>= 5.2) - activesupport (>= 5.2) - sprockets (>= 3.0.0) + spring (>= 4) ssrf_filter (1.0.7) stripe (5.29.0) swd (1.3.0) @@ -576,7 +574,7 @@ DEPENDENCIES puma (= 6.1.0) pundit railroady - rails (~> 6.1) + rails (~> 7.0) rb-readline recurrence redis-session-store @@ -596,8 +594,8 @@ DEPENDENCIES sidekiq (>= 6.0.7) sidekiq-scheduler sidekiq-unique-jobs (~> 7.1.23) - spring - spring-watcher-listen (~> 2.0.0) + spring (~> 4) + spring-watcher-listen (~> 2.1.0) stripe (= 5.29.0) sys-filesystem tzinfo-data diff --git a/app/models/invoice.rb b/app/models/invoice.rb index 74878638b..1c817ba93 100644 --- a/app/models/invoice.rb +++ b/app/models/invoice.rb @@ -14,7 +14,7 @@ class Invoice < PaymentDocument belongs_to :coupon has_one :chained_element, as: :element, dependent: :restrict_with_exception - has_one :avoir, class_name: 'Invoice', dependent: :destroy, inverse_of: :avoir + has_one :avoir, class_name: 'Avoir', dependent: :destroy, inverse_of: :invoice has_one :payment_schedule_item, dependent: :restrict_with_error has_one :payment_gateway_object, as: :item, dependent: :destroy has_one :order, dependent: :restrict_with_error diff --git a/bin/setup b/bin/setup index 94fd4d797..d6e019aca 100755 --- a/bin/setup +++ b/bin/setup @@ -1,6 +1,5 @@ #!/usr/bin/env ruby require 'fileutils' -include FileUtils # path to your application root. APP_ROOT = File.expand_path('..', __dir__) @@ -9,24 +8,22 @@ def system!(*args) system(*args) || abort("\n== Command #{args} failed ==") end -chdir APP_ROOT do - # This script is a starting point to setup your application. +FileUtils.chdir APP_ROOT do + # This script is a way to set up or update your development environment automatically. + # This script is idempotent, so that you can run it at any time and get an expectable outcome. # Add necessary setup steps to this file. puts '== Installing dependencies ==' system! 'gem install bundler --conservative' system('bundle check') || system!('bundle install') - # Install JavaScript dependencies if using Yarn - # system('bin/yarn') - # puts "\n== Copying sample files ==" - # unless File.exist?('config/database.yml') - # cp 'config/database.yml.sample', 'config/database.yml' + # unless File.exist?("config/database.yml") + # FileUtils.cp "config/database.yml.sample", "config/database.yml" # end puts "\n== Preparing database ==" - system! 'bin/rails db:setup' + system! 'bin/rails db:prepare' puts "\n== Removing old logs and tempfiles ==" system! 'bin/rails log:clear tmp:clear' diff --git a/config/application.rb b/config/application.rb index b7bd9073a..fedd0f80e 100644 --- a/config/application.rb +++ b/config/application.rb @@ -28,7 +28,10 @@ class FabManager::Application < Rails::Application require 'fab_manager' # Initialize configuration defaults for originally generated Rails version. - config.load_defaults 6.0 + config.load_defaults 7.0 + config.active_support.cache_format_version = 6.1 + config.action_dispatch.cookies_serializer = :hybrid + config.active_record.verify_foreign_keys_for_fixtures = false # prevent this new behavior with rails >= 5.0 # see https://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#active-record-belongs-to-required-by-default-option config.active_record.belongs_to_required_by_default = false diff --git a/config/environments/development.rb b/config/environments/development.rb index a81bf567d..d303e9c9e 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,24 +1,12 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + Rails.application.configure do - # https://github.com/flyerhzm/bullet - # In development, Bullet will find and report N+1 DB requests - config.after_initialize do - Bullet.enable = true - Bullet.alert = true - Bullet.bullet_logger = true - Bullet.console = true - Bullet.rails_logger = true - Bullet.add_footer = true - end - - # whitelist IP for web-console: local network, docker and vagrant - config.web_console.permissions = %w[192.168.0.0/16 192.168.99.0/16 10.0.2.2] - # Settings specified here will take precedence over those in config/application.rb. - # In the development environment your application's code is reloaded on - # every request. This slows down response time but is perfect for development + # In the development environment your application's code is reloaded any time + # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. config.cache_classes = false @@ -28,23 +16,26 @@ Rails.application.configure do # Show full error reports. config.consider_all_requests_local = true + # Enable server timing + config.server_timing = true + # Enable/disable caching. By default caching is disabled. # Run rails dev:cache to toggle caching. if Rails.root.join('tmp/caching-dev.txt').exist? - config.action_controller.cache_store = :memory_store + config.action_controller.perform_caching = true + config.action_controller.enable_fragment_cache_logging = true + + config.cache_store = :memory_store config.public_file_server.headers = { 'Cache-Control' => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false + + config.cache_store = :null_store end - config.action_controller.default_url_options = { - host: Rails.application.secrets.default_host, - protocol: Rails.application.secrets.default_protocol - } - - # Store uploaded files on the local file system (see config/storage.yml for options) + # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local # Don't care if the mailer can't send. @@ -66,14 +57,23 @@ Rails.application.configure do # Print deprecation notices to the Rails logger. config.active_support.deprecation = :log + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] + # Raise an error on page load if there are pending migrations. config.active_record.migration_error = :page_load # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raises error for missing translations. + # config.i18n.raise_on_missing_translations = true + + # Annotate rendered view with file names. + # config.action_view.annotate_rendered_view_with_filenames = true # Use an evented file watcher to asynchronously detect changes in source code, # routes, locales, etc. This feature depends on the listen gem. @@ -81,5 +81,24 @@ Rails.application.configure do config.log_level = Rails.application.secrets.log_level || :debug + config.action_controller.default_url_options = { + host: Rails.application.secrets.default_host, + protocol: Rails.application.secrets.default_protocol + } + + # whitelist IP for web-console: local network, docker and vagrant + config.web_console.permissions = %w[192.168.0.0/16 192.168.99.0/16 10.0.2.2] + config.hosts << ENV.fetch('DEFAULT_HOST', 'localhost') + + # https://github.com/flyerhzm/bullet + # In development, Bullet will find and report N+1 DB requests + config.after_initialize do + Bullet.enable = true + Bullet.alert = true + Bullet.bullet_logger = true + Bullet.console = true + Bullet.rails_logger = true + Bullet.add_footer = true + end end diff --git a/config/environments/production.rb b/config/environments/production.rb index be0b081c2..ade01a168 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,5 +1,7 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. @@ -20,14 +22,13 @@ Rails.application.configure do # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true - config.action_controller.default_url_options = { - host: Rails.application.secrets.default_host, - protocol: Rails.application.secrets.default_protocol - } - - # Active serving static files from the `/public` folder by default + # Disable serving static files from the `/public` folder by default since + # Apache or NGINX already handles this. config.public_file_server.enabled = true + # Enable serving of images, stylesheets, and JavaScripts from an asset server. + # config.asset_host = "http://assets.example.com" + # Specifies the header that your server uses for sending files. # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX @@ -35,28 +36,22 @@ Rails.application.configure do # Store uploaded files on the local file system (see config/storage.yml for options) config.active_storage.service = :local - # Mount Action Cable outside main process or domain - # config.action_cable.mount_path = nil - # config.action_cable.url = 'wss://example.com/cable' - # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] - # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Use the lowest log level to ensure availability of diagnostic information - # when problems arise. - # config.log_level = :debug - config.log_level = ENV.fetch('LOG_LEVEL') { :debug }.to_sym + # Include generic and useful information about system operation, but avoid logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). + config.log_level = ENV.fetch('LOG_LEVEL', :info).to_sym # Prepend all log lines with the following tags. - # config.log_tags = [ :request_id ] + config.log_tags = [:request_id] # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment) + # Use a real queuing backend for Active Job (and separate queues per environment). # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "fablab_#{Rails.env}" + # config.active_job.queue_name_prefix = "fab_manager_#{Rails.env}" config.action_mailer.perform_caching = false @@ -67,6 +62,7 @@ Rails.application.configure do # config.action_mailer.perform_deliveries = true # config.action_mailer.raise_delivery_errors = false # config.action_mailer.default :charset => "utf-8" + config.action_mailer.smtp_settings = { address: Rails.application.secrets.smtp_address, port: Rails.application.secrets.smtp_port, @@ -79,6 +75,7 @@ Rails.application.configure do ca_file: Rails.application.secrets.smtp_ca_file, ca_path: Rails.application.secrets.smtp_ca_path } + # use :smtp for switch prod config.action_mailer.delivery_method = Rails.application.secrets.delivery_method.to_sym @@ -86,8 +83,8 @@ Rails.application.configure do # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify + # Don't log any deprecations. + config.active_support.report_deprecations = false # Use default logging formatter so that PID and timestamp are not suppressed. config.log_formatter = ::Logger::Formatter.new @@ -97,11 +94,16 @@ Rails.application.configure do # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') if ENV['RAILS_LOG_TO_STDOUT'].present? - logger = ActiveSupport::Logger.new(STDOUT) + logger = ActiveSupport::Logger.new($stdout) logger.formatter = config.log_formatter config.logger = ActiveSupport::TaggedLogging.new(logger) end # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false + + config.action_controller.default_url_options = { + host: Rails.application.secrets.default_host, + protocol: Rails.application.secrets.default_protocol + } end diff --git a/config/environments/staging.rb b/config/environments/staging.rb index 72470851a..7115361f8 100644 --- a/config/environments/staging.rb +++ b/config/environments/staging.rb @@ -1,95 +1,3 @@ # frozen_string_literal: true -Rails.application.configure do - # Settings specified here will take precedence over those in config/application.rb. - - # Code is not reloaded between requests. - config.cache_classes = true - - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. - config.eager_load = true - - # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false - config.action_controller.perform_caching = true - - config.action_controller.default_url_options = { - host: Rails.application.secrets.default_host, - protocol: Rails.application.secrets.default_protocol - } - - # Enable Rack::Cache to put a simple HTTP cache in front of your application - # Add `rack-cache` to your Gemfile before enabling this. - # For large-scale production use, consider using a caching reverse proxy like nginx, varnish or squid. - # config.action_dispatch.rack_cache = true - - - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache - # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx - - # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - # config.force_ssl = true - - # Set to :debug to see everything in the log. - config.log_level = Rails.application.secrets.log_level.blank? ? :debug : Rails.application.secrets.log_level - - # Prepend all log lines with the following tags. - # config.log_tags = [ :subdomain, :uuid ] - - # Use a different logger for distributed setups. - # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) - - # Use a different cache store in production. - # config.cache_store = :mem_cache_store - - # Enable serving of images, stylesheets, and JavaScripts from an asset server. - # config.action_controller.asset_host = "http://assets.example.com" - - # Precompile additional assets. - # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. - # config.assets.precompile += %w( search.js ) - - # Ignore bad email addresses and do not raise email delivery errors. - # Set this to true and configure the email server for immediate delivery to raise delivery errors. - # config.action_mailer.raise_delivery_errors = false - - # Send deprecation notices to registered listeners. - config.active_support.deprecation = :notify - - # Disable automatic flushing of the log to improve performance. - # config.autoflush_log = false - - # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new - - # Active serving static files from the `/public` folder by default - config.public_file_server.enabled = true - - config.action_mailer.default_url_options = { - host: Rails.application.secrets.default_host, - protocol: Rails.application.secrets.default_protocol - } - # config.action_mailer.perform_deliveries = true - # config.action_mailer.raise_delivery_errors = false - # config.action_mailer.default :charset => "utf-8" - - config.action_mailer.smtp_settings = { - address: Rails.application.secrets.smtp_address, - port: Rails.application.secrets.smtp_port, - user_name: Rails.application.secrets.smtp_user_name, - password: Rails.application.secrets.smtp_password, - authentication: Rails.application.secrets.smtp_authentication, - enable_starttls_auto: Rails.application.secrets.smtp_enable_starttls_auto, - openssl_verify_mode: Rails.application.secrets.smtp_openssl_verify_mode, - tls: Rails.application.secrets.smtp_tls - } - - # use :smtp for switch prod - config.action_mailer.delivery_method = Rails.application.secrets.delivery_method.to_sym - -end - +require_relative './production' diff --git a/config/environments/test.rb b/config/environments/test.rb index 8216f4881..8243642ff 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,18 +1,22 @@ # frozen_string_literal: true +require 'active_support/core_ext/integer/time' + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! + Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # The test environment is used exclusively to run your application's - # test suite. You never need to work with it otherwise. Remember that - # your test database is "scratch space" for the test suite and is wiped - # and recreated between test runs. Don't rely on the data there! - config.cache_classes = true + # Turn false under Spring and add config.action_view.cache_template_loading = true. + config.cache_classes = false - # Do not eager load code on boot. This avoids loading your whole application - # just for the purpose of running a single test. If you are using a tool that - # preloads Rails for running tests, you may have to set it to true. - config.eager_load = false + # Eager loading loads your whole application. When running a single test locally, + # this probably isn't necessary. It's a good idea to do in a continuous integration + # system, or in some way before deploying your code. + config.eager_load = ENV['CI'].present? # Configure public file server for tests with Cache-Control for performance. config.public_file_server.enabled = true @@ -23,11 +27,7 @@ Rails.application.configure do # Show full error reports and disable caching. config.consider_all_requests_local = true config.action_controller.perform_caching = false - - config.action_controller.default_url_options = { - host: Rails.application.secrets.default_host, - protocol: Rails.application.secrets.default_protocol - } + config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. config.action_dispatch.show_exceptions = false @@ -35,7 +35,7 @@ Rails.application.configure do # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false - # Store uploaded files on the local file system in a temporary directory + # Store uploaded files on the local file system in a temporary directory. config.active_storage.service = :test config.action_mailer.perform_caching = false @@ -48,11 +48,18 @@ Rails.application.configure do # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raises error for missing translations - # config.action_view.raise_on_missing_translations = true + # Raise exceptions for disallowed deprecations. + config.active_support.disallowed_deprecation = :raise + + # Tell Active Support which deprecation messages to disallow. + config.active_support.disallowed_deprecation_warnings = [] config.active_job.queue_adapter = :test config.active_support.test_order = :random - config.log_level = Rails.application.secrets.log_level.blank? ? :debug : Rails.application.secrets.log_level -end + config.log_level = ENV.fetch('LOG_LEVEL', :debug).to_sym + config.action_controller.default_url_options = { + host: Rails.application.secrets.default_host, + protocol: Rails.application.secrets.default_protocol + } +end diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index e5bd6c449..4bfa29400 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -2,18 +2,19 @@ # Be sure to restart your server when you modify this file. -# Define an application-wide content security policy -# For further information see the following documentation -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header -Rails.application.config.content_security_policy do |policy| # # If you are using webpack-dev-server then specify webpack-dev-server host - policy.connect_src :self, :https, :wss, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development? +Rails.application.configure do + config.content_security_policy do |policy| + # If you are using webpack-dev-server then specify webpack-dev-server host + policy.connect_src :self, :https, :wss, 'http://localhost:3035', 'ws://localhost:3035' if Rails.env.development? + end + # # Generate session nonces for permitted importmap and inline scripts + # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } + # config.content_security_policy_nonce_directives = %w(script-src) + # + # # Report violations without enforcing the policy. + # # config.content_security_policy_report_only = true end - -# If you are using UJS then enable automatic nonce generation -# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } - -# Report CSP violations to a specified URI -# For further information see the following documentation: -# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only -# Rails.application.config.content_security_policy_report_only = true diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 4a994e1e7..7a0c4b23f 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,4 +1,10 @@ +# frozen_string_literal: true + # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. +Rails.application.config.filter_parameters += %i[ + password passw secret token _key crypt salt certificate otp ssn +] diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb new file mode 100644 index 000000000..810aadeb9 --- /dev/null +++ b/config/initializers/permissions_policy.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +# Define an application-wide HTTP permissions policy. For further +# information see https://developers.google.com/web/updates/2018/06/feature-policy +# +# Rails.application.config.permissions_policy do |f| +# f.camera :none +# f.gyroscope :none +# f.microphone :none +# f.usb :none +# f.fullscreen :self +# f.payment :self, "https://secure.example.com" +# end diff --git a/db/migrate/20230328094807_add_service_name_to_active_storage_blobs.active_storage.rb b/db/migrate/20230328094807_add_service_name_to_active_storage_blobs.active_storage.rb new file mode 100644 index 000000000..f6d94331c --- /dev/null +++ b/db/migrate/20230328094807_add_service_name_to_active_storage_blobs.active_storage.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +# This migration comes from active_storage (originally 20190112182829) +class AddServiceNameToActiveStorageBlobs < ActiveRecord::Migration[6.0] + def up + return unless table_exists?(:active_storage_blobs) + + unless column_exists?(:active_storage_blobs, :service_name) + add_column :active_storage_blobs, :service_name, :string + + if configured_service = ActiveStorage::Blob.service.name + ActiveStorage::Blob.unscoped.update_all(service_name: configured_service) + end + + change_column :active_storage_blobs, :service_name, :string, null: false + end + end + + def down + return unless table_exists?(:active_storage_blobs) + + remove_column :active_storage_blobs, :service_name + end +end diff --git a/db/migrate/20230328094808_create_active_storage_variant_records.active_storage.rb b/db/migrate/20230328094808_create_active_storage_variant_records.active_storage.rb new file mode 100644 index 000000000..ca0e86245 --- /dev/null +++ b/db/migrate/20230328094808_create_active_storage_variant_records.active_storage.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +# This migration comes from active_storage (originally 20191206030411) +class CreateActiveStorageVariantRecords < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + # Use Active Record's configured type for primary key + create_table :active_storage_variant_records, id: primary_key_type, if_not_exists: true do |t| + t.belongs_to :blob, null: false, index: false, type: blobs_primary_key_type + t.string :variation_digest, null: false + + t.index %i[blob_id variation_digest], name: 'index_active_storage_variant_records_uniqueness', unique: true + t.foreign_key :active_storage_blobs, column: :blob_id + end + end + + private + + def primary_key_type + config = Rails.configuration.generators + config.options[config.orm][:primary_key_type] || :primary_key + end + + def blobs_primary_key_type + pkey_name = connection.primary_key(:active_storage_blobs) + pkey_column = connection.columns(:active_storage_blobs).find { |c| c.name == pkey_name } + pkey_column.bigint? ? :bigint : pkey_column.type + end +end diff --git a/db/migrate/20230328094809_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb b/db/migrate/20230328094809_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb new file mode 100644 index 000000000..6f3182210 --- /dev/null +++ b/db/migrate/20230328094809_remove_not_null_on_active_storage_blobs_checksum.active_storage.rb @@ -0,0 +1,10 @@ +# frozen_string_literal: true + +# This migration comes from active_storage (originally 20211119233751) +class RemoveNotNullOnActiveStorageBlobsChecksum < ActiveRecord::Migration[6.0] + def change + return unless table_exists?(:active_storage_blobs) + + change_column_null(:active_storage_blobs, :checksum, true) + end +end diff --git a/db/schema.rb b/db/schema.rb index ae0a6e4ec..f167f4316 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 2023_03_15_095054) do +ActiveRecord::Schema[6.1].define(version: 2023_03_15_095054) do # These are extensions that must be enabled in order to support this database enable_extension "fuzzystrmatch" diff --git a/db/structure.sql b/db/structure.sql index 5e8ba9d4e..0f648a913 100644 --- a/db/structure.sql +++ b/db/structure.sql @@ -8690,6 +8690,9 @@ INSERT INTO "schema_migrations" (version) VALUES ('20230323104259'), ('20230323104727'), ('20230324090312'), -('20230324095639'); +('20230324095639'), +('20230328094807'), +('20230328094808'), +('20230328094809'); diff --git a/test/integration/slots_reservations_test.rb b/test/integration/slots_reservations_test.rb index 8ed33ebc9..588e21fb6 100644 --- a/test/integration/slots_reservations_test.rb +++ b/test/integration/slots_reservations_test.rb @@ -23,6 +23,7 @@ class SlotsReservationsTest < ActionDispatch::IntegrationTest # place cache slot = slots_reservation.slot + slot.reload cached = slot.places.detect do |p| p['reservable_id'] == slots_reservation.reservation.reservable_id && p['reservable_type'] == slots_reservation.reservation.reservable_type end