diff --git a/Gemfile b/Gemfile index 75d6c1038..a413959bb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,7 +1,7 @@ source 'https://rubygems.org' ruby '3.4.4' -gem 'rails', '7.0.8.1' +gem 'rails', '~> 7.1.5.1' # LOCKED: It is Rails. # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails] gem 'sprockets-rails' @@ -10,7 +10,7 @@ gem 'benchmark' # LOCKED: Added because of activesupport 7.0 gem 'bigdecimal' # LOCKED: Added because of activesupport 7.0 gem 'carrierwave' gem 'cocoon' -gem "csv" # LOCKED: csv was loaded from the standard library, but is not part of the default gems starting from Ruby 3.4.0. Due to config/application.rb +gem 'csv' # LOCKED: csv was loaded from the standard library, but is not part of the default gems starting from Ruby 3.4.0. Due to config/application.rb gem 'delayed_job' gem 'delayed_job_active_record' gem 'drb' # LOCKED: Added because of pry-remote @@ -119,4 +119,4 @@ end gem 'rollbar' gem 'skylight' -gem "carrierwave-aws", "~> 1.6" +gem 'carrierwave-aws', '~> 1.6' diff --git a/Gemfile.lock b/Gemfile.lock index 4ab5ff2e5..8ac3376f9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,73 +1,85 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.0.8.1) - actionpack (= 7.0.8.1) - activesupport (= 7.0.8.1) + actioncable (7.1.5.1) + actionpack (= 7.1.5.1) + activesupport (= 7.1.5.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (7.0.8.1) - actionpack (= 7.0.8.1) - activejob (= 7.0.8.1) - activerecord (= 7.0.8.1) - activestorage (= 7.0.8.1) - activesupport (= 7.0.8.1) + zeitwerk (~> 2.6) + actionmailbox (7.1.5.1) + actionpack (= 7.1.5.1) + activejob (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) mail (>= 2.7.1) net-imap net-pop net-smtp - actionmailer (7.0.8.1) - actionpack (= 7.0.8.1) - actionview (= 7.0.8.1) - activejob (= 7.0.8.1) - activesupport (= 7.0.8.1) + actionmailer (7.1.5.1) + actionpack (= 7.1.5.1) + actionview (= 7.1.5.1) + activejob (= 7.1.5.1) + activesupport (= 7.1.5.1) mail (~> 2.5, >= 2.5.4) net-imap net-pop net-smtp - rails-dom-testing (~> 2.0) - actionpack (7.0.8.1) - actionview (= 7.0.8.1) - activesupport (= 7.0.8.1) - rack (~> 2.0, >= 2.2.4) + rails-dom-testing (~> 2.2) + actionpack (7.1.5.1) + actionview (= 7.1.5.1) + activesupport (= 7.1.5.1) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (7.0.8.1) - actionpack (= 7.0.8.1) - activerecord (= 7.0.8.1) - activestorage (= 7.0.8.1) - activesupport (= 7.0.8.1) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.5.1) + actionpack (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.0.8.1) - activesupport (= 7.0.8.1) + actionview (7.1.5.1) + activesupport (= 7.1.5.1) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (7.0.8.1) - activesupport (= 7.0.8.1) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + activejob (7.1.5.1) + activesupport (= 7.1.5.1) globalid (>= 0.3.6) - activemodel (7.0.8.1) - activesupport (= 7.0.8.1) - activerecord (7.0.8.1) - activemodel (= 7.0.8.1) - activesupport (= 7.0.8.1) - activestorage (7.0.8.1) - actionpack (= 7.0.8.1) - activejob (= 7.0.8.1) - activerecord (= 7.0.8.1) - activesupport (= 7.0.8.1) + activemodel (7.1.5.1) + activesupport (= 7.1.5.1) + activerecord (7.1.5.1) + activemodel (= 7.1.5.1) + activesupport (= 7.1.5.1) + timeout (>= 0.4.0) + activestorage (7.1.5.1) + actionpack (= 7.1.5.1) + activejob (= 7.1.5.1) + activerecord (= 7.1.5.1) + activesupport (= 7.1.5.1) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (7.0.8.1) + activesupport (7.1.5.1) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) - acts-as-taggable-on (11.0.0) - activerecord (>= 7.0, < 8.0) + acts-as-taggable-on (12.0.0) + activerecord (>= 7.1, < 8.1) zeitwerk (>= 2.4, < 3.0) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) @@ -144,6 +156,7 @@ GEM commonmarker (2.3.2) rb_sys (~> 0.9) concurrent-ruby (1.3.5) + connection_pool (2.5.3) crass (1.0.6) css_parser (1.14.0) addressable @@ -261,14 +274,14 @@ GEM mutex_m (0.3.0) net-http (0.6.0) uri - net-imap (0.4.20) + net-imap (0.5.9) date net-protocol net-pop (0.1.2) net-protocol net-protocol (0.2.2) timeout - net-smtp (0.4.0.1) + net-smtp (0.5.1) net-protocol nio4r (2.7.4) nokogiri (1.18.9) @@ -341,28 +354,34 @@ GEM pundit (2.5.0) activesupport (>= 3.0.0) racc (1.8.1) - rack (2.2.17) + rack (3.2.0) rack-mini-profiler (4.0.1) rack (>= 1.2.0) - rack-protection (3.2.0) + rack-protection (4.1.1) base64 (>= 0.1.0) - rack (~> 2.2, >= 2.2.4) + logger (>= 1.6.0) + rack (>= 3.0.0, < 4) + rack-session (2.1.1) + base64 (>= 0.1.0) + rack (>= 3.0.0) rack-test (2.2.0) rack (>= 1.3) - rails (7.0.8.1) - actioncable (= 7.0.8.1) - actionmailbox (= 7.0.8.1) - actionmailer (= 7.0.8.1) - actionpack (= 7.0.8.1) - actiontext (= 7.0.8.1) - actionview (= 7.0.8.1) - activejob (= 7.0.8.1) - activemodel (= 7.0.8.1) - activerecord (= 7.0.8.1) - activestorage (= 7.0.8.1) - activesupport (= 7.0.8.1) + rackup (2.2.1) + rack (>= 3) + rails (7.1.5.1) + actioncable (= 7.1.5.1) + actionmailbox (= 7.1.5.1) + actionmailer (= 7.1.5.1) + actionpack (= 7.1.5.1) + actiontext (= 7.1.5.1) + actionview (= 7.1.5.1) + activejob (= 7.1.5.1) + activemodel (= 7.1.5.1) + activerecord (= 7.1.5.1) + activestorage (= 7.1.5.1) + activesupport (= 7.1.5.1) bundler (>= 1.15.0) - railties (= 7.0.8.1) + railties (= 7.1.5.1) rails-dom-testing (2.3.0) activesupport (>= 5.0.0) minitest @@ -377,13 +396,14 @@ GEM rails_stdout_logging rails_serve_static_assets (0.0.5) rails_stdout_logging (0.0.5) - railties (7.0.8.1) - actionpack (= 7.0.8.1) - activesupport (= 7.0.8.1) - method_source + railties (7.1.5.1) + actionpack (= 7.1.5.1) + activesupport (= 7.1.5.1) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) - zeitwerk (~> 2.5) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.3.0) rake-compiler-dock (1.9.1) @@ -461,6 +481,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.4.1) selenium-webdriver (4.34.0) base64 (~> 0.2) logger (~> 1.4) @@ -524,7 +545,8 @@ GEM bindex (>= 0.4.0) railties (>= 6.0.0) websocket (1.2.11) - websocket-driver (0.7.6) + websocket-driver (0.8.0) + base64 websocket-extensions (>= 0.1.0) websocket-extensions (0.1.5) xpath (3.2.0) @@ -588,7 +610,7 @@ DEPENDENCIES puma (~> 6.6) pundit rack-mini-profiler (~> 4.0) - rails (= 7.0.8.1) + rails (~> 7.1.5.1) rails-html-sanitizer (~> 1.6.2) rails4-autocomplete rails_12factor diff --git a/app/controllers/concerns/mailing_list_concerns.rb b/app/controllers/concerns/mailing_list_concerns.rb index 6483664d9..8d94d39ab 100644 --- a/app/controllers/concerns/mailing_list_concerns.rb +++ b/app/controllers/concerns/mailing_list_concerns.rb @@ -10,14 +10,14 @@ module MailingListConcerns module InstanceMethods def subscribe_to_newsletter(member) member.update(opt_in_newsletter_at: Time.zone.now) - MailingList.new(ENV['NEWSLETTER_ID']).subscribe(member.email, - member.name, - member.surname) + Services::MailingList.new(ENV['NEWSLETTER_ID']).subscribe(member.email, + member.name, + member.surname) end def unsubscribe_from_newsletter(member) member.update(opt_in_newsletter_at: nil) - MailingList.new(ENV['NEWSLETTER_ID']).unsubscribe(member.email) + Services::MailingList.new(ENV['NEWSLETTER_ID']).unsubscribe(member.email) end end end diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb index 1736eb6ca..31030f266 100644 --- a/app/controllers/events_controller.rb +++ b/app/controllers/events_controller.rb @@ -13,16 +13,17 @@ def index events << Event.past.includes(:venue, :sponsors).limit(RECENT_EVENTS_DISPLAY_LIMIT) events = events.compact.flatten.sort_by(&:date_and_time).reverse.first(RECENT_EVENTS_DISPLAY_LIMIT) events_hash_grouped_by_date = events.group_by(&:date) - @past_events = events_hash_grouped_by_date.map.inject({}) do |hash, (key, value)| + @past_events = events_hash_grouped_by_date.map.each_with_object({}) do |(key, value), hash| hash[key] = EventPresenter.decorate_collection(value) - hash end events = [Workshop.includes(:chapter).upcoming.joins(:chapter).merge(Chapter.active)] events << Meeting.upcoming.all events << Event.upcoming.includes(:venue, :sponsors).all events = events.compact.flatten.sort_by(&:date_and_time).group_by(&:date) - @events = events.map.inject({}) { |hash, (key, value)| hash[key] = EventPresenter.decorate_collection(value); hash } + @events = events.map.each_with_object({}) do |(key, value), hash| + hash[key] = EventPresenter.decorate_collection(value) + end end def show @@ -34,7 +35,7 @@ def show return unless logged_in? invitation = Invitation.find_by(member: current_user, event: event, attending: true) - return redirect_to event_invitation_path(@event, invitation) if invitation + redirect_to event_invitation_path(@event, invitation) if invitation end def student @@ -47,7 +48,7 @@ def coach def rsvp set_event - ticket = Ticket.new(request, params) + ticket = Services::Ticket.new(request, params) member = Member.find_by(email: ticket.email) invitation = member.invitations.where(event: @event, role: 'Student').try(:first) invitation ||= Invitation.create(event: @event, member: member, role: 'Student') diff --git a/app/mailers/event_invitation_mailer.rb b/app/mailers/event_invitation_mailer.rb index 83c27d3b3..a46d7e9d3 100644 --- a/app/mailers/event_invitation_mailer.rb +++ b/app/mailers/event_invitation_mailer.rb @@ -34,7 +34,7 @@ def attending(event, member, invitation) require 'services/event_calendar' attachments['codebar.ics'] = { mime_type: 'text/calendar', - content: EventCalendar.new(@event).calendar.to_ical } + content: Services::EventCalendar.new(@event).calendar.to_ical } subject = "Your spot to #{@event.name} has been confirmed." diff --git a/app/models/contact.rb b/app/models/contact.rb index e9e8b7279..34914d9d0 100644 --- a/app/models/contact.rb +++ b/app/models/contact.rb @@ -5,8 +5,8 @@ class Contact < ApplicationRecord validates :name, :surname, :email, presence: true before_create :set_token - after_commit :subscribe_to_mailing_list, if: proc { |c| c.mailing_list_consent } after_commit :unsubscribe_from_mailing_list, if: proc { |c| !c.mailing_list_consent } + after_commit :subscribe_to_mailing_list, if: proc { |c| c.mailing_list_consent } def subscribe_to_mailing_list mailing_list.subscribe(email, name, surname) @@ -18,7 +18,7 @@ def unsubscribe_from_mailing_list end def mailing_list - @mailing_list ||= MailingList.new(ENV['SPONSOR_NEWSLETTER_ID']) + @mailing_list ||= Services::MailingList.new(ENV['SPONSOR_NEWSLETTER_ID']) end private diff --git a/app/models/group.rb b/app/models/group.rb index 85910ae57..e57bc93fc 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -13,7 +13,7 @@ class Group < ApplicationRecord validates :name, presence: true, inclusion: { in: NAMES, message: 'Invalid name for Group' } - alias_attribute :city, :chapter + alias city chapter default_scope -> { joins(:chapter).includes(:chapter) } diff --git a/app/models/subscription.rb b/app/models/subscription.rb index da6faa758..dad167d46 100644 --- a/app/models/subscription.rb +++ b/app/models/subscription.rb @@ -22,10 +22,10 @@ def coach? private def subscribe_to_mailing_list - MailingList.new(group.mailing_list_id).subscribe(member.email, member.name, member.surname) + Services::MailingList.new(group.mailing_list_id).subscribe(member.email, member.name, member.surname) end def unsubscribe_from_mailing_list - MailingList.new(group.mailing_list_id).unsubscribe(member.email) + Services::MailingList.new(group.mailing_list_id).unsubscribe(member.email) end end diff --git a/config/application.rb b/config/application.rb index ab54bece5..6eaf05f8c 100644 --- a/config/application.rb +++ b/config/application.rb @@ -11,7 +11,7 @@ require "action_mailbox/engine" require "action_text/engine" require "action_view/railtie" -# require "action_cable/engine" +require "action_cable/engine" require "sprockets/railtie" require "rails/test_unit/railtie" @@ -24,6 +24,12 @@ class Application < Rails::Application # Initialize configuration defaults for originally generated Rails version. config.load_defaults 7.0 + config.add_autoload_paths_to_load_path = false # false is 7.1 default, true is 7.0 default + # TODO: When we have deployed Rails 7.1, we can uncomment this next line. + # config.active_support.cache_format_version = 7.1 + + config.autoload_lib(ignore: %w(assets tasks)) + # Configuration for the application, engines, and railties goes here. # # These settings can be overridden in specific environments using the files @@ -32,24 +38,9 @@ class Application < Rails::Application # config.time_zone = "Central Time (US & Canada)" # config.eager_load_paths << Rails.root.join("extras") - # Settings in config/environments/* take precedence over those specified here. - # Application configuration can go into files in config/initializers - # -- all .rb files in that directory are automatically loaded after loading - # the framework and any gems in your application. - - # Settings in config/environments/* take precedence over those specified here. - # Application configuration should go into files in config/initializers - # -- all .rb files in that directory are automatically loaded. - - # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. - # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. config.time_zone = 'London' config.active_record.default_timezone = :local - # Remove config.active_record.raise_in_transactional_callbacks, which is deprecated and removed without replacement, see - # https://apidock.com/rails/v5.0.0.1/ActiveRecord/Transactions/ClassMethods/raise_in_transactional_callbacks%3D. - # config.active_record.raise_in_transactional_callbacks = true - # Related to https://stackoverflow.com/questions/72970170/upgrading-to-rails-6-1-6-1-causes-psychdisallowedclass-tried-to-load-unspecif # and https://discuss.rubyonrails.org/t/cve-2022-32224-possible-rce-escalation-bug-with-serialized-columns-in-active-record/81017 config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time, ActiveSupport::TimeWithZone, ActiveSupport::TimeZone, ActiveSupport::HashWithIndifferentAccess] @@ -59,6 +50,4 @@ class Application < Rails::Application config.active_record.belongs_to_required_by_default = true end -end - -require 'csv' # the standard library CSV Class +end \ No newline at end of file diff --git a/config/boot.rb b/config/boot.rb index 37a5619ce..d69bd27dc 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -1,4 +1,3 @@ ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) require "bundler/setup" # Set up gems listed in the Gemfile. -require "logger" # Fix concurrent-ruby removing logger dependency which Rails itself does not have diff --git a/config/environments/development.rb b/config/environments/development.rb index 027057416..48696fa62 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -6,7 +6,7 @@ # In the development environment your application's code is reloaded any time # it changes. This slows down response time but is perfect for development # since you don't have to restart the web server when you make code changes. - config.cache_classes = false + config.enable_reloading = true # Do not eager load code on boot. config.eager_load = false @@ -56,6 +56,9 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Highlight code that enqueued background job in logs. + config.active_job.verbose_enqueue_logs = true + # Suppress logger output for asset requests. config.assets.quiet = true @@ -65,8 +68,8 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Uncomment if you wish to allow Action Cable access from any origin. - # config.action_cable.disable_request_forgery_protection = true + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true # Required default host to link to! config.action_mailer.default_url_options = { host: 'localhost:3000' } diff --git a/config/environments/production.rb b/config/environments/production.rb index 987ab41d2..ab6fa06aa 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -4,7 +4,7 @@ # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. - config.cache_classes = true + config.enable_reloading = false # Eager load code on boot. This eager loads most of Rails and # your application in memory, allowing both threaded web servers @@ -13,15 +13,14 @@ config.eager_load = true # Full error reports are disabled and caching is turned on. - config.consider_all_requests_local = false + config.consider_all_requests_local = false config.action_controller.perform_caching = true - # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] - # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). + # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment + # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). # config.require_master_key = true - # Disable serving static files from the `/public` folder by default since - # Apache or NGINX already handles this. + # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? # Compress CSS using a preprocessor. @@ -30,7 +29,7 @@ # Compress JS using a preprocessor. config.assets.js_compressor = :terser - # Do not fallback to assets pipeline if a precompiled asset is missed. + # Do not fall back to assets pipeline if a precompiled asset is missed. config.assets.compile = false # Enable serving of images, stylesheets, and JavaScripts from an asset server. @@ -43,21 +42,31 @@ # Store uploaded files on the local file system (see config/storage.yml for options). config.active_storage.service = :local + # Assume all access to the app is happening through a SSL-terminating reverse proxy. + # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. + # config.assume_ssl = true + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. # config.force_ssl = true - # Include generic and useful information about system operation, but avoid logging too much - # information to avoid inadvertent exposure of personally identifiable information (PII). - config.log_level = ENV.fetch("RAILS_LOG_LEVEL") { "info" } + # Log to STDOUT by default + config.logger = ActiveSupport::Logger.new(STDOUT) + .tap { |logger| logger.formatter = ::Logger::Formatter.new } + .then { |logger| ActiveSupport::TaggedLogging.new(logger) } # Prepend all log lines with the following tags. config.log_tags = [ :request_id ] + # "info" includes generic and useful information about system operation, but avoids logging too much + # information to avoid inadvertent exposure of personally identifiable information (PII). If you + # want to log everything, set the level to "debug". + config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "info") + # Use a different cache store in production. # config.cache_store = :mem_cache_store # Use a real queuing backend for Active Job (and separate queues per environment). - # config.active_job.queue_adapter = :resque + # config.active_job.queue_adapter = :resque # config.active_job.queue_name_prefix = "planner_#{Rails.env}" config.action_mailer.perform_caching = false @@ -73,28 +82,17 @@ # Don't log any deprecations. config.active_support.report_deprecations = false - # Use default logging formatter so that PID and timestamp are not suppressed. - config.log_formatter = ::Logger::Formatter.new - - # Use a different logger for distributed setups. - # require "syslog/logger" - # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') - - if ENV["RAILS_LOG_TO_STDOUT"].present? - logger = ActiveSupport::Logger.new(STDOUT) - logger.formatter = config.log_formatter - config.logger = ActiveSupport::TaggedLogging.new(logger) - end - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - # Required default host to link to! - config.action_mailer.default_url_options = { host: 'codebar.io' } + # Enable DNS rebinding protection and other `Host` header attacks. + # config.hosts = [ + # "example.com", # Allow requests from example.com + # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` + # ] - # Ignore bad email addresses and do not raise email delivery errors. - # Set this to true and configure the email server for immediate delivery to raise delivery errors. - # config.action_mailer.raise_delivery_errors = false + # Skip DNS rebinding protection for the default health check endpoint. + # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } config.action_mailer.smtp_settings = { port: '587', @@ -106,4 +104,5 @@ enable_starttls_auto: true } ActionMailer::Base.delivery_method = :smtp -end + config.action_mailer.default_url_options = { host: 'codebar.io' } +end \ No newline at end of file diff --git a/config/environments/test.rb b/config/environments/test.rb index e2239b940..4edc63a9e 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -9,12 +9,13 @@ Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. - # Turn false under Spring and add config.action_view.cache_template_loading = true. - config.cache_classes = true + # While tests run files are not watched, reloading is not necessary. + config.enable_reloading = false - # Eager loading loads your whole application. When running a single test locally, - # this probably isn't necessary. It's a good idea to do in a continuous integration - # system, or in some way before deploying your code. + # Eager loading loads your entire application. When running a single test locally, + # this is usually not necessary, and can slow down your test suite. However, it's + # recommended that you enable it in continuous integration systems to ensure eager + # loading is working properly before deploying your code. config.eager_load = ENV["CI"].present? # Configure public file server for tests with Cache-Control for performance. @@ -24,12 +25,12 @@ } # Show full error reports and disable caching. - config.consider_all_requests_local = true + config.consider_all_requests_local = true config.action_controller.perform_caching = false config.cache_store = :null_store - # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + # Render exception templates for rescuable exceptions and raise for other exceptions. + config.action_dispatch.show_exceptions = :rescuable # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false @@ -59,18 +60,15 @@ # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Required default host to link to! - config.action_mailer.default_url_options = { host: 'localhost:3000' } + # Raise error when a before_action's only/except options reference missing actions + config.action_controller.raise_on_missing_callback_actions = true - # Configure static asset server for tests with Cache-Control for performance. - config.serve_static_files = true - config.static_cache_control = 'public, max-age=3600' + config.action_mailer.default_url_options = { host: 'localhost:3000' } # Fake omniauth for testing OmniAuth.config.test_mode = true config.after_initialize do - # TODO: re-enable and go through failures Bullet.enable = true Bullet.bullet_logger = true Bullet.raise = false # raise an error if n+1 query occurs diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index 54f47cf15..b3076b38f 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -16,9 +16,9 @@ # # policy.report_uri "/csp-violation-report-endpoint" # end # -# # Generate session nonces for permitted importmap and inline scripts +# # Generate session nonces for permitted importmap, inline scripts, and inline styles. # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } -# config.content_security_policy_nonce_directives = %w(script-src) +# config.content_security_policy_nonce_directives = %w(script-src style-src) # # # Report violations without enforcing the policy. # # config.content_security_policy_report_only = true diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index adc6568ce..c2d89e28a 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -1,8 +1,8 @@ # Be sure to restart your server when you modify this file. -# Configure parameters to be filtered from the log file. Use this to limit dissemination of -# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported -# notations and behaviors. +# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file. +# Use this to limit dissemination of sensitive information. +# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn ] diff --git a/config/initializers/flodesk.rb b/config/initializers/flodesk.rb index 248eb3d38..1e1d2fe8e 100644 --- a/config/initializers/flodesk.rb +++ b/config/initializers/flodesk.rb @@ -1,4 +1,4 @@ -require 'services/flodesk' +require 'flodesk' key = Rails.env.test? ? 'test' : ENV['FLODESK_KEY'] Rails.logger.warn 'Missing FLODESK_KEY environment variable' unless key diff --git a/config/initializers/inflections.rb b/config/initializers/inflections.rb index ac033bf9d..3860f659e 100644 --- a/config/initializers/inflections.rb +++ b/config/initializers/inflections.rb @@ -4,13 +4,13 @@ # are locale specific, and you may define rules for as many different # locales as you wish. All of these examples are active by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.plural /^(ox)$/i, '\1en' -# inflect.singular /^(ox)en/i, '\1' -# inflect.irregular 'person', 'people' +# inflect.plural /^(ox)$/i, "\\1en" +# inflect.singular /^(ox)en/i, "\\1" +# inflect.irregular "person", "people" # inflect.uncountable %w( fish sheep ) # end # These inflection rules are supported but not enabled by default: # ActiveSupport::Inflector.inflections(:en) do |inflect| -# inflect.acronym 'RESTful' +# inflect.acronym "RESTful" # end diff --git a/config/initializers/new_framework_defaults_5_2.rb b/config/initializers/new_framework_defaults_5_2.rb deleted file mode 100644 index c383d072b..000000000 --- a/config/initializers/new_framework_defaults_5_2.rb +++ /dev/null @@ -1,38 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.2 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Make Active Record use stable #cache_key alongside new #cache_version method. -# This is needed for recyclable cache keys. -# Rails.application.config.active_record.cache_versioning = true - -# Use AES-256-GCM authenticated encryption for encrypted cookies. -# Also, embed cookie expiry in signed or encrypted cookies for increased security. -# -# This option is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 5.2. -# -# Existing cookies will be converted on read then written with the new scheme. -# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true - -# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages -# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true. -# Rails.application.config.active_support.use_authenticated_message_encryption = true - -# Add default protection from forgery to ActionController::Base instead of in -# ApplicationController. -# Rails.application.config.action_controller.default_protect_from_forgery = true - -# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and -# 'f' after migrating old data. -# Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true - -# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header. -# Rails.application.config.active_support.use_sha1_digests = true - -# Make `form_with` generate id attributes for any generated HTML tags. -# Rails.application.config.action_view.form_with_generates_ids = true diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb deleted file mode 100644 index 0f8d42054..000000000 --- a/config/initializers/new_framework_defaults_7_0.rb +++ /dev/null @@ -1,148 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file eases your Rails 7.0 framework defaults upgrade. -# -# Uncomment each configuration one by one to switch to the new default. -# Once your application is ready to run with all new defaults, you can remove -# this file and set the `config.load_defaults` to `7.0`. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. -# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html - -# `button_to` view helper will render `