diff --git a/.travis.yml b/.travis.yml
index 4a9c774..acb7cb7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,9 +3,9 @@ dist: trusty
sudo: false
cache: bundler
rvm:
-- 2.2.7
-- 2.3.5
-- 2.4.2
+- 2.4.5
+- 2.5.5
+- 2.6.2
branches:
only:
- master
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e5bc8e9..965218b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 4.2.0 (unreleased)
+
+- Do not store screen size at login [#78](https://github.com/AlchemyCMS/alchemy-devise/pull/78) ([tvdeyen](https://github.com/tvdeyen))
+- Security: Use at least Devise 4.6 [#78](https://github.com/AlchemyCMS/alchemy-devise/pull/78) ([tvdeyen](https://github.com/tvdeyen))
+- Fix dummy app rails version [#76](https://github.com/AlchemyCMS/alchemy-devise/pull/76) ([tvdeyen](https://github.com/tvdeyen))
+- Fix translation key on user admin page [#75](https://github.com/AlchemyCMS/alchemy-devise/pull/75) ([mamhoff](https://github.com/mamhoff))
+
+
## 4.1.0 (2018-09-22)
- Only allow Alchemy > 4.1 [#72](https://github.com/AlchemyCMS/alchemy-devise/pull/72) ([tvdeyen](https://github.com/tvdeyen))
diff --git a/Gemfile b/Gemfile
index 4442776..b3a8495 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,6 +10,7 @@ unless ENV['CI']
gem 'pry'
gem 'spring-commands-rspec'
gem 'launchy'
+ gem 'github_fast_changelog', require: false
end
group :test do
diff --git a/README.md b/README.md
index d27ee0d..54e33f8 100644
--- a/README.md
+++ b/README.md
@@ -1,10 +1,10 @@
-## Devise based authentication for Alchemy 4.1
+## Devise based authentication for AlchemyCMS 4.2
[](http://travis-ci.org/AlchemyCMS/alchemy-devise)
[](http://badge.fury.io/rb/alchemy-devise) [](https://codeclimate.com/github/AlchemyCMS/alchemy-devise/coverage) [](https://codeclimate.com/github/AlchemyCMS/alchemy-devise) [](https://hakiri.io/github/AlchemyCMS/alchemy-devise/master)
-**CAUTION: This master branch is a development branch that can contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy-devise/versions/4.1.0), or the [latest stable branch (4.1-stable)](https://github.com/AlchemyCMS/alchemy-devise/tree/4.1-stable).**
+**CAUTION: This master branch is a development branch that can contain bugs. For productive environments you should use the [current Ruby gem version](https://rubygems.org/gems/alchemy-devise/versions/4.1.0), or the [latest stable branch (4.2-stable)](https://github.com/AlchemyCMS/alchemy-devise/tree/4.2-stable).**
AlchemyCMS has no authentication in its core. So it is possibly to bring your own authentication and use it to authorize users in AlchemyCMS. If you don't have your own authentication, you can use this gem.
@@ -17,7 +17,7 @@ Just put the gem into your projects `Gemfile`.
gem 'alchemy-devise', github: 'AlchemyCMS/alchemy-devise', branch: 'master'
```
-**NOTE:** You normally want to use a stable branch, like `4.1-stable`.
+**NOTE:** You normally want to use a stable branch, like `4.2-stable`.
and run `bundle install`.
diff --git a/Rakefile b/Rakefile
index 793408e..c517cd0 100644
--- a/Rakefile
+++ b/Rakefile
@@ -39,4 +39,24 @@ cd -
BASH
end
end
+
+ namespace :changelog do
+ desc "Update changelog"
+ task :update do
+ original_file = './CHANGELOG.md'
+ new_file = original_file + '.new'
+ backup = original_file + '.old'
+ changes = `git rev-list #{ENV['PREVIOUS_VERSION']}...master | bundle exec github_fast_changelog AlchemyCMS/alchemy-devise`
+ File.open(new_file, 'w') do |fo|
+ fo.puts changes
+ File.foreach(original_file) do |li|
+ fo.puts li
+ end
+ fo.puts ""
+ end
+ File.rename(original_file, backup)
+ File.rename(new_file, original_file)
+ File.delete(backup)
+ end
+ end
end
diff --git a/alchemy-devise.gemspec b/alchemy-devise.gemspec
index 35e4e09..663bb3a 100644
--- a/alchemy-devise.gemspec
+++ b/alchemy-devise.gemspec
@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
s.test_files = Dir["spec/**/*"]
s.add_dependency "alchemy_cms", [">= 4.1.0.beta", "< 4.99"]
- s.add_dependency "devise", [">= 4.0", "< 4.99"]
+ s.add_dependency "devise", [">= 4.6.0", "< 4.99"]
s.add_development_dependency "capybara"
s.add_development_dependency "factory_bot_rails"
diff --git a/app/controllers/alchemy/admin/users_controller.rb b/app/controllers/alchemy/admin/users_controller.rb
index 5e00182..9286277 100644
--- a/app/controllers/alchemy/admin/users_controller.rb
+++ b/app/controllers/alchemy/admin/users_controller.rb
@@ -17,7 +17,7 @@ def index
@query.sorts = 'login asc' if @query.sorts.empty?
@users = @query.result
.page(params[:page] || 1)
- .per(per_page_value_for_screen_size)
+ .per(items_per_page)
end
def new
diff --git a/app/controllers/alchemy/user_sessions_controller.rb b/app/controllers/alchemy/user_sessions_controller.rb
index cb50d90..16a0b9b 100644
--- a/app/controllers/alchemy/user_sessions_controller.rb
+++ b/app/controllers/alchemy/user_sessions_controller.rb
@@ -20,7 +20,6 @@ def create
authenticate_user!
if user_signed_in?
- store_screen_size
if session[:redirect_path].blank?
redirect_path = admin_dashboard_path
else
@@ -49,10 +48,6 @@ def check_user_count
end
end
- def store_screen_size
- session[:screen_size] = params[:user_screensize]
- end
-
# Overwriting the default of Devise
def after_sign_out_path_for(resource_or_scope)
if request.referer.blank? || request.referer.to_s =~ /admin/
diff --git a/app/views/alchemy/user_sessions/new.html.erb b/app/views/alchemy/user_sessions/new.html.erb
index 2fcb7b3..c6fe7d5 100644
--- a/app/views/alchemy/user_sessions/new.html.erb
+++ b/app/views/alchemy/user_sessions/new.html.erb
@@ -9,7 +9,6 @@
- <%= hidden_field_tag 'user_screensize' %>
<% end %>
@@ -19,9 +18,6 @@
<%- end -%>
diff --git a/lib/alchemy/devise/test_support/factories.rb b/lib/alchemy/devise/test_support/factories.rb
index c8c1890..bc3f7f2 100644
--- a/lib/alchemy/devise/test_support/factories.rb
+++ b/lib/alchemy/devise/test_support/factories.rb
@@ -1,26 +1,28 @@
+# frozen_string_literal: true
+
FactoryBot.define do
- factory :alchemy_user, class: 'Alchemy::User' do
+ factory :alchemy_user, class: Alchemy::User do
sequence(:login) { |n| "john_#{n}.doe" }
sequence(:email) { |n| "john_#{n}@doe.com" }
- firstname 'John'
- lastname 'Doe'
- password 's3cr3t'
- password_confirmation 's3cr3t'
+ firstname { 'John' }
+ lastname { 'Doe' }
+ password { 's3cr3t' }
+ password_confirmation { 's3cr3t' }
factory :alchemy_admin_user do
- alchemy_roles 'admin'
+ alchemy_roles { 'admin' }
end
factory :alchemy_member_user do
- alchemy_roles 'member'
+ alchemy_roles { 'member' }
end
factory :alchemy_author_user do
- alchemy_roles 'author'
+ alchemy_roles { 'author' }
end
factory :alchemy_editor_user do
- alchemy_roles 'editor'
+ alchemy_roles { 'editor' }
end
end
end
diff --git a/lib/generators/alchemy/devise/install/templates/devise.rb.tt b/lib/generators/alchemy/devise/install/templates/devise.rb.tt
index 8885730..15c1660 100644
--- a/lib/generators/alchemy/devise/install/templates/devise.rb.tt
+++ b/lib/generators/alchemy/devise/install/templates/devise.rb.tt
@@ -1,14 +1,18 @@
+# frozen_string_literal: true
+
# Use this hook to configure devise mailer, warden hooks and so forth.
# Many of these configuration options can be set straight in your model.
Devise.setup do |config|
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
+ # Devise will use the `secret_key_base` as its `secret_key`
+ # by default. You can change it below and use your own secret key.
+ # config.secret_key = '<%= SecureRandom.hex(64) %>'
- # By default, Devise will use your Application's secret_key_base as its
- # secret_key. You can override it here by uncommenting the following
- # line. Remember to keep this file out of source control if you do that.
- # config.secret_key = <%= SecureRandom.hex(50).inspect %>
+ # ==> Controller configuration
+ # Configure the parent class to the devise controllers.
+ config.parent_controller = "Alchemy::BaseController"
# ==> Mailer Configuration
# Configure the e-mail address which will be shown in Devise::Mailer,
@@ -19,14 +23,15 @@ Devise.setup do |config|
# Configure the class responsible to send e-mails.
config.mailer = "Alchemy::Notifications"
+ # Configure the parent class responsible to send e-mails.
+ # config.parent_mailer = 'ActionMailer::Base'
+
# ==> ORM configuration
# Load and configure the ORM. Supports :active_record (default) and
# :mongoid (bson_ext recommended) by default. Other ORMs may be
# available as additional gems.
require 'devise/orm/active_record'
- config.parent_controller = "Alchemy::BaseController"
-
# ==> Configuration for any authentication mechanism
# Configure which keys are used when authenticating a user. The default is
# just :email. You can configure it to use [:username, :subdomain], so for
@@ -91,26 +96,41 @@ Devise.setup do |config|
# from the server. You can disable this option at your own risk.
# config.clean_up_csrf_token_on_authentication = true
+ # When false, Devise will not attempt to reload routes on eager load.
+ # This can reduce the time taken to boot the app but if your application
+ # requires the Devise mappings to be loaded during boot time the application
+ # won't boot properly.
+ # config.reload_routes = true
+
# ==> Configuration for :database_authenticatable
- # For bcrypt, this is the cost for hashing the password and defaults to 10. If
- # using other encryptors, it sets how many times you want the password re-encrypted.
+ # For bcrypt, this is the cost for hashing the password and defaults to 11. If
+ # using other algorithms, it sets how many times you want the password to be hashed.
#
# Limiting the stretches to just one in testing will increase the performance of
# your test suite dramatically. However, it is STRONGLY RECOMMENDED to not use
# a value less than 10 in other environments. Note that, for bcrypt (the default
- # encryptor), the cost increases exponentially with the number of stretches (e.g.
+ # algorithm), the cost increases exponentially with the number of stretches (e.g.
# a value of 20 is already extremely slow: approx. 60 seconds for 1 calculation).
- config.stretches = Rails.env.test? ? 1 : 10
+ config.stretches = Rails.env.test? ? 1 : 11
+
+ # Set up a pepper to generate the hashed password.
+ # config.pepper = '<%= SecureRandom.hex(64) %>'
+
+ # Send a notification to the original email when the user's email is changed.
+ # config.send_email_changed_notification = false
- # Setup a pepper to generate the encrypted password.
- # config.pepper = <%= SecureRandom.hex(50).inspect %>
+ # Send a notification email when the user's password is changed.
+ # config.send_password_change_notification = false
# ==> Configuration for :confirmable
# A period that the user is allowed to access the website even without
# confirming their account. For instance, if set to 2.days, the user will be
# able to access the website for two days without confirming their account,
- # access will be blocked just in the third day. Default is 0.days, meaning
- # the user cannot access the website without confirming their account.
+ # access will be blocked just in the third day.
+ # You can also set it to nil, which will allow the user to access the website
+ # without confirming their account.
+ # Default is 0.days, meaning the user cannot access the website without
+ # confirming their account.
# config.allow_unconfirmed_access_for = 2.days
# A period that the user is allowed to confirm their account before their
@@ -128,7 +148,7 @@ Devise.setup do |config|
config.reconfirmable = false
# Defines which key will be used when confirming an account
- # config.confirmation_keys = [ :email ]
+ # config.confirmation_keys = [:email]
# ==> Configuration for :rememberable
# The time the user will be remembered without asking for credentials again.
@@ -151,16 +171,13 @@ Devise.setup do |config|
# Email regex used to validate email formats. It simply asserts that
# one (and only one) @ exists in the given string. This is mainly
# to give user feedback and not to assert the e-mail validity.
- # config.email_regexp = /\A[^@]+@[^@]+\z/
+ config.email_regexp = /\A[^@\s]+@[^@\s]+\z/
# ==> Configuration for :timeoutable
# The time you want to timeout the user session without activity. After this
# time the user will be asked for credentials again. Default is 30 minutes.
config.timeout_in = Rails.env.development? ? nil : Alchemy::Config.get(:auto_logout_time).minutes
- # If true, expires auth token on session timeout.
- # config.expire_auth_token_on_timeout = false
-
# ==> Configuration for :lockable
# Defines which strategy will be used to lock an account.
# :failed_attempts = Locks an account after a number of failed attempts to sign in.
@@ -168,7 +185,7 @@ Devise.setup do |config|
# config.lock_strategy = :failed_attempts
# Defines which key will be used when locking and unlocking an account
- # config.unlock_keys = [ :email ]
+ # config.unlock_keys = [:email]
# Defines which strategy will be used to unlock an account.
# :email = Sends an unlock link to the user email
@@ -185,24 +202,28 @@ Devise.setup do |config|
# config.unlock_in = 1.hour
# Warn on the last attempt before the account is locked.
- config.last_attempt_warning = true
+ # config.last_attempt_warning = true
# ==> Configuration for :recoverable
#
# Defines which key will be used when recovering the password for an account
- # config.reset_password_keys = [ :email ]
+ # config.reset_password_keys = [:email]
# Time interval you can reset your password with a reset password key.
# Don't put a too small interval or your users won't have the time to
# change their passwords.
config.reset_password_within = 6.hours
+ # When set to false, does not sign a user in automatically after their password is
+ # reset. Defaults to true, so a user is signed in automatically after a reset.
+ # config.sign_in_after_reset_password = true
+
# ==> Configuration for :encryptable
- # Allow you to use another encryption algorithm besides bcrypt (default). You can use
- # :sha1, :sha512 or encryptors from others authentication tools as :clearance_sha1,
- # :authlogic_sha512 (then you should set stretches above to 20 for default behavior)
- # and :restful_authentication_sha1 (then you should set stretches to 10, and copy
- # REST_AUTH_SITE_KEY to pepper).
+ # Allow you to use another hashing or encryption algorithm besides bcrypt (default).
+ # You can use :sha1, :sha512 or algorithms from others authentication tools as
+ # :clearance_sha1, :authlogic_sha512 (then you should set stretches above to 20
+ # for default behavior) and :restful_authentication_sha1 (then you should set
+ # stretches to 10, and copy REST_AUTH_SITE_KEY to pepper).
#
# Require the `devise-encryptable` gem when using anything other than bcrypt
# config.encryptor = :sha512
@@ -259,7 +280,20 @@ Devise.setup do |config|
# The router that invoked `devise_for`, in the example above, would be:
# config.router_name = :my_engine
#
- # When using omniauth, Devise cannot automatically set Omniauth path,
+ # When using OmniAuth, Devise cannot automatically set OmniAuth path,
# so you need to do it manually. For the users scope, it would be:
# config.omniauth_path_prefix = '/my_engine/users/auth'
+
+ # ==> Turbolinks configuration
+ # If your app is using Turbolinks, Turbolinks::Controller needs to be included to make redirection work correctly:
+ #
+ # ActiveSupport.on_load(:devise_failure_app) do
+ # include Turbolinks::Controller
+ # end
+
+ # ==> Configuration for :registerable
+
+ # When set to false, does not sign a user in automatically after their password is
+ # changed. Defaults to true, so a user is signed in automatically after changing a password.
+ # config.sign_in_after_change_password = true
end
diff --git a/spec/controllers/user_sessions_controller_spec.rb b/spec/controllers/user_sessions_controller_spec.rb
index c659f62..a92c4dd 100644
--- a/spec/controllers/user_sessions_controller_spec.rb
+++ b/spec/controllers/user_sessions_controller_spec.rb
@@ -54,11 +54,6 @@
end
end
- it "stores users screen size" do
- post :create, params: {user: user_params, user_screensize: screen_size}
- expect(session[:screen_size]).to eq(screen_size)
- end
-
context 'without valid params' do
it "renders login form" do
post :create, params: {user: {login: ''}}
diff --git a/spec/dummy/bin/setup b/spec/dummy/bin/setup
index e620b4d..94fd4d7 100755
--- a/spec/dummy/bin/setup
+++ b/spec/dummy/bin/setup
@@ -1,10 +1,9 @@
#!/usr/bin/env ruby
-require 'pathname'
require 'fileutils'
include FileUtils
# path to your application root.
-APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
+APP_ROOT = File.expand_path('..', __dir__)
def system!(*args)
system(*args) || abort("\n== Command #{args} failed ==")
@@ -18,6 +17,9 @@ chdir APP_ROOT do
system! 'gem install bundler --conservative'
system('bundle check') || system!('bundle install')
+ # Install JavaScript dependencies if using Yarn
+ # system('bin/yarn')
+
# puts "\n== Copying sample files =="
# unless File.exist?('config/database.yml')
# cp 'config/database.yml.sample', 'config/database.yml'
diff --git a/spec/dummy/bin/update b/spec/dummy/bin/update
index a8e4462..58bfaed 100755
--- a/spec/dummy/bin/update
+++ b/spec/dummy/bin/update
@@ -1,10 +1,9 @@
#!/usr/bin/env ruby
-require 'pathname'
require 'fileutils'
include FileUtils
# path to your application root.
-APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
+APP_ROOT = File.expand_path('..', __dir__)
def system!(*args)
system(*args) || abort("\n== Command #{args} failed ==")
@@ -18,6 +17,9 @@ chdir APP_ROOT do
system! 'gem install bundler --conservative'
system('bundle check') || system!('bundle install')
+ # Install JavaScript dependencies if using Yarn
+ # system('bin/yarn')
+
puts "\n== Updating database =="
system! 'bin/rails db:migrate'
diff --git a/spec/dummy/config/application.rb b/spec/dummy/config/application.rb
index af86759..c031fc6 100644
--- a/spec/dummy/config/application.rb
+++ b/spec/dummy/config/application.rb
@@ -1,13 +1,16 @@
require_relative 'boot'
+require "rails"
# Pick the frameworks you want:
+require "active_model/railtie"
+# require "active_job/railtie"
require "active_record/railtie"
+# require "active_storage/engine"
require "action_controller/railtie"
require "action_mailer/railtie"
require "action_view/railtie"
-require "sprockets/railtie"
-# require "active_job/railtie"
# require "action_cable/engine"
+require "sprockets/railtie"
# require "rails/test_unit/railtie"
# Require the gems listed in Gemfile, including any gems
@@ -21,7 +24,8 @@ class Application < Rails::Application
config.load_defaults 5.1
# Settings in config/environments/* take precedence over those specified here.
- # Application configuration should go into files in config/initializers
- # -- all .rb files in that directory are automatically loaded.
+ # Application configuration can go into files in config/initializers
+ # -- all .rb files in that directory are automatically loaded after loading
+ # the framework and any gems in your application.
end
end
diff --git a/spec/dummy/config/boot.rb b/spec/dummy/config/boot.rb
index c9aef85..4059200 100644
--- a/spec/dummy/config/boot.rb
+++ b/spec/dummy/config/boot.rb
@@ -1,5 +1,3 @@
-# Set up gems listed in the Gemfile.
ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
-$LOAD_PATH.unshift File.expand_path('../../../lib', __dir__)
+require 'bundler/setup' # Set up gems listed in the Gemfile.
diff --git a/spec/dummy/config/environments/development.rb b/spec/dummy/config/environments/development.rb
index e64889c..9ffc645 100644
--- a/spec/dummy/config/environments/development.rb
+++ b/spec/dummy/config/environments/development.rb
@@ -13,12 +13,13 @@
config.consider_all_requests_local = true
# Enable/disable caching. By default caching is disabled.
- if Rails.root.join('tmp/caching-dev.txt').exist?
+ # Run rails dev:cache to toggle caching.
+ if Rails.root.join('tmp', 'caching-dev.txt').exist?
config.action_controller.perform_caching = true
config.cache_store = :memory_store
config.public_file_server.headers = {
- 'Cache-Control' => 'public, max-age=172800'
+ 'Cache-Control' => "public, max-age=#{2.days.to_i}"
}
else
config.action_controller.perform_caching = false
@@ -26,6 +27,9 @@
config.cache_store = :null_store
end
+ # Store uploaded files on the local file system (see config/storage.yml for options)
+ # config.active_storage.service = :local
+
# Don't care if the mailer can't send.
config.action_mailer.raise_delivery_errors = false
@@ -37,6 +41,9 @@
# Raise an error on page load if there are pending migrations.
config.active_record.migration_error = :page_load
+ # Highlight code that triggered database queries in logs.
+ config.active_record.verbose_query_logs = true
+
# Debug mode disables concatenation and preprocessing of assets.
# This option may cause significant delays in view rendering with a large
# number of complex assets.
@@ -50,5 +57,5 @@
# Use an evented file watcher to asynchronously detect changes in source code,
# routes, locales, etc. This feature depends on the listen gem.
- # config.file_watcher = ActiveSupport::EventedFileUpdateChecker
+ config.file_watcher = ActiveSupport::EventedFileUpdateChecker
end
diff --git a/spec/dummy/config/environments/production.rb b/spec/dummy/config/environments/production.rb
index 739e81c..638ae1d 100644
--- a/spec/dummy/config/environments/production.rb
+++ b/spec/dummy/config/environments/production.rb
@@ -14,6 +14,10 @@
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
+ # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
+ # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
+ # config.require_master_key = true
+
# Disable serving static files from the `/public` folder by default since
# Apache or NGINX already handles this.
config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
@@ -34,10 +38,8 @@
# config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
- # Mount Action Cable outside main process or domain
- # config.action_cable.mount_path = nil
- # config.action_cable.url = 'wss://example.com/cable'
- # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+ # Store uploaded files on the local file system (see config/storage.yml for options)
+ # config.active_storage.service = :local
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
@@ -55,6 +57,7 @@
# Use a real queuing backend for Active Job (and separate queues per environment)
# config.active_job.queue_adapter = :resque
# config.active_job.queue_name_prefix = "dummy_#{Rails.env}"
+
config.action_mailer.perform_caching = false
# Ignore bad email addresses and do not raise email delivery errors.
@@ -78,7 +81,7 @@
if ENV["RAILS_LOG_TO_STDOUT"].present?
logger = ActiveSupport::Logger.new(STDOUT)
logger.formatter = config.log_formatter
- config.logger = ActiveSupport::TaggedLogging.new(logger)
+ config.logger = ActiveSupport::TaggedLogging.new(logger)
end
# Do not dump schema after migrations.
diff --git a/spec/dummy/config/environments/test.rb b/spec/dummy/config/environments/test.rb
index 30587ef..288b92f 100644
--- a/spec/dummy/config/environments/test.rb
+++ b/spec/dummy/config/environments/test.rb
@@ -15,7 +15,7 @@
# Configure public file server for tests with Cache-Control for performance.
config.public_file_server.enabled = true
config.public_file_server.headers = {
- 'Cache-Control' => 'public, max-age=3600'
+ 'Cache-Control' => "public, max-age=#{1.hour.to_i}"
}
# Show full error reports and disable caching.
@@ -27,6 +27,10 @@
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
+
+ # Store uploaded files on the local file system in a temporary directory
+ # config.active_storage.service = :test
+
config.action_mailer.perform_caching = false
# Tell Action Mailer not to deliver emails to the real world.
diff --git a/spec/dummy/config/initializers/application_controller_renderer.rb b/spec/dummy/config/initializers/application_controller_renderer.rb
index 51639b6..89d2efa 100644
--- a/spec/dummy/config/initializers/application_controller_renderer.rb
+++ b/spec/dummy/config/initializers/application_controller_renderer.rb
@@ -1,6 +1,8 @@
# Be sure to restart your server when you modify this file.
-# ApplicationController.renderer.defaults.merge!(
-# http_host: 'example.org',
-# https: false
-# )
+# ActiveSupport::Reloader.to_prepare do
+# ApplicationController.renderer.defaults.merge!(
+# http_host: 'example.org',
+# https: false
+# )
+# end
diff --git a/spec/dummy/config/initializers/assets.rb b/spec/dummy/config/initializers/assets.rb
index 01ef3e6..4b828e8 100644
--- a/spec/dummy/config/initializers/assets.rb
+++ b/spec/dummy/config/initializers/assets.rb
@@ -3,9 +3,12 @@
# Version of your assets, change this if you want to expire all your assets.
Rails.application.config.assets.version = '1.0'
-# Add additional assets to the asset load path
+# Add additional assets to the asset load path.
# Rails.application.config.assets.paths << Emoji.images_path
+# Add Yarn node_modules folder to the asset load path.
+Rails.application.config.assets.paths << Rails.root.join('node_modules')
# Precompile additional assets.
-# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-# Rails.application.config.assets.precompile += %w( search.js )
+# application.js, application.css, and all non-JS/CSS in the app/assets
+# folder are already added.
+# Rails.application.config.assets.precompile += %w( admin.js admin.css )
diff --git a/spec/dummy/config/initializers/content_security_policy.rb b/spec/dummy/config/initializers/content_security_policy.rb
new file mode 100644
index 0000000..d3bcaa5
--- /dev/null
+++ b/spec/dummy/config/initializers/content_security_policy.rb
@@ -0,0 +1,25 @@
+# Be sure to restart your server when you modify this file.
+
+# Define an application-wide content security policy
+# For further information see the following documentation
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+
+# Rails.application.config.content_security_policy do |policy|
+# policy.default_src :self, :https
+# policy.font_src :self, :https, :data
+# policy.img_src :self, :https, :data
+# policy.object_src :none
+# policy.script_src :self, :https
+# policy.style_src :self, :https
+
+# # Specify URI for violation reports
+# # policy.report_uri "/csp-violation-report-endpoint"
+# end
+
+# If you are using UJS then enable automatic nonce generation
+# Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }
+
+# Report CSP violations to a specified URI
+# For further information see the following documentation:
+# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
+# Rails.application.config.content_security_policy_report_only = true
diff --git a/spec/dummy/config/initializers/cookies_serializer.rb b/spec/dummy/config/initializers/cookies_serializer.rb
index 1389e86..5a6a32d 100644
--- a/spec/dummy/config/initializers/cookies_serializer.rb
+++ b/spec/dummy/config/initializers/cookies_serializer.rb
@@ -2,4 +2,4 @@
# Specify a serializer for the signed and encrypted cookie jars.
# Valid options are :json, :marshal, and :hybrid.
-Rails.application.config.action_dispatch.cookies_serializer = :marshal
+Rails.application.config.action_dispatch.cookies_serializer = :json
diff --git a/spec/dummy/config/initializers/new_framework_defaults_5_2.rb b/spec/dummy/config/initializers/new_framework_defaults_5_2.rb
new file mode 100644
index 0000000..5132a0b
--- /dev/null
+++ b/spec/dummy/config/initializers/new_framework_defaults_5_2.rb
@@ -0,0 +1,38 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains migration options to ease your Rails 5.2 upgrade.
+#
+# Once upgraded flip defaults one by one to migrate to the new default.
+#
+# Read the Guide for Upgrading Ruby on Rails for more info on each option.
+
+# Make Active Record use stable #cache_key alongside new #cache_version method.
+# This is needed for recyclable cache keys.
+# Rails.application.config.active_record.cache_versioning = true
+
+# Use AES-256-GCM authenticated encryption for encrypted cookies.
+# Also, embed cookie expiry in signed or encrypted cookies for increased security.
+#
+# This option is not backwards compatible with earlier Rails versions.
+# It's best enabled when your entire app is migrated and stable on 5.2.
+#
+# Existing cookies will be converted on read then written with the new scheme.
+# Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true
+
+# Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
+# instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
+# Rails.application.config.active_support.use_authenticated_message_encryption = true
+
+# Add default protection from forgery to ActionController::Base instead of in
+# ApplicationController.
+# Rails.application.config.action_controller.default_protect_from_forgery = true
+
+# Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and
+# 'f' after migrating old data.
+Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
+
+# Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
+# Rails.application.config.active_support.use_sha1_digests = true
+
+# Make `form_with` generate id attributes for any generated HTML tags.
+# Rails.application.config.action_view.form_with_generates_ids = true
diff --git a/spec/dummy/config/locales/en.yml b/spec/dummy/config/locales/en.yml
index 0653957..decc5a8 100644
--- a/spec/dummy/config/locales/en.yml
+++ b/spec/dummy/config/locales/en.yml
@@ -16,6 +16,16 @@
#
# This would use the information in config/locales/es.yml.
#
+# The following keys must be escaped otherwise they will not be retrieved by
+# the default I18n backend:
+#
+# true, false, on, off, yes, no
+#
+# Instead, surround them with single quotes.
+#
+# en:
+# 'true': 'foo'
+#
# To learn more, please read the Rails Internationalization guide
# available at http://guides.rubyonrails.org/i18n.html.
diff --git a/spec/dummy/config/storage.yml b/spec/dummy/config/storage.yml
new file mode 100644
index 0000000..d32f76e
--- /dev/null
+++ b/spec/dummy/config/storage.yml
@@ -0,0 +1,34 @@
+test:
+ service: Disk
+ root: <%= Rails.root.join("tmp/storage") %>
+
+local:
+ service: Disk
+ root: <%= Rails.root.join("storage") %>
+
+# Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
+# amazon:
+# service: S3
+# access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
+# secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
+# region: us-east-1
+# bucket: your_own_bucket
+
+# Remember not to checkin your GCS keyfile to a repository
+# google:
+# service: GCS
+# project: your_project
+# credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
+# bucket: your_own_bucket
+
+# Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
+# microsoft:
+# service: AzureStorage
+# storage_account_name: your_account_name
+# storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
+# container: your_container_name
+
+# mirror:
+# service: Mirror
+# primary: local
+# mirrors: [ amazon, google, microsoft ]
diff --git a/spec/dummy/db/schema.rb b/spec/dummy/db/schema.rb
index 832409e..de8c6b7 100644
--- a/spec/dummy/db/schema.rb
+++ b/spec/dummy/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20180301103350) do
+ActiveRecord::Schema.define(version: 2018_03_01_103350) do
create_table "alchemy_attachments", force: :cascade do |t|
t.string "name"
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 7cce332..0049bfe 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -8,10 +8,9 @@
end
# Configure Rails Environment
-ENV["RAILS_ENV"] = "test"
+ENV["RAILS_ENV"] ||= "test"
require File.expand_path("../dummy/config/environment.rb", __FILE__)
-require "rails/test_help"
require "rspec/rails"
require 'rspec/active_model/mocks'
require "capybara/rails"