diff --git a/Gemfile b/Gemfile index 86ee57ccb..7778a741f 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" gem "activerecord-postgis-adapter" gem "pg" -gem "rails", "~> 6.1" +gem "rails", "~> 7.0" git_source(:github) do |repo_name| repo_name = "#{repo_name}/#{repo_name}" unless repo_name.include?("/") @@ -92,8 +92,8 @@ gem "nokogiri" gem "progress_bar" gem "rails-i18n" gem "rails-observers" -gem "sunspot_rails", "= 2.4.0" # Getting issues along the lines of https://github.com/sunspot/sunspot/issues/948 -gem "sunspot_solr", "= 2.4.0" +gem "sunspot_rails" +gem "sunspot_solr" gem "tagsinput-rails" gem "uglifier", ">= 1.3.0" gem "will-paginate-i18n" diff --git a/Gemfile.lock b/Gemfile.lock index 6514a23e1..d20e984fd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -10,74 +10,92 @@ GEM specs: aasm (5.0.6) concurrent-ruby (~> 1.0) - actioncable (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) + actioncable (7.1.5) + actionpack (= 7.1.5) + activesupport (= 7.1.5) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + zeitwerk (~> 2.6) + actionmailbox (7.1.5) + actionpack (= 7.1.5) + activejob (= 7.1.5) + activerecord (= 7.1.5) + activestorage (= 7.1.5) + activesupport (= 7.1.5) mail (>= 2.7.1) - actionmailer (6.1.7.8) - actionpack (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activesupport (= 6.1.7.8) + net-imap + net-pop + net-smtp + actionmailer (7.1.5) + actionpack (= 7.1.5) + actionview (= 7.1.5) + activejob (= 7.1.5) + activesupport (= 7.1.5) mail (~> 2.5, >= 2.5.4) - rails-dom-testing (~> 2.0) - actionpack (6.1.7.8) - actionview (= 6.1.7.8) - activesupport (= 6.1.7.8) - rack (~> 2.0, >= 2.0.9) + net-imap + net-pop + net-smtp + rails-dom-testing (~> 2.2) + actionpack (7.1.5) + actionview (= 7.1.5) + activesupport (= 7.1.5) + nokogiri (>= 1.8.5) + racc + rack (>= 2.2.4) + rack-session (>= 1.0.1) rack-test (>= 0.6.3) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.8) - actionpack (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) + actiontext (7.1.5) + actionpack (= 7.1.5) + activerecord (= 7.1.5) + activestorage (= 7.1.5) + activesupport (= 7.1.5) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.8) - activesupport (= 6.1.7.8) + actionview (7.1.5) + activesupport (= 7.1.5) builder (~> 3.1) - erubi (~> 1.4) - rails-dom-testing (~> 2.0) - rails-html-sanitizer (~> 1.1, >= 1.2.0) + erubi (~> 1.11) + rails-dom-testing (~> 2.2) + rails-html-sanitizer (~> 1.6) actionview-encoded_mail_to (1.0.9) rails - activejob (6.1.7.8) - activesupport (= 6.1.7.8) + activejob (7.1.5) + activesupport (= 7.1.5) globalid (>= 0.3.6) - activemodel (6.1.7.8) - activesupport (= 6.1.7.8) + activemodel (7.1.5) + activesupport (= 7.1.5) activemodel-serializers-xml (1.0.3) activemodel (>= 5.0.0.a) activesupport (>= 5.0.0.a) builder (~> 3.1) - activerecord (6.1.7.8) - activemodel (= 6.1.7.8) - activesupport (= 6.1.7.8) - activerecord-postgis-adapter (7.1.1) - activerecord (~> 6.1) + activerecord (7.1.5) + activemodel (= 7.1.5) + activesupport (= 7.1.5) + timeout (>= 0.4.0) + activerecord-postgis-adapter (9.0.2) + activerecord (~> 7.1.0) rgeo-activerecord (~> 7.0.0) - activestorage (6.1.7.8) - actionpack (= 6.1.7.8) - activejob (= 6.1.7.8) - activerecord (= 6.1.7.8) - activesupport (= 6.1.7.8) + activestorage (7.1.5) + actionpack (= 7.1.5) + activejob (= 7.1.5) + activerecord (= 7.1.5) + activesupport (= 7.1.5) marcel (~> 1.0) - mini_mime (>= 1.1.0) - activesupport (6.1.7.8) + activesupport (7.1.5) + base64 + benchmark (>= 0.3) + bigdecimal concurrent-ruby (~> 1.0, >= 1.0.2) + connection_pool (>= 2.2.5) + drb i18n (>= 1.6, < 2) + logger (>= 1.4.2) minitest (>= 5.1) + mutex_m + securerandom (>= 0.3) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) annotate (3.2.0) @@ -88,6 +106,7 @@ GEM execjs (~> 2) base64 (0.2.0) bcrypt (3.1.20) + benchmark (0.4.0) better_errors (2.8.0) coderay (>= 1.0.0) erubi (>= 1.0.0) @@ -102,7 +121,7 @@ GEM railties (>= 4.0.0) sprockets (>= 3.6.0) builder (3.3.0) - bullet (7.0.1) + bullet (8.0.0) activesupport (>= 3.0.0) uniform_notifier (~> 1.11) capybara (3.40.0) @@ -133,8 +152,13 @@ GEM rexml crass (1.0.6) daemons (1.3.1) - database_cleaner (1.7.0) - date (3.4.0) + database_cleaner (2.1.0) + database_cleaner-active_record (>= 2, < 3) + database_cleaner-active_record (2.2.0) + activerecord (>= 5.a) + database_cleaner-core (~> 2.0.0) + database_cleaner-core (2.0.1) + date (3.4.1) devise (4.9.4) bcrypt (~> 3.0) orm_adapter (~> 0.1) @@ -158,6 +182,7 @@ GEM activesupport (>= 5.0) request_store (>= 1.0) ruby2_keywords + drb (2.2.1) dry-core (1.0.2) concurrent-ruby (~> 1.0) logger @@ -191,7 +216,7 @@ GEM factory_bot_rails (6.4.3) factory_bot (~> 6.4) railties (>= 5.0.0) - faraday (1.10.2) + faraday (1.10.4) faraday-em_http (~> 1.0) faraday-em_synchrony (~> 1.0) faraday-excon (~> 1.1) @@ -209,7 +234,7 @@ GEM faraday-httpclient (1.0.1) faraday-multipart (1.0.4) multipart-post (~> 2) - faraday-net_http (1.0.1) + faraday-net_http (1.0.2) faraday-net_http_persistent (1.2.0) faraday-patron (1.0.0) faraday-rack (1.0.0) @@ -273,6 +298,10 @@ GEM icalendar (2.5.3) ice_cube (~> 0.16) ice_cube (0.16.3) + io-console (0.8.0) + irb (1.14.1) + rdoc (>= 4.0.0) + reline (>= 0.4.2) jquery-rails (4.4.0) rails-dom-testing (>= 1, < 3) railties (>= 4.2.0) @@ -305,7 +334,7 @@ GEM leaflet-rails (0.7.7) letter_opener (1.10.0) launchy (>= 2.2, < 4) - logger (1.6.1) + logger (1.6.2) lograge (0.11.2) actionpack (>= 4) activesupport (>= 4) @@ -323,22 +352,22 @@ GEM marcel (1.0.4) matrix (0.4.2) memory_profiler (0.9.14) - method_source (1.1.0) mini_mime (1.1.5) - mini_portile2 (2.8.7) - minitest (5.25.1) + mini_portile2 (2.8.8) + minitest (5.25.4) mono_logger (1.1.2) multi_json (1.15.0) multi_xml (0.6.0) - multipart-post (2.2.3) + multipart-post (2.4.1) mustache (1.1.0) mustermann (3.0.3) ruby2_keywords (~> 0.0.1) mustermann-grape (1.1.0) mustermann (>= 1.0.0) + mutex_m (0.3.0) net-http (0.4.1) uri - net-imap (0.4.17) + net-imap (0.4.18) date net-protocol net-pop (0.1.2) @@ -347,8 +376,8 @@ GEM timeout net-smtp (0.5.0) net-protocol - nio4r (2.7.3) - nokogiri (1.16.7) + nio4r (2.7.4) + nokogiri (1.17.1) mini_portile2 (~> 2.8.2) racc (~> 1.4) normalizr (0.6.1) @@ -396,6 +425,9 @@ GEM progress_bar (1.3.0) highline (>= 1.6, < 3) options (~> 2.3.0) + psych (5.2.1) + date + stringio public_suffix (6.0.1) pundit (2.2.0) activesupport (>= 3.0.0) @@ -413,25 +445,29 @@ GEM rack-protection (3.2.0) base64 (>= 0.1.0) rack (~> 2.2, >= 2.2.4) + rack-session (1.0.2) + rack (< 3) rack-test (2.1.0) rack (>= 1.3) rack-utf8_sanitizer (1.9.1) rack (>= 1.0, < 4.0) - rails (6.1.7.8) - actioncable (= 6.1.7.8) - actionmailbox (= 6.1.7.8) - actionmailer (= 6.1.7.8) - actionpack (= 6.1.7.8) - actiontext (= 6.1.7.8) - actionview (= 6.1.7.8) - activejob (= 6.1.7.8) - activemodel (= 6.1.7.8) - activerecord (= 6.1.7.8) - activestorage (= 6.1.7.8) - activesupport (= 6.1.7.8) + rackup (1.0.1) + rack (< 3) + webrick + rails (7.1.5) + actioncable (= 7.1.5) + actionmailbox (= 7.1.5) + actionmailer (= 7.1.5) + actionpack (= 7.1.5) + actiontext (= 7.1.5) + actionview (= 7.1.5) + activejob (= 7.1.5) + activemodel (= 7.1.5) + activerecord (= 7.1.5) + activestorage (= 7.1.5) + activesupport (= 7.1.5) bundler (>= 1.15.0) - railties (= 6.1.7.8) - sprockets-rails (>= 2.0.0) + railties (= 7.1.5) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -440,9 +476,9 @@ GEM activesupport (>= 5.0.0) minitest nokogiri (>= 1.6) - rails-html-sanitizer (1.6.0) + rails-html-sanitizer (1.6.1) loofah (~> 2.21) - nokogiri (~> 1.14) + nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) rails-i18n (7.0.3) i18n (>= 0.7, < 2) railties (>= 6.0.0, < 8) @@ -450,25 +486,31 @@ GEM activemodel (>= 4.0) rails_autolink (1.1.6) rails (> 3.1) - railties (6.1.7.8) - actionpack (= 6.1.7.8) - activesupport (= 6.1.7.8) - method_source + railties (7.1.5) + actionpack (= 7.1.5) + activesupport (= 7.1.5) + irb + rackup (>= 1.0.0) rake (>= 12.2) - thor (~> 1.0) + thor (~> 1.0, >= 1.2.2) + zeitwerk (~> 2.6) rainbow (3.1.1) rake (13.2.1) rakismet (1.5.4) ratelimit (1.1.0) redis (>= 3.0.0) redis-namespace (>= 1.0.0) - redis (5.1.0) - redis-client (>= 0.17.0) - redis-client (0.22.0) + rdoc (6.8.1) + psych (>= 4.0.0) + redis (5.3.0) + redis-client (>= 0.22.0) + redis-client (0.22.2) connection_pool redis-namespace (1.11.0) redis (>= 4) regexp_parser (2.9.2) + reline (0.5.12) + io-console (~> 0.5) request_store (1.7.0) rack (>= 1.4) responders (3.1.1) @@ -499,7 +541,7 @@ GEM rgeo-geojson (2.1.1) rgeo (>= 1.0.0) rollbar (3.5.2) - rsolr (2.5.0) + rsolr (2.6.0) builder (>= 2.1.2) faraday (>= 0.9, < 3, != 2.0.0) rspec-collection_matchers (1.1.3) @@ -558,6 +600,7 @@ GEM sprockets (> 3.0) sprockets-rails tilt + securerandom (0.3.2) selenium-webdriver (4.26.0) base64 (~> 0.2) logger (~> 1.4) @@ -586,13 +629,15 @@ GEM stackprof (0.2.12) stimulus-rails (1.0.4) railties (>= 6.0.0) - sunspot (2.4.0) + stringio (3.1.2) + sunspot (2.7.1) + bigdecimal pr_geohash (~> 1.0) rsolr (>= 1.1.1, < 3) - sunspot_rails (2.4.0) - rails (>= 3) - sunspot (= 2.4.0) - sunspot_solr (2.4.0) + sunspot_rails (2.7.1) + rails (>= 5) + sunspot (= 2.7.1) + sunspot_solr (2.7.1) sunspot_test (0.4.1) sunspot_rails (>= 2.1.1) sunspot_solr @@ -607,7 +652,7 @@ GEM thumbs_up (0.4.6) activerecord tilt (2.4.0) - timeout (0.4.1) + timeout (0.4.2) tinymce-rails (5.10.4) railties (>= 3.1.1) turbo-rails (1.0.1) @@ -626,7 +671,7 @@ GEM addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) - webrick (1.8.2) + webrick (1.9.1) websocket (1.2.11) websocket-driver (0.7.6) websocket-extensions (>= 0.1.0) @@ -710,7 +755,7 @@ DEPENDENCIES rack-cors rack-mini-profiler rack-utf8_sanitizer - rails (~> 6.1) + rails (~> 7.0) rails-controller-testing rails-i18n rails-observers @@ -739,8 +784,8 @@ DEPENDENCIES spring-commands-rspec sprockets-rails stackprof - sunspot_rails (= 2.4.0) - sunspot_solr (= 2.4.0) + sunspot_rails + sunspot_solr sunspot_test tagsinput-rails thin diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ec28766ac..9fa54613c 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -87,7 +87,7 @@ def set_xhr_layout def load_group_from_subdomain if SubdomainConstraint.matches?(request) @current_group = Group.find_by(short_name: SubdomainConstraint.subdomain_from_request(request)) - redirect_to root_url(subdomain: SubdomainConstraint.subdomain("www")) unless @current_group + redirect_to(root_url(subdomain: SubdomainConstraint.subdomain("www")), allow_other_host: true) unless @current_group end end @@ -175,5 +175,15 @@ def redirect_not_authorized yield rescue Pundit::NotAuthorizedError permission_denied + rescue UnsafeRedirectError => e + # https://github.com/heartcombo/responders/issues/237 + # if the sign in location is to a different subdomain Devise uses + # responders and this can't pass in allow_other_host: true + # This catches the error and checks if the URL is a subdomain + url_in_errror = e.message.match(/"(http[^\s]+)"/) + raise e unless url_in_errror + + redirect_host = URI(url_in_errror[1]).host + raise e unless redirect_host.ends_with?(".#{request.domain}") end end diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 31019adb6..971238b5b 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -33,7 +33,7 @@ def show @recent_issues = IssueDecorator.decorate_collection group.recent_issues.limit(10).includes(:created_by) @group = GroupDecorator.decorate group else - redirect_to root_url(subdomain: SubdomainConstraint.subdomain("www")) + redirect_to root_url(subdomain: SubdomainConstraint.subdomain("www")), allow_other_host: true end end diff --git a/app/mailers/thread_mailer.rb b/app/mailers/thread_mailer.rb index a7b507393..de9a413fd 100644 --- a/app/mailers/thread_mailer.rb +++ b/app/mailers/thread_mailer.rb @@ -7,7 +7,7 @@ def digest(user, threads_messages) set_time_zone(user) do mail( to: @subscriber.name_with_email, - subject: t("mailers.thread_mailer.digest.subject", date: Date.current.to_s(:long), application_name: site_config.application_name), + subject: t("mailers.thread_mailer.digest.subject", date: Date.current.to_formatted_s(:long), application_name: site_config.application_name), reply_to: no_reply_address ) end diff --git a/app/models/message_thread.rb b/app/models/message_thread.rb index 8d518d40a..d38b81b67 100644 --- a/app/models/message_thread.rb +++ b/app/models/message_thread.rb @@ -157,7 +157,7 @@ def unviewed_private_count(user) # @return [Array] ids of unviewed threads def unviewed_thread_ids(user:, threads:) ids = if threads.is_a?(ActiveRecord::Relation) && !threads.loaded? - threads.ids + threads.pluck(:id) else threads.map(&:id) end diff --git a/config/application.rb b/config/application.rb index 183ff165f..bc708f20a 100644 --- a/config/application.rb +++ b/config/application.rb @@ -10,8 +10,7 @@ module Cyclescape class Application < Rails::Application - config.load_defaults 6.0 - config.action_mailer.delivery_job = "ActionMailer::MailDeliveryJob" + config.load_defaults 7.0 # Settings in config/environments/* take precedence over those specified here. # Application configuration should go into files in config/initializers # -- all .rb files in that directory are automatically loaded. @@ -114,7 +113,7 @@ class Application < Rails::Application # # defaults to Rails.env # config.browserify_rails.node_env = "production" - config.action_mailer.preview_path = Rails.root.join("app", "controllers", "admin", "mailers") + config.action_mailer.preview_paths = [Rails.root.join("app", "controllers", "admin", "mailers")] config.action_mailer.show_previews = true config.middleware.insert 0, Rack::UTF8Sanitizer # fix ArgumentError invalid %-encoding bugs, https://gist.github.com/bf4/d26259acfa29f3b9882b#file-exception_app-rb diff --git a/config/environments/test.rb b/config/environments/test.rb index eae4f7153..95cb10f75 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -30,7 +30,7 @@ config.cache_store = :null_store # Raise exceptions instead of rendering exception templates. - config.action_dispatch.show_exceptions = false + config.action_dispatch.show_exceptions = :none # Disable request forgery protection in test environment. config.action_controller.allow_forgery_protection = false diff --git a/config/initializers/new_framework_defaults_6_1.rb b/config/initializers/new_framework_defaults_6_1.rb deleted file mode 100644 index 144a62d0c..000000000 --- a/config/initializers/new_framework_defaults_6_1.rb +++ /dev/null @@ -1,67 +0,0 @@ -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 6.1 upgrade. -# -# Once upgraded flip defaults one by one to migrate to the new default. -# -# Read the Guide for Upgrading Ruby on Rails for more info on each option. - -# Support for inversing belongs_to -> has_many Active Record associations. -# Rails.application.config.active_record.has_many_inversing = true - -# Track Active Storage variants in the database. -Rails.application.config.active_storage.track_variants = true - -# Apply random variation to the delay when retrying failed jobs. -Rails.application.config.active_job.retry_jitter = 0.15 - -# Stop executing `after_enqueue`/`after_perform` callbacks if -# `before_enqueue`/`before_perform` respectively halts with `throw :abort`. -Rails.application.config.active_job.skip_after_callbacks_if_terminated = true - -# Specify cookies SameSite protection level: either :none, :lax, or :strict. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_dispatch.cookies_same_site_protection = :lax - -# Generate CSRF tokens that are encoded in URL-safe Base64. -# -# This change is not backwards compatible with earlier Rails versions. -# It's best enabled when your entire app is migrated and stable on 6.1. -# Rails.application.config.action_controller.urlsafe_csrf_tokens = true - -# Specify whether `ActiveSupport::TimeZone.utc_to_local` returns a time with an -# UTC offset or a UTC time. -ActiveSupport.utc_to_local_returns_utc_offset_times = true - -# Change the default HTTP status code to `308` when redirecting non-GET/HEAD -# requests to HTTPS in `ActionDispatch::SSL` middleware. -Rails.application.config.action_dispatch.ssl_default_redirect_status = 308 - -# Use new connection handling API. For most applications this won't have any -# effect. For applications using multiple databases, this new API provides -# support for granular connection swapping. -Rails.application.config.active_record.legacy_connection_handling = false - -# Make `form_with` generate non-remote forms by default. -# Rails.application.config.action_view.form_with_generates_remote_forms = false - -# Set the default queue name for the analysis job to the queue adapter default. -Rails.application.config.active_storage.queues.analysis = "medium" - -# Set the default queue name for the purge job to the queue adapter default. -Rails.application.config.active_storage.queues.purge = nil - -# Set the default queue name for the incineration job to the queue adapter default. -Rails.application.config.action_mailbox.queues.incineration = nil - -# Set the default queue name for the routing job to the queue adapter default. -Rails.application.config.action_mailbox.queues.routing = "medium" - -# Set the default queue name for the mail deliver job to the queue adapter default. -Rails.application.config.action_mailer.deliver_later_queue_name = "mailers" - -# Generate a `Link` header that gives a hint to modern browsers about -# preloading assets when using `javascript_include_tag` and `stylesheet_link_tag`. -Rails.application.config.action_view.preload_links_header = true diff --git a/config/initializers/resque.rb b/config/initializers/resque.rb index 6b7115fd0..e78855791 100644 --- a/config/initializers/resque.rb +++ b/config/initializers/resque.rb @@ -22,13 +22,13 @@ end module ActionMailer - class DeliveryJob - retry_on StandardError, wait: :exponentially_longer, attempts: 5 + class MailDeliveryJob + retry_on StandardError, wait: :polynomially_longer, attempts: 5 end end module ActiveJob class Base - retry_on StandardError, wait: :exponentially_longer, attempts: 5 + retry_on StandardError, wait: :polynomially_longer, attempts: 5 end end