Skip to content

Commit

Permalink
Merge pull request #6244 from CitizenLabDotCo/master
Browse files Browse the repository at this point in the history
Release 2023-10-25
  • Loading branch information
sebastienhoorens authored Oct 25, 2023
2 parents 124ad9b + 8809997 commit bd0e6cd
Show file tree
Hide file tree
Showing 53 changed files with 2,361 additions and 4,916 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/main.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: CI
on:
push:
paths: ['cl2-component-library/src/**']# Trigger the action only when files change in the folders defined here
paths: ['cl2-component-library/**'] # Trigger the action when files change in the folder defined here
jobs:
build:
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/storybook.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ on:
push:
branches:
- master
paths: ['cl2-component-library/src/**'] # Trigger the action only when files change in the folders defined here
paths: ['cl2-component-library/**'] # Trigger the action when files change in the folder defined here
jobs:
build-and-deploy:
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion back/Dockerfile.development
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ RUN apt-get update && apt-get install -qq -y --no-install-recommends \
less \
clang

RUN curl -sL https://deb.nodesource.com/setup_15.x | bash -
RUN curl -sL https://deb.nodesource.com/setup_18.x | bash -
RUN apt-get -y install nodejs

# Install MJML parser required by email engine.
Expand Down
23 changes: 11 additions & 12 deletions back/Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ PATH
specs:
id_cow (0.1.0)
rails (~> 7.0)
savon (~> 2.12.0)
savon (>= 2.12, < 2.15)
verification

PATH
Expand Down Expand Up @@ -164,7 +164,7 @@ PATH
id_id_card_lookup (0.1.0)
admin_api
rails (~> 7.0)
savon (~> 2.12.0)
savon (>= 2.12, < 2.15)
verification

PATH
Expand Down Expand Up @@ -316,7 +316,7 @@ PATH
pundit (~> 2.0)
rails (~> 7.0)
ros-apartment (>= 2.9.0)
savon (~> 2.12.0)
savon (>= 2.12, < 2.15)

PATH
remote: engines/free/document_annotation
Expand Down Expand Up @@ -473,7 +473,7 @@ GEM
tzinfo (~> 2.0)
acts_as_list (1.1.0)
activerecord (>= 4.2)
addressable (2.8.4)
addressable (2.8.5)
public_suffix (>= 2.0.2, < 6.0)
aes_key_wrap (1.1.0)
akami (1.3.1)
Expand Down Expand Up @@ -727,9 +727,8 @@ GEM
mini_mime (>= 1.0.0)
multi_xml (>= 0.5.2)
httpclient (2.8.3)
httpi (2.5.0)
httpi (3.0.1)
rack
socksify
i18n (1.14.1)
concurrent-ruby (~> 1.0)
icalendar (2.9.0)
Expand Down Expand Up @@ -1012,7 +1011,7 @@ GEM
mime-types (>= 1.16, < 4.0)
netrc (~> 0.8)
retriable (3.1.2)
rexml (3.2.5)
rexml (3.2.6)
rgeo (3.0.0)
rgeo-activerecord (7.0.1)
activerecord (>= 5.0)
Expand Down Expand Up @@ -1107,11 +1106,12 @@ GEM
rubyzip (1.3.0)
saharspec (0.0.10)
ruby2_keywords
savon (2.12.1)
savon (2.14.0)
akami (~> 1.2)
builder (>= 2.1.2)
gyoku (~> 1.2)
httpi (~> 2.3)
httpi (>= 2.4.5)
mail (~> 2.5)
nokogiri (>= 1.8.1)
nori (~> 2.4)
wasabi (~> 3.4)
Expand Down Expand Up @@ -1148,7 +1148,6 @@ GEM
rack-protection (= 3.0.6)
tilt (~> 2.0)
smstools (0.2.2)
socksify (1.7.1)
sorted_set (1.0.3)
rbtree
set (~> 1.0)
Expand Down Expand Up @@ -1198,9 +1197,9 @@ GEM
activemodel (>= 3.0.0)
public_suffix
vcr (6.1.0)
wasabi (3.7.0)
wasabi (3.8.0)
addressable
httpi (~> 2.0)
httpi (~> 3.0)
nokogiri (>= 1.4.2)
webfinger (2.1.2)
activesupport
Expand Down
7 changes: 3 additions & 4 deletions back/app/controllers/web_api/v1/resend_codes_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,11 @@ class WebApi::V1::ResendCodesController < ApplicationController
skip_after_action :verify_authorized

def create
result = SendConfirmationCode.call(user: current_user, new_email: resend_code_params[:new_email])

if result.success?
RequestConfirmationCodeJob.perform_now current_user, new_email: resend_code_params[:new_email]
if current_user.valid?
head :ok
else
render json: { errors: result.errors.details }, status: :unprocessable_entity
render json: { errors: current_user.errors.details }, status: :unprocessable_entity
end
end

Expand Down
15 changes: 0 additions & 15 deletions back/app/interactors/deliver_confirmation_code.rb

This file was deleted.

25 changes: 0 additions & 25 deletions back/app/interactors/reset_user_confirmation_code.rb

This file was deleted.

22 changes: 0 additions & 22 deletions back/app/interactors/reset_user_email.rb

This file was deleted.

11 changes: 0 additions & 11 deletions back/app/interactors/schedule_code_expiration.rb

This file was deleted.

16 changes: 0 additions & 16 deletions back/app/interactors/send_confirmation_code.rb

This file was deleted.

52 changes: 52 additions & 0 deletions back/app/jobs/request_confirmation_code_job.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# frozen_string_literal: true

class RequestConfirmationCodeJob < ApplicationJob
self.priority = 30 # More important than default (50)

attr_reader :user

def run(user, new_email: nil)
@user = user
raise 'User confirmation is disabled.' if !AppConfiguration.instance.feature_activated?('user_confirmation')
if !user.registered_with_email? && (!new_email || PhoneService.new.encoded_phone_or_email?(new_email) != :email)
raise 'Confirmation is currently working for emails only.'
end

LogActivityJob.perform_later(user, 'requested_confirmation_code', user, Time.now.to_i, payload: { new_email: new_email })
if new_email
user.new_email = new_email
user.email_confirmation_code_reset_count = 0
end
reset_user_confirmation_code user
return if !user.valid?

ActiveRecord::Base.transaction do
user.save!
deliver_confirmation_code! user
schedule_code_expiration! user
LogActivityJob.perform_later(user, 'received_confirmation_code', user, Time.now.to_i, payload: { new_email: new_email })
end
end

private

def reset_user_confirmation_code(user)
first_code = user.email_confirmation_code.nil?
user.reset_confirmation_code
user.increment_confirmation_code_reset_count if !first_code
end

def deliver_confirmation_code!(user)
ConfirmationsMailer.with(user: user).send_confirmation_code.deliver_now
user.update!(email_confirmation_code_sent_at: Time.zone.now)
end

def schedule_code_expiration!(user)
ExpireConfirmationCodeOrDeleteJob.set(
wait_until: user.email_confirmation_code_expiration_at
).perform_later(
user.id,
user.email_confirmation_code
)
end
end
13 changes: 2 additions & 11 deletions back/app/models/user.rb
Original file line number Diff line number Diff line change
Expand Up @@ -491,7 +491,7 @@ def confirm
end

def confirm!
return unless registered_with_email? && (confirmation_required? || new_email.present?)
return if !confirmation_required? && !new_email

confirm_new_email if new_email.present?
confirm
Expand Down Expand Up @@ -528,24 +528,15 @@ def reset_confirmation_code
self.email_confirmation_code = use_fake_code? ? '1234' : rand.to_s[2..5]
end

def increment_confirmation_code_reset_count!
def increment_confirmation_code_reset_count
self.email_confirmation_code_reset_count += 1
save!
end

def increment_confirmation_retry_count!
self.email_confirmation_retry_count += 1
save!
end

def reset_email!(new_email)
if user_confirmation_enabled? && active?
update!(new_email: new_email, email_confirmation_code_reset_count: 0)
else
update!(email: new_email, email_confirmation_code_reset_count: 0)
end
end

def confirm_new_email
return unless new_email

Expand Down
16 changes: 11 additions & 5 deletions back/app/policies/user_policy.rb
Original file line number Diff line number Diff line change
Expand Up @@ -103,17 +103,23 @@ def view_private_attributes?
!!((user && (instance&.id == user.id || user.admin?)) || instance&.invite_pending?)
end

def permitted_attributes
shared = [:first_name, :last_name, :email, :password, :avatar, :locale, { onboarding: [:topics_and_areas], custom_field_values: allowed_custom_field_keys, bio_multiloc: CL2_SUPPORTED_LOCALES }]
admin? ? shared + role_permitted_params : shared
def permitted_attributes_for_create
[:email] + shared_permitted_attributes
end

def role_permitted_params
[roles: %i[type project_id project_folder_id]]
def permitted_attributes_for_update
shared_permitted_attributes.tap do |attrs|
attrs.push :email if !AppConfiguration.instance.feature_activated?('user_confirmation')
end
end

private

def shared_permitted_attributes
shared = [:first_name, :last_name, :password, :avatar, :locale, { onboarding: [:topics_and_areas], custom_field_values: allowed_custom_field_keys, bio_multiloc: CL2_SUPPORTED_LOCALES }]
admin? ? shared + [roles: %i[type project_id project_folder_id]] : shared
end

def allowed_custom_field_keys
allowed_fields = allowed_custom_fields
simple_keys = allowed_fields.support_single_value.pluck(:key).map(&:to_sym)
Expand Down
4 changes: 2 additions & 2 deletions back/app/services/side_fx_user_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ def after_create(user, current_user)
LogActivityJob.set(wait: 5.seconds).perform_later(user, 'admin_rights_given', current_user, user.created_at.to_i)
end
user.create_email_campaigns_unsubscription_token
SendConfirmationCode.call(user: user) if user.should_send_confirmation_email?
RequestConfirmationCodeJob.perform_later(user) if user.should_send_confirmation_email?
AdditionalSeatsIncrementer.increment_if_necessary(user, current_user) if user.roles_previously_changed?
end

Expand All @@ -29,7 +29,7 @@ def after_update(user, current_user)
AdditionalSeatsIncrementer.increment_if_necessary(user, current_user) if user.roles_previously_changed?

UpdateMemberCountJob.perform_later
SendConfirmationCode.call(user: user) if user.should_send_confirmation_email?
RequestConfirmationCodeJob.perform_later(user) if user.should_send_confirmation_email?
end

def before_destroy(user, _current_user)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ class WebApi::V1::ProjectUsersController < ApplicationController

def create_user
user = User.new
user.assign_attributes(permitted_attributes(user))
user.assign_attributes user_params(user)
if user.email.blank?
user.unique_code = SecureRandom.uuid
end
Expand All @@ -28,5 +28,11 @@ def authorize_project
project = Project.find(params[:id])
authorize project
end

private

def user_params(user)
params.require(:user).permit(UserPolicy.new(current_user, user).permitted_attributes_for_create)
end
end
end
Original file line number Diff line number Diff line change
Expand Up @@ -248,12 +248,14 @@ def expect_to_create_verified_user(user)
headers = { 'Authorization' => "Bearer #{token}" }
post '/web_api/v1/user/resend_code', params: { new_email: '[email protected]' }, headers: headers
expect(response).to have_http_status(:ok)
expect(user.reload).to have_attributes({ email: '[email protected]' })
expect(user.reload).to have_attributes({ new_email: '[email protected]' })
expect(user.confirmation_required?).to be(true)

post '/web_api/v1/user/confirm', params: { confirmation: { code: user.email_confirmation_code } }, headers: headers
expect(response).to have_http_status(:ok)
expect(user.reload.confirmation_required?).to be(false)
expect(user).to have_attributes({ email: '[email protected]' })
expect(user.new_email).to be_nil
end
end

Expand Down
Loading

0 comments on commit bd0e6cd

Please sign in to comment.