Merge branch 'master' into feature_project_setup

.circleci/install_lpass.sh

@@ -17,16 +17,18 @@ fi
 # Install the dependencies
 apt-get update
 apt-get --no-install-recommends -yqq install \
-  build-essential=12.8ubuntu1.1 \
-  cmake=3.16.3-1ubuntu1.20.04.1 \
-  libcurl4=7.68.0-1ubuntu2.20 \
-  libcurl4-openssl-dev=7.68.0-1ubuntu2.20 \
-  libssl-dev=1.1.1f-1ubuntu2.19 \
-  libxml2=2.9.10+dfsg-5ubuntu0.20.04.6 \
-  libxml2-dev=2.9.10+dfsg-5ubuntu0.20.04.6 \
-  libssl1.1=1.1.1f-1ubuntu2.19 \
-  pkg-config=0.29.1-0ubuntu4 \
-  ca-certificates=20230311ubuntu0.20.04.1
+  bash-completion                            \
+  build-essential                            \
+  cmake                                      \
+  libcurl4                                   \
+  libcurl4-openssl-dev                       \
+  libssl-dev                                 \
+  libxml2                                    \
+  libxml2-dev                                \
+  libssl1.1                                  \
+  pkg-config                                 \
+  ca-certificates                            \
+  xclip
 
 # Build and install the LastPass CLI
 cd lastpass-cli

back/app/controllers/web_api/v1/resend_codes_controller.rb

@@ -4,12 +4,11 @@ class WebApi::V1::ResendCodesController < ApplicationController
   skip_after_action :verify_authorized
 
   def create
-    result = SendConfirmationCode.call(user: current_user, new_email: resend_code_params[:new_email])
-
-    if result.success?
+    RequestConfirmationCodeJob.perform_now current_user, new_email: resend_code_params[:new_email]
+    if current_user.valid?
       head :ok
     else
-      render json: { errors: result.errors.details }, status: :unprocessable_entity
+      render json: { errors: current_user.errors.details }, status: :unprocessable_entity
     end
   end
 

back/app/jobs/request_confirmation_code_job.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+class RequestConfirmationCodeJob < ApplicationJob
+  self.priority = 30 # More important than default (50)
+
+  attr_reader :user
+
+  def run(user, new_email: nil)
+    @user = user
+    raise 'User confirmation is disabled.' if !AppConfiguration.instance.feature_activated?('user_confirmation')
+    if !user.registered_with_email? && (!new_email || PhoneService.new.encoded_phone_or_email?(new_email) != :email)
+      raise 'Confirmation is currently working for emails only.'
+    end
+
+    LogActivityJob.perform_later(user, 'requested_confirmation_code', user, Time.now.to_i, payload: { new_email: new_email })
+    if new_email
+      user.new_email = new_email
+      user.email_confirmation_code_reset_count = 0
+    end
+    reset_user_confirmation_code user
+    return if !user.valid?
+
+    ActiveRecord::Base.transaction do
+      user.save!
+      deliver_confirmation_code! user
+      schedule_code_expiration! user
+      LogActivityJob.perform_later(user, 'received_confirmation_code', user, Time.now.to_i, payload: { new_email: new_email })
+    end
+  end
+
+  private
+
+  def reset_user_confirmation_code(user)
+    first_code = user.email_confirmation_code.nil?
+    user.reset_confirmation_code
+    user.increment_confirmation_code_reset_count if !first_code
+  end
+
+  def deliver_confirmation_code!(user)
+    ConfirmationsMailer.with(user: user).send_confirmation_code.deliver_now
+    user.update!(email_confirmation_code_sent_at: Time.zone.now)
+  end
+
+  def schedule_code_expiration!(user)
+    ExpireConfirmationCodeOrDeleteJob.set(
+      wait_until: user.email_confirmation_code_expiration_at
+    ).perform_later(
+      user.id,
+      user.email_confirmation_code
+    )
+  end
+end

back/app/models/user.rb

@@ -491,7 +491,7 @@ def confirm
   end
 
   def confirm!
-    return unless registered_with_email? && (confirmation_required? || new_email.present?)
+    return if !confirmation_required? && !new_email
 
     confirm_new_email if new_email.present?
     confirm
@@ -517,7 +517,7 @@ def reset_confirmation_and_counts
   end
 
   def should_send_confirmation_email?
-    confirmation_required? && email_confirmation_code_sent_at.nil?
+    confirmation_required? && email_confirmation_code_sent_at.nil? && (PhoneService.new.encoded_phone_or_email?(email) == :email)
   end
 
   def email_confirmation_code_expiration_at
@@ -528,24 +528,15 @@ def reset_confirmation_code
     self.email_confirmation_code = use_fake_code? ? '1234' : rand.to_s[2..5]
   end
 
-  def increment_confirmation_code_reset_count!
+  def increment_confirmation_code_reset_count
     self.email_confirmation_code_reset_count += 1
-    save!
   end
 
   def increment_confirmation_retry_count!
     self.email_confirmation_retry_count += 1
     save!
   end
 
-  def reset_email!(new_email)
-    if user_confirmation_enabled? && active?
-      update!(new_email: new_email, email_confirmation_code_reset_count: 0)
-    else
-      update!(email: new_email, email_confirmation_code_reset_count: 0)
-    end
-  end
-
   def confirm_new_email
     return unless new_email
 

back/app/policies/user_policy.rb

@@ -103,17 +103,23 @@ def view_private_attributes?
     !!((user && (instance&.id == user.id || user.admin?)) || instance&.invite_pending?)
   end
 
-  def permitted_attributes
-    shared = [:first_name, :last_name, :email, :password, :avatar, :locale, { onboarding: [:topics_and_areas], custom_field_values: allowed_custom_field_keys, bio_multiloc: CL2_SUPPORTED_LOCALES }]
-    admin? ? shared + role_permitted_params : shared
+  def permitted_attributes_for_create
+    [:email] + shared_permitted_attributes
   end
 
-  def role_permitted_params
-    [roles: %i[type project_id project_folder_id]]
+  def permitted_attributes_for_update
+    shared_permitted_attributes.tap do |attrs|
+      attrs.push :email if !AppConfiguration.instance.feature_activated?('user_confirmation')
+    end
   end
 
   private
 
+  def shared_permitted_attributes
+    shared = [:first_name, :last_name, :password, :avatar, :locale, { onboarding: [:topics_and_areas], custom_field_values: allowed_custom_field_keys, bio_multiloc: CL2_SUPPORTED_LOCALES }]
+    admin? ? shared + [roles: %i[type project_id project_folder_id]] : shared
+  end
+
   def allowed_custom_field_keys
     allowed_fields = allowed_custom_fields
     simple_keys = allowed_fields.support_single_value.pluck(:key).map(&:to_sym)

back/app/services/side_fx_user_service.rb

@@ -13,7 +13,7 @@ def after_create(user, current_user)
       LogActivityJob.set(wait: 5.seconds).perform_later(user, 'admin_rights_given', current_user, user.created_at.to_i)
     end
     user.create_email_campaigns_unsubscription_token
-    SendConfirmationCode.call(user: user) if user.should_send_confirmation_email?
+    RequestConfirmationCodeJob.perform_now(user) if user.should_send_confirmation_email?
     AdditionalSeatsIncrementer.increment_if_necessary(user, current_user) if user.roles_previously_changed?
   end
 
@@ -29,7 +29,7 @@ def after_update(user, current_user)
     AdditionalSeatsIncrementer.increment_if_necessary(user, current_user) if user.roles_previously_changed?
 
     UpdateMemberCountJob.perform_later
-    SendConfirmationCode.call(user: user) if user.should_send_confirmation_email?
+    RequestConfirmationCodeJob.perform_now(user) if user.should_send_confirmation_email?
   end
 
   def before_destroy(user, _current_user)

back/config/locales/de-DE.yml

@@ -30,8 +30,8 @@ de:
     ineligible: untauglich
     ineligible_description: untauglich
   topics:
-    nature: Natur und biologische Vielfalt
-    nature_description: Natur und biologische Vielfalt
+    nature: Natur und Artenvielfalt
+    nature_description: Natur und Artenvielfalt
     waste: Sauberkeit und Abfall
     waste_description: Sauberkeit und Abfall
     sustainability: Nachhaltige Entwicklung
@@ -45,7 +45,7 @@ de:
     housing: Wohnen
     housing_description: Wohnen
     public_space: Öffentlicher Raum
-    public_space_description: Öffentliche Räume und Gebäude
+    public_space_description: Öffentlicher Raum
     safety: Sicherheit
     safety_description: Sicherheit
     education: Bildung und Jugend
@@ -57,11 +57,11 @@ de:
     inclusion: Gemeinschaftlicher Zusammenhalt
     inclusion_description: Soziale Inklusion
     community: Aufbau und Entwicklung einer Community
-    community_description: Entwicklung der Gemeinschaft
+    community_description: Quartiersentwicklung
     services: Öffentliche Dienstleistungen
-    services_description: Öffentliche Dienste
-    other: Andere
-    other_description: Andere
+    services_description: Öffentliche Dienstleistungen
+    other: Sonstiges
+    other_description: Sonstiges
   static_pages:
     terms_and_conditions_title: Nutzungsbedingungen
     terms_and_conditions_body: >

back/engines/commercial/bulk_import_ideas/app/controllers/bulk_import_ideas/web_api/v1/project_users_controller.rb

@@ -9,7 +9,7 @@ class WebApi::V1::ProjectUsersController < ApplicationController
 
     def create_user
       user = User.new
-      user.assign_attributes(permitted_attributes(user))
+      user.assign_attributes user_params(user)
       if user.email.blank?
         user.unique_code = SecureRandom.uuid
       end
@@ -28,5 +28,11 @@ def authorize_project
       project = Project.find(params[:id])
       authorize project
     end
+
+    private
+
+    def user_params(user)
+      params.require(:user).permit(UserPolicy.new(current_user, user).permitted_attributes_for_create)
+    end
   end
 end

back/engines/commercial/id_clave_unica/spec/requests/clave_unica_verification_spec.rb

@@ -248,12 +248,14 @@ def expect_to_create_verified_user(user)
         headers = { 'Authorization' => "Bearer #{token}" }
         post '/web_api/v1/user/resend_code', params: { new_email: '[email protected]' }, headers: headers
         expect(response).to have_http_status(:ok)
-        expect(user.reload).to have_attributes({ email: '[email protected]' })
+        expect(user.reload).to have_attributes({ new_email: '[email protected]' })
         expect(user.confirmation_required?).to be(true)
 
         post '/web_api/v1/user/confirm', params: { confirmation: { code: user.email_confirmation_code } }, headers: headers
         expect(response).to have_http_status(:ok)
         expect(user.reload.confirmation_required?).to be(false)
+        expect(user).to have_attributes({ email: '[email protected]' })
+        expect(user.new_email).to be_nil
       end
     end
 

back/engines/commercial/multi_tenancy/lib/tasks/core/fix_inconsistent_data.rake

@@ -259,4 +259,24 @@ namespace :inconsistent_data do
       end
     end
   end
+
+  task fix_missing_analysis_columns: :environment do
+    Tenant.all.each do |tenant|
+      Apartment::Tenant.switch(tenant.schema_name) do
+        connection = ActiveRecord::Base.connection
+
+        created_at_exists = connection.column_exists?(:analysis_taggings, :created_at)
+        updated_at_exists = connection.column_exists?(:analysis_taggings, :updated_at)
+
+        next if created_at_exists && updated_at_exists
+
+        if !created_at_exists && !updated_at_exists
+          puts "Columns missing for #{Tenant.name}, adding them now"
+          connection.add_timestamps(:analysis_taggings, null: false, default: Time.now)
+        else
+          raise "#{Tenant.name} is inconsistent: created_at #{created_at_exists}, updated at #{updated_at_exists}"
+        end
+      end
+    end
+  end
 end

back/engines/commercial/verification/app/policies/verification/patches/user_policy.rb

@@ -3,7 +3,7 @@
 module Verification
   module Patches
     module UserPolicy
-      def permitted_attributes
+      def shared_permitted_attributes
         locked_attributes = verification_service.locked_attributes(record)
         super - locked_attributes
       end

back/engines/free/email_campaigns/app/controllers/email_campaigns/web_api/v1/campaigns_controller.rb

@@ -84,7 +84,7 @@ def destroy
     end
 
     def do_send
-      if @campaign.valid?
+      if @campaign.valid?(:send)
         SideFxCampaignService.new.before_send(@campaign, current_user)
         EmailCampaigns::DeliveryService.new.send_now(@campaign)
         SideFxCampaignService.new.after_send(@campaign, current_user)