All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Emails for Hugo voting
- Integration into The Fantasy Network for 2020 Virtual Worldcon
!194
Add this to you env
Full sync with
GLOO_BASE_URL=https://api.thefantasy.network/v1 GLOO_AUTHORIZATION_HEADER=
GlooSync.all_users
- Hugo finalists for 2020 are now available
!155.
Note, links only show up when you load them, yes this is order dependent
bin/rake db:seed:conzealand:production_finalist bin/rake db:seed:conzealand:production_rename_hugo
- Adds Hugo voting emails !199
- In development, allow Sidekiq to use redis in if you set
SIDEKIQ_REDIS_URL
!194 - Create documentation around classes in models, queries and commands folders !191
- Rename "2020-wellington" to just "wellington" !191
- Update Rails against allowing untrusted users to run migrations on production !196
- Update Rack against cookie override vulnerability !196
- Mount working directory to /hack for conzealand development !198
- Update all node modules !202
- Removed "Suggest for our Programme (coming soon)" and "Plan my trip(coming soon)" from CoNZealand menu !203
- Hugo Packet Download now has a counter, if downloaded or nomination rights used there's a message for support users near the "transfer membership" button. !182
- Development process modified to reduce docker use for rails. The README now covers the direnv/local rails approach !181
- Nothing significant in this release
- Hugo Packet Download
!101
Lots of configuration for this one.
- Get the materials from the Hugo admins
- Put them in an S3 bucket that you control
- Create a user with programatic access that has read only access to this bucket
- Generate AWS keys for that user
- Configure on production / staging / local with the following:
HUGO_PACKET_BUCKET=FROM_STEP_2 HUGO_PACKET_PREFIX=FROM_STEP_2 AWS_REGION=ap-southeast-2 AWS_ACCESS_KEY_ID=FROM_STEP_4 AWS_SECRET_ACCESS_KEY=FROM_STEP_4
- Hugo voting dates have changed!
HUGO_CLOSED_AT="2020-07-15T23:59:59+13:00"
- Development database reset in docker by setting
NAPALM=true
in your .env !162 - Support for theming by setting WORLDCON_THEME in .env
!103
WORLDCON_THEME=conzealand
- CI now only runs security-audit steps for master, or branches named security-patch !178
- CI now only fails javascript audit if there's a CVE with a patch, or a CVE that's been out for 6 months !173
make sql
in development brings up a psql session in the container !166- Security patching webpacker against prototype pollution npm advisory #1500 !164
- Security patching against denail of service in webpacker npm advisory #1486 !177
- Securtiy patching rails against CVE-2020-8166, CVE-2020-8167, CVE-2020-8162 and CVE-2020-8165 !177
- Security patching puma against http smuggling attack CVE-2020-11076, !178
- Security patching against cross site scripting npm advisory #1518 !169
- Ruby linting rules are now a soft requirement, turned them of in CI !165
- Use fontawesome icons instead of octicons for variety !166
- Booting the rails app now waits for postgres using psql for reliability !166
- Kiosk mode is deprecated as your first login dosen't make you check your email !161
- Set Rails 6 application defaults !174
- Nothing significant in this release
- Update wording on Adult membership !158
- Bump dev postgres from 9 to 12 for ease of use with alpine ruby !157
- Fix pagination in alpine linux for interactive debugging !157
- Use upstream rubocop linting rules and only lint current branch !157
- Use upstream rubocop linting rules and only lint current branch !157
- Skip CI enforced linting on master and on tags !159
- Patch Rails against CVE-2020-5267 !156
- Patch node modules against Prototype Pollution and Regular Expression Denial of Service !156
- Bump ruby from 2.6.5 to 2.7.1 !157, patches against CVE-2020-10663, and CVE-2020-10933.
- Nothing significant in this release
- Nothing significant in this release
- Fixed a bug where hugo admins were unable to edit nominations !154
- Nothing significant in this release
- Automatic sign-in for first time users, second time users require email confirmation !132 -- this may possibly replace Kiosk mode
- Setup scheduled export on Friday @11pm with 3rd party Hugo Nominations database based on SQL Server
!147.
Enable by setting:
TDS_USER=admin TDS_PASSWORD=jah2Eifaepoo5fiekaiF3ahnah6pah3o TDS_HOST=hugo.ji1Jae0cue1.ap-southeast-2.rds.amazonaws.com TDS_DATABASE=Hugo2020
- Setup automatic send of "3 days to go" mailer when nominations are 72 hours from close !152
- Created basic mailers for 2 week to go reminder emails
!152
Run these with...
dublin_users = User.joins(reservations: :membership).where(memberships: {name: :dublin_2019}); total = dublin_users.count dublin_users.distinct.find_each.with_index do |user, n| puts "#{Time.now.iso8601} Dublin #{n} of #{total}" if n % 10 == 0 HugoMailer.nominations_reminder_2_weeks_left_dublin(email: user.email).deliver_now end; conzealand_users = User.joins(reservations: :membership).where.not(reservations: {state: Reservation::DISABLED}).merge(Membership.can_nominate).where.not(id: dublin_users); total = conzealand_users.count conzealand_users.distinct.find_each.with_index do |user, n| puts "#{Time.now.iso8601} Conzealand #{n} of #{total}" if n % 10 == 0 HugoMailer.nominations_reminder_2_weeks_left_conzealand(email: user.email).deliver_now end;
- Setting Hugo Admin flag on Support now allows Admins to change nominations at any time
with audit notes !153.
Add it to user accounts with...
Support.where(email: %w( [email protected] [email protected] [email protected] )).update_all(hugo_admin: true)
- Support user can now enable/disable membership rights on reservations !153.
- Hugo tweaks post launch
!146.
These include:
- Remove the title field from what you type to see the hugo form
- Don't let more than 5 entries be submitted for nominations
- Create test mailer for testing SMTP settings
- Update Hugo text in several areas including account text and in the form
- Added explicit PM to hugo nominations close time
- Stop support users from viewing nominations
- Update node dependencies !146.
- Upgrade gem dependencies !146.
- Multiple workarounds for CI to run !151
- Security patch Puma against CVE-2020-5247 CVE-2020-5247 !151
- Security patch Nokogiri against CVE-2020-7595 CVE-2020-7595 !151
- Login links now last 30 minutes !153
- Nothing significant in this release
- Nothing significant in this release
- Hugo Nominations deadline now reads PDT rather than PST !145
- Nothing significant in this release
- Nothing significant in this release
- Bugfix: Dublin members can now vote !144
- Nothing significant in this release
- Sidekiq to monitor and schedule background jobs mounted on /sidekiq
!139.
You can get it to show up by setting your .env with these examples but a different password
You'll need to have a redis server available, or add it to your docker-compose.yml
SIDEKIQ_REDIS_URL=redis://redis:6379/0 SIDEKIQ_USER=sidekiq SIDEKIQ_PASSWORD=5b197341fc62d9c9bbcopypastabc7a6cbcf07329c9fe52fa55cab98e
volumes: redis-data: services: redis: image: redis:alpine restart: always volumes: - redis-data:/data production_worker: entrypoint: "script/docker_sidekiq_entry.sh" image: registry.gitlab.com/worldcon/wellington:stable env_file: production.env restart: always volumes: - type: tmpfs target: /app/tmp
- Disable sidekiq basicauth for development by setting
SIDEKIQ_NO_PASSWORD
in your .env !139SIDEKIQ_NO_PASSWORD=true
- New scheduled mailer to email nomination ballots between 10 and 30 minutes after last submission !139
- Added explicit order to Hugo Categories, migrate existing data with
make bash bin/rake db:seed:conzealand:production_hugo_ordering
- Text changes around the nomination forms for clarity !139
- Docker compose is now based on :latest image built by CI to speed up cycle time in development !139
- Running
make start
now runs docker-compose in the foreground, and Control + C quits !139 - Upgrading memberships accumulates membership rights. Now Dublin upgrading to Supporting gets Nomination and Voting rights, and Supporting upgrading to Adult gets Nomination, Voting and Attending rights !140
- Dublin imports record dublin membership number against account
- !143
- Nothing significant in this release
This release brings with it the basics to let our users nominate for the Hugo awards.
- Added Hugos state configuration !89.
Please set these values in your .env on all environments:
# Times when parts of the members area will become active HUGO_NOMINATIONS_OPEN_AT="2019-12-31T23:59:00-08:00" HUGO_VOTING_OPEN_AT="2020-03-13T11:59:00-08:00" HUGO_CLOSED_AT="2020-08-02T12:00:00+13:00"
- Created seeds for Dublin memberships and Hugo awards to automatically show up with
new Development or Production seeds
!137
and !89.
Migrate existing instances with
make bash bin/rake db:seed:conzealand:production_dublin bin/rake db:seed:conzealand:production_hugo
- Seeds are setup to disable nominations for memberships sold in 2020
!137
make bash bin/rake db:seed:conzealand:production_disable_nomination
- Links to Hugo and Retro Hugo are now present on the membership cards !89.
- Memberships now have a flag to say if they can site select !136
- Dublin memberships importer built from Tammy's unduplicated memberships list
!137
make bash DUBLIN_SRC="unduplicated members-Table 1.csv" bin/rake import:dublin
- People who have paid an instalment which covers a Supporting membership can nominate in Hugo !138
- You can now adjust instalment minimum payment and payment step amounts by setting them in your environment
!138
INSTALMENT_MIN_PAYMENT_CENTS=7500 INSTALMENT_PAYMENT_STEP_CENTS=5000
- Dublin and CoNZealand nomination memberships now have mailers to tell them when
Nominations are open.
!137
You can run these from Rails Console with:
dublin_users = User.joins(reservations: :membership).where(memberships: {name: :dublin_2019}); total = dublin_users.count dublin_users.distinct.find_each.with_index do |user, n| puts "#{Time.now.iso8601} Dublin #{n} of #{total}" if n % 10 == 0 HugoMailer.nominations_open_dublin(user: user).deliver_now end; conzealand_users = User.joins(reservations: :membership).where.not(reservations: {state: Reservation::DISABLED}).merge(Membership.can_nominate).where.not(id: dublin_users); total = conzealand_users.count conzealand_users.distinct.find_each.with_index do |user, n| puts "#{Time.now.iso8601} Conzealand #{n} of #{total}" if n % 10 == 0 HugoMailer.nominations_open_conzealand(user: user).deliver_now end;
- We've renamed "Review Memberships" to "My Memberships" in the menu to reduce confusion !89
- To reduce CSS bugs, colour rotation when you have test keys for dev/staging only affect the logo !89
- Viewport is set explicitly on CoNZealand pages based on the Bootstrap guidelines !89
- Developers can now Napalm from an interactive rebase !89
- CoNZealand development DB seeds are now based on Prod to reduce duplication of effort !89
- Securitiy patch puma against a Denial of Service vunerability CVE-2019-16770 !129
- Reconfigure Money rounding to round up on 0.5 cents to match stripe's decimal rounding !134
- Moved yarn's OS dependent integrity check from application bootstrap to CI !133
- Added easy methods for checking licences in depenedencies
!117
bundle exec rake gem:licenses # check Ruby yarn licenses list # check JavaScript
- Seeding a development database creates a support user by default !118
- New make target to reset database and javascript dependencies quickly
!118
make reset start # faster than `make clean`
- Script running updates and pushing up the lock files
!123
rake dev:update
- Allow people to append/prepend whitespace to their email addess !116
- Reduced the size of our install by moving docker base from debian to alpine !102
- Update project dependencies !123
- We now use structure.sql instead of schema.rb for database revision tracking !122
- Securitiy patch nokogiri against input validation vulnerability CVE-2019-16892
- Securitiy patch brakeman against local privilege escalation vulnerability CVE-2019-18409
- Nothing significant in this release
- Rails 6 backards incompatable defaults are now enabled !100
- We now use Webpacker to manage Sass assets and JavaScript compilation !99
- JavaScript dependencies are now audited on CI !100
- JavaScript linting is now enforced in CI !100
- Nothing significant in this release
- EMAIL_PAYMENTS has been removed. Please set MEMBER_SERVICES_EMAIL in .env everywhere. !100
- Nothing significant in this release
- Upgrade Rails from 5.2 to 6.0 !99
- Upgraded project gems !99
- Fixed a bug in development seeds where $0 memberships have a charge !99
- Fix typo in transfer mailer, affect vs effect !100
- Fix vulnerability in rubyzip "zipbombs" !112, patches against CVE-2019-16892
- Bump ruby from 2.6.3 to 2.6.5 !114, patches against CVE-2019-16201, CVE-2019-16254, CVE-2019-15845, and CVE-2019-16255
- Removed dependency on makerb gem to reduce risk and use more core rails features. To maintain both html and text emails you now need to maintain two templates !99
- Nothing significant in this release
- Last minute security patch for Devise that came up just after release, patches CVE-2019-16109
- Nothing significant in this release
- Kiosk mode, now we can get people to record their details to reduce time handling data entry !93
- Bugfix, users can now set their title on their membership !92
- Assets are now coppied within the project for offline support !94
- System emails are now configured globally from .env with MEMBER_SERVICES_EMAIL. !93. Please replace EMAIL_PAYMENTS this in your .env:
- Seeds are installed using seedbank !95
- Copyright checks don't require you to keep your author in all files authored, only enforces Apache boilerplate going forward !101
- Appplied security patches for CVE-2015-7580, CVE-2015-7579 and CVE-2015-7578 - !104
- EMAIL_PAYMENTS has been deprecated and will be removed in the next few releases. !93
Hotpatch, in 1.4.0 we regressed the payments mailer for instalments which no longer send. This patch release fixes that mailer.
- Nothing significant in this release
- Fixed regression, instalments mailer now sends happily !91
- Nothing significant in this release
This release has a bit of everything. We're making life better for other cons with support for multi currency, our support staff who have more fatures for adjusting memberships, and our developers have better seeded data for something that feels better right out of the box.
- Added brakeman, ruby-audit, and bundler-audit vulnerability scanners to the build process and
make test
!85 - Configurable currency, add STRIPE_CURRENCY to your .env and all prices are now in that currency !70
- Support can set membership to any level, including past memberships !87
- Support can credit memberships with cash, allows support to create and credit memberships !87
- User notes are now exposed on the reservation show screen !87
- Upgrades and membership changes are now shown to our members !87
- Added unique constraint to membership number data model
!70. Please check and correct duplicates with this:
Reservation.having("count(membership_number) > 1").group(:membership_number).pluck(:membership_number)
- Upgraded gems to the latest versions !83
- Generated memberships in testing now have charges !84 and !86
- Support can now transfer memberships that are in instalment !88
- Nothing significant in this release
- Purchase flow changed to let you select a membership before signing in !73
- Prominant prices, membership rights and buttons on all memberships !73
- Upgraded gems to the latest versions !76
- Renamed Purchase to Reservation to match the domain more closely
- Fixed charge descriptions in Stripe and in Charge comments
!80.
Cleanup retrospectively with this rake task post release:
bundle exec rake stripe:sync:charges
- Paths to resources have changed, /purchases have moved to /reservations
Upgraded Ruby and Rails, and support function for transferring memberships.
- Turned on Content Security Policy (CSP) for the site for security hygiene
- Support can now transfer memberships between users from a user's detail form
- Moved task
check:models
totest:models
to keep namespaces tight - Run rails upgrades for 5.2 so we get the most out of our setup
- Upgrade Ruby from 2.5.1 to 2.5.3
- Update gems to the latest versions
- Bugfix on support list, now transferred memberships show user's details correctly
- Order displayed membership offers by price, highest to lowest
- Fixed a bug where you could upgrade Adult to Adult memberships after the price increase
- Nothing significant in this release
Some quality of life improvements for support, and general cleanup with things we learnt from our initial release.
- Detection of Stripe test keys to change colours on pages to distinguish between production and test systems
- Migrations to correct data corruption on imported timestamps
- Customer stripe ID now recorded and reused from User model going forward
- New rake tasks for your utility belt:
# Copy over stripe customer details to users with bundle exec rake stripe:sync:customers # Update historical charge descriptions in stripe and charge comments with bundle exec rake stripe:sync:charges # Detect invalid records on your systems with bundle exec rake test:models
- CoNZealand images are now served from the project rather than GitHub to consolidate infrastructure
- When purchasing a new membership, if you've got existing memberships you now get linked to the 'Review Memberships' section with a helpful message
- Added Policy and Terms of service to CoNZealand pages
- URLs for charging a person have been updated to use Purchase for consistency
- Fixed Kansa and Presupport import methods to set "active" correctly on older records
- Charge descriptions in stripe now describe amount owed, type of payment, membership name and number
- Allow database name to be configurable on production builds for cheep staging costs
- Updated most gems in the project including Rails
- Replaced deprecated SASS gem with SASSC
- Redirect to current page on login, puts you on the "new membership" or "review memberships" pages
- New styles added to support page for readability
- Email address added to support page for findability
- Performance improvements for support memberships listing
- Makefile has smarter build targets that create databases and images as needed
- Developer setup steps in README should run out of the box
- Nothing significant in this release
Initial release of CoNZealand, intended to give people what they had with Kansa, introduce instalments and bring in our pre supporters.
- Basic forms for purchasing memberships based on CoNZealand paper forms
- Payments, including pay by instalment
- Upgrades between different membership types
- Login through email links that last 10 minutes
- Basic support area that lists memberships
- Concept of "active" for membership pricing for price rotation and disabling memberships
- Concept of "active" for membership held and claim over membership
- Concept of "active" for claim over membership for transfers and history of ownership
- Theme concept area so we may cater for different cons
- Basic mailers to setup descriptions about payment
- Basic docker images for developers and production
- Gitlab CI pipelines that build docker images for deploy
- Command line based membership transfer
- Membership numbers start at 100 to give room for special guests
- Kansa members were renumbered to start at 2000
- Old Kansa login links now say "this link has expired"
- Nothing significant in this release