diff --git a/.rubocop.yml b/.rubocop.yml
index 7034ec35f..2007b91dc 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -12,6 +12,7 @@ AllCops:
Exclude:
- "db/schema.rb"
- "app/lib/ckeditor/backend/active_storage.rb"
+ - "config/initializers/disable_active_storage_pdf_auto_previews.rb"
- "vendor/**/*"
DisabledByDefault: true
@@ -186,6 +187,8 @@ Layout/MultilineMethodCallBraceLayout:
Layout/MultilineMethodCallIndentation:
Enabled: true
+ Exclude:
+ - "config/environments/production.rb"
Layout/MultilineOperationIndentation:
Enabled: true
@@ -698,6 +701,8 @@ Style/AndOr:
Style/ArgumentsForwarding:
Enabled: true
+ Exclude:
+ - "bin/setup"
Style/ArrayCoercion:
Enabled: true
diff --git a/Gemfile b/Gemfile
index 64b916032..fe78612c6 100644
--- a/Gemfile
+++ b/Gemfile
@@ -2,7 +2,7 @@ source "https://rubygems.org"
ruby file: ".ruby-version"
-gem "rails", "7.0.8.7"
+gem "rails", "7.1.5.1"
gem "acts-as-taggable-on", "~> 11.0.0"
gem "acts_as_votable", "~> 0.14.0"
diff --git a/Gemfile.lock b/Gemfile.lock
index b539614b7..0feaa2606 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,70 +2,82 @@ GEM
remote: https://rubygems.org/
specs:
Ascii85 (2.0.1)
- actioncable (7.0.8.7)
- actionpack (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ actioncable (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
- actionmailbox (7.0.8.7)
- actionpack (= 7.0.8.7)
- activejob (= 7.0.8.7)
- activerecord (= 7.0.8.7)
- activestorage (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ zeitwerk (~> 2.6)
+ actionmailbox (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
mail (>= 2.7.1)
net-imap
net-pop
net-smtp
- actionmailer (7.0.8.7)
- actionpack (= 7.0.8.7)
- actionview (= 7.0.8.7)
- activejob (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ actionmailer (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ actionview (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
mail (~> 2.5, >= 2.5.4)
net-imap
net-pop
net-smtp
- rails-dom-testing (~> 2.0)
- actionpack (7.0.8.7)
- actionview (= 7.0.8.7)
- activesupport (= 7.0.8.7)
- rack (~> 2.0, >= 2.2.4)
+ rails-dom-testing (~> 2.2)
+ actionpack (7.1.5.1)
+ actionview (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
+ nokogiri (>= 1.8.5)
+ racc
+ rack (>= 2.2.4)
+ rack-session (>= 1.0.1)
rack-test (>= 0.6.3)
- rails-dom-testing (~> 2.0)
- rails-html-sanitizer (~> 1.0, >= 1.2.0)
- actiontext (7.0.8.7)
- actionpack (= 7.0.8.7)
- activerecord (= 7.0.8.7)
- activestorage (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ rails-dom-testing (~> 2.2)
+ rails-html-sanitizer (~> 1.6)
+ actiontext (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
globalid (>= 0.6.0)
nokogiri (>= 1.8.5)
- actionview (7.0.8.7)
- activesupport (= 7.0.8.7)
+ actionview (7.1.5.1)
+ activesupport (= 7.1.5.1)
builder (~> 3.1)
- erubi (~> 1.4)
- rails-dom-testing (~> 2.0)
- rails-html-sanitizer (~> 1.1, >= 1.2.0)
- activejob (7.0.8.7)
- activesupport (= 7.0.8.7)
+ erubi (~> 1.11)
+ rails-dom-testing (~> 2.2)
+ rails-html-sanitizer (~> 1.6)
+ activejob (7.1.5.1)
+ activesupport (= 7.1.5.1)
globalid (>= 0.3.6)
- activemodel (7.0.8.7)
- activesupport (= 7.0.8.7)
- activerecord (7.0.8.7)
- activemodel (= 7.0.8.7)
- activesupport (= 7.0.8.7)
- activestorage (7.0.8.7)
- actionpack (= 7.0.8.7)
- activejob (= 7.0.8.7)
- activerecord (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ activemodel (7.1.5.1)
+ activesupport (= 7.1.5.1)
+ activerecord (7.1.5.1)
+ activemodel (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
+ timeout (>= 0.4.0)
+ activestorage (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
marcel (~> 1.0)
- mini_mime (>= 1.1.0)
- activesupport (7.0.8.7)
+ activesupport (7.1.5.1)
+ base64
+ benchmark (>= 0.3)
+ bigdecimal
concurrent-ruby (~> 1.0, >= 1.0.2)
+ connection_pool (>= 2.2.5)
+ drb
i18n (>= 1.6, < 2)
+ logger (>= 1.4.2)
minitest (>= 5.1)
+ mutex_m
+ securerandom (>= 0.3)
tzinfo (~> 2.0)
acts-as-taggable-on (11.0.0)
activerecord (>= 7.0, < 8.0)
@@ -98,6 +110,7 @@ GEM
execjs (~> 2)
base64 (0.2.0)
bcrypt (3.1.20)
+ benchmark (0.4.0)
better_html (2.1.1)
actionview (>= 6.0)
activesupport (>= 6.0)
@@ -172,6 +185,7 @@ GEM
execjs
coffee-script-source (1.12.2)
concurrent-ruby (1.3.4)
+ connection_pool (2.5.0)
crass (1.0.6)
csv (3.3.2)
daemons (1.4.1)
@@ -196,6 +210,7 @@ GEM
devise (>= 4.3.0)
diff-lcs (1.6.0)
docile (1.4.0)
+ drb (2.2.1)
email_spec (2.3.0)
htmlentities (~> 4.3.3)
launchy (>= 2.1, < 4.0)
@@ -478,22 +493,27 @@ GEM
rack (~> 2.2, >= 2.2.4)
rack-proxy (0.7.6)
rack
+ rack-session (1.0.2)
+ rack (< 3)
rack-test (2.2.0)
rack (>= 1.3)
- rails (7.0.8.7)
- actioncable (= 7.0.8.7)
- actionmailbox (= 7.0.8.7)
- actionmailer (= 7.0.8.7)
- actionpack (= 7.0.8.7)
- actiontext (= 7.0.8.7)
- actionview (= 7.0.8.7)
- activejob (= 7.0.8.7)
- activemodel (= 7.0.8.7)
- activerecord (= 7.0.8.7)
- activestorage (= 7.0.8.7)
- activesupport (= 7.0.8.7)
+ rackup (1.0.1)
+ rack (< 3)
+ webrick
+ rails (7.1.5.1)
+ actioncable (= 7.1.5.1)
+ actionmailbox (= 7.1.5.1)
+ actionmailer (= 7.1.5.1)
+ actionpack (= 7.1.5.1)
+ actiontext (= 7.1.5.1)
+ actionview (= 7.1.5.1)
+ activejob (= 7.1.5.1)
+ activemodel (= 7.1.5.1)
+ activerecord (= 7.1.5.1)
+ activestorage (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
bundler (>= 1.15.0)
- railties (= 7.0.8.7)
+ railties (= 7.1.5.1)
rails-dom-testing (2.2.0)
activesupport (>= 5.0.0)
minitest
@@ -504,13 +524,14 @@ GEM
rails-i18n (7.0.9)
i18n (>= 0.7, < 2)
railties (>= 6.0.0, < 8)
- railties (7.0.8.7)
- actionpack (= 7.0.8.7)
- activesupport (= 7.0.8.7)
- method_source
+ railties (7.1.5.1)
+ actionpack (= 7.1.5.1)
+ activesupport (= 7.1.5.1)
+ irb
+ rackup (>= 1.0.0)
rake (>= 12.2)
- thor (~> 1.0)
- zeitwerk (~> 2.5)
+ thor (~> 1.0, >= 1.2.2)
+ zeitwerk (~> 2.6)
rainbow (3.1.1)
rake (13.2.1)
rbtree3 (0.7.1)
@@ -617,6 +638,7 @@ GEM
sawyer (0.9.2)
addressable (>= 2.3.5)
faraday (>= 0.17.3, < 3)
+ securerandom (0.4.1)
selenium-webdriver (4.29.1)
base64 (~> 0.2)
logger (~> 1.4)
@@ -697,7 +719,8 @@ GEM
railties (>= 6.0.0)
webrick (1.8.2)
websocket (1.2.11)
- websocket-driver (0.7.6)
+ websocket-driver (0.7.7)
+ base64
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
whenever (1.0.0)
@@ -778,7 +801,7 @@ DEPENDENCIES
pronto-rubocop (~> 0.11.6)
pronto-stylelint (~> 0.11.0)
puma (~> 5.6.9)
- rails (= 7.0.8.7)
+ rails (= 7.1.5.1)
recipient_interceptor (~> 0.3.3)
redcarpet (~> 3.6.0)
responders (~> 3.1.1)
diff --git a/app/assets/stylesheets/shared/banner.scss b/app/assets/stylesheets/shared/banner.scss
index fc25fcc62..553f39399 100644
--- a/app/assets/stylesheets/shared/banner.scss
+++ b/app/assets/stylesheets/shared/banner.scss
@@ -1,5 +1,7 @@
.banner {
@include full-width-background;
+ @include card;
+ padding: 0 rem-calc(16);
.debates-list &::before,
.proposals-list &::before,
@@ -7,18 +9,21 @@
content: none;
}
+ &:hover {
+ text-decoration: underline;
+ }
+
a {
- display: block;
-
- > * {
- padding: 0 rem-calc(16);
-
- &:empty {
- display: none;
- }
+ &,
+ &:hover {
+ color: inherit;
}
}
+ > :empty {
+ display: none;
+ }
+
+ .budget-header,
+ .budgets-index > .budget-header,
+ .jumbo {
diff --git a/app/components/shared/banner_component.html.erb b/app/components/shared/banner_component.html.erb
index cbea18d0e..6fb3236cd 100644
--- a/app/components/shared/banner_component.html.erb
+++ b/app/components/shared/banner_component.html.erb
@@ -1,3 +1,3 @@
- <%= sanitize link, attributes: %w[href style] %>
+ <%= sanitize banner_content, attributes: %w[href style] %>
diff --git a/app/components/shared/banner_component.rb b/app/components/shared/banner_component.rb
index 21aba7c65..bffbe1a7b 100644
--- a/app/components/shared/banner_component.rb
+++ b/app/components/shared/banner_component.rb
@@ -19,10 +19,8 @@ class Shared::BannerComponent < ApplicationComponent
private
- def link
- link_to banner.target_url do
- tag.h2(banner.title, style: "color:#{banner.font_color}") +
- tag.h3(banner.description, style: "color:#{banner.font_color}")
- end
+ def banner_content
+ tag.h2(link_to(banner.title, banner.target_url), style: "color:#{banner.font_color}") +
+ tag.h3(banner.description, style: "color:#{banner.font_color}")
end
end
diff --git a/app/controllers/budgets/investments_controller.rb b/app/controllers/budgets/investments_controller.rb
index 81bff7ff9..69f51cfd7 100644
--- a/app/controllers/budgets/investments_controller.rb
+++ b/app/controllers/budgets/investments_controller.rb
@@ -38,7 +38,7 @@ module Budgets
def index
@investments = investments.page(params[:page]).per(PER_PAGE).for_render
- @investment_ids = @investments.ids
+ @investment_ids = @investments.unscope(:includes).ids
@investments_in_map = investments
@tag_cloud = tag_cloud
diff --git a/app/models/legislation/annotation.rb b/app/models/legislation/annotation.rb
index b1417a886..18700a74b 100644
--- a/app/models/legislation/annotation.rb
+++ b/app/models/legislation/annotation.rb
@@ -3,7 +3,7 @@ class Legislation::Annotation < ApplicationRecord
acts_as_paranoid column: :hidden_at
include ActsAsParanoidAliases
- serialize :ranges, Array
+ serialize :ranges, type: Array
belongs_to :draft_version, foreign_key: "legislation_draft_version_id", inverse_of: :annotations
belongs_to :author, -> { with_hidden }, class_name: "User", inverse_of: :legislation_annotations
diff --git a/bin/setup b/bin/setup
index 025afb7d7..4aec953b9 100755
--- a/bin/setup
+++ b/bin/setup
@@ -5,7 +5,7 @@ require "fileutils"
APP_ROOT = File.expand_path("..", __dir__)
def system!(*args)
- system(*args) || abort("\n== Command #{args} failed ==")
+ system(*args, exception: true)
end
FileUtils.chdir APP_ROOT do
diff --git a/config/application.rb b/config/application.rb
index f082b8bc2..7e44e82bc 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -21,7 +21,15 @@ Bundler.require(*Rails.groups)
module Consul
class Application < Rails::Application
- config.load_defaults 7.0
+ def secrets
+ Rails.deprecator.silence { super }
+ end
+
+ def secret_key_base
+ Rails.deprecator.silence { super }
+ end
+
+ config.load_defaults 7.1
# Keep belongs_to fields optional by default, because that's the way
# Rails 4 models worked
@@ -43,6 +51,9 @@ module Consul
# order to make upgrades easier.
config.active_storage.variant_processor = :mini_magick
+ # Keep using YAML to serialize the legislation_annotations ranges column
+ config.active_record.default_column_serializer = YAML
+
# Keep reading existing data in the legislation_annotations ranges column
config.active_record.yaml_column_permitted_classes = [ActiveSupport::HashWithIndifferentAccess, Symbol]
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 337ba77e0..274f0879f 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -7,7 +7,7 @@ Rails.application.configure do
# In the development environment your application's code is reloaded any time
# it changes. This slows down response time but is perfect for development
# since you don't have to restart the web server when you make code changes.
- config.cache_classes = false
+ config.enable_reloading = true
# Do not eager load code on boot.
config.eager_load = false
@@ -61,6 +61,9 @@ Rails.application.configure do
# Highlight code that triggered database queries in logs.
config.active_record.verbose_query_logs = true
+ # Highlight code that enqueued background job in logs.
+ config.active_job.verbose_enqueue_logs = true
+
# Suppress logger output for asset requests.
config.assets.quiet = true
@@ -71,16 +74,13 @@ Rails.application.configure do
# config.action_view.annotate_rendered_view_with_filenames = true
config.eager_load_paths << "#{Rails.root}/spec/mailers/previews"
- config.action_mailer.preview_path = "#{Rails.root}/spec/mailers/previews"
-
- # Limit size of local logs
- # TODO: replace with config.log_file_size after upgrading to Rails 7.1
- logger = ActiveSupport::Logger.new(config.default_log_file, 1, 100.megabytes)
- logger.formatter = config.log_formatter
- config.logger = ActiveSupport::TaggedLogging.new(logger)
+ config.action_mailer.preview_paths << "#{Rails.root}/spec/mailers/previews"
# Uncomment if you wish to allow Action Cable access from any origin.
# config.action_cable.disable_request_forgery_protection = true
+
+ # Raise error when a before_action's only/except options reference missing actions
+ # config.action_controller.raise_on_missing_callback_actions = true
end
require Rails.root.join("config", "environments", "custom", "development")
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 36ee4d03d..f45a9aa76 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -4,7 +4,7 @@ Rails.application.configure do
# Settings specified here will take precedence over those in config/application.rb.
# Code is not reloaded between requests.
- config.cache_classes = true
+ config.enable_reloading = false
# Eager load code on boot. This eager loads most of Rails and
# your application in memory, allowing both threaded web servers
@@ -13,22 +13,21 @@ Rails.application.configure do
config.eager_load = true
# Full error reports are disabled and caching is turned on.
- config.consider_all_requests_local = false
+ config.consider_all_requests_local = false
config.action_controller.perform_caching = true
- # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
- # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
+ # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment
+ # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files).
# config.require_master_key = true
- # Disable serving static files from the `/public` folder by default since
- # Apache or NGINX already handles this.
+ # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead.
config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
# Compress JavaScripts and CSS.
config.assets.js_compressor = Uglifier.new(harmony: true)
# config.assets.css_compressor = :sass
- # Do not fallback to assets pipeline if a precompiled asset is missed.
+ # Do not fall back to assets pipeline if a precompiled asset is missed.
config.assets.compile = false
# Enable serving of images, stylesheets, and JavaScripts from an asset server.
@@ -43,22 +42,42 @@ Rails.application.configure do
# config.action_cable.url = "wss://example.com/cable"
# config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ]
+ # Assume all access to the app is happening through a SSL-terminating reverse proxy.
+ # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies.
+ # config.assume_ssl = true
+
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# Configure force_ssl in secrets.yml
config.force_ssl = Rails.application.secrets.force_ssl
- # Include generic and useful information about system operation, but avoid logging too much
- # information to avoid inadvertent exposure of personally identifiable information (PII).
- config.log_level = :warn
+ # Use default logging formatter so that PID and timestamp are not suppressed.
+ config.log_formatter = ::Logger::Formatter.new
+
+ # Rotate logger
+ logger = ActiveSupport::Logger.new(config.default_log_file, "daily")
+ logger.formatter = config.log_formatter
+ config.logger = ActiveSupport::TaggedLogging.new(logger)
+
+ # Log to STDOUT if enabled
+ if ENV["RAILS_LOG_TO_STDOUT"].present?
+ config.logger = ActiveSupport::Logger.new(STDOUT)
+ .tap { |logger| logger.formatter = ::Logger::Formatter.new }
+ .then { |logger| ActiveSupport::TaggedLogging.new(logger) }
+ end
# Prepend all log lines with the following tags.
config.log_tags = [:request_id]
+ # "info" includes generic and useful information about system operation, but avoids logging too much
+ # information to avoid inadvertent exposure of personally identifiable information (PII). If you
+ # want to log everything, set the level to "debug".
+ config.log_level = ENV.fetch("RAILS_LOG_LEVEL", "warn")
+
# Use a different cache store in production.
config.cache_store = :mem_cache_store, { namespace: proc { Tenant.current_schema }}
# Use a real queuing backend for Active Job (and separate queues per environment).
- # config.active_job.queue_adapter = :resque
+ # config.active_job.queue_adapter = :resque
# config.active_job.queue_name_prefix = "consul_#{Rails.env}"
config.action_mailer.perform_caching = false
@@ -82,26 +101,16 @@ Rails.application.configure do
# Don't log any deprecations.
config.active_support.report_deprecations = false
- # Use default logging formatter so that PID and timestamp are not suppressed.
- config.log_formatter = ::Logger::Formatter.new
-
- # Rotate logger
- logger = ActiveSupport::Logger.new(config.default_log_file, "daily")
- logger.formatter = config.log_formatter
- config.logger = ActiveSupport::TaggedLogging.new(logger)
-
- # Use a different logger for distributed setups.
- # require "syslog/logger"
- # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new "app-name")
-
- if ENV["RAILS_LOG_TO_STDOUT"].present?
- logger = ActiveSupport::Logger.new(STDOUT)
- logger.formatter = config.log_formatter
- config.logger = ActiveSupport::TaggedLogging.new(logger)
- end
-
# Do not dump schema after migrations.
config.active_record.dump_schema_after_migration = false
+
+ # Enable DNS rebinding protection and other `Host` header attacks.
+ # config.hosts = [
+ # "example.com", # Allow requests from example.com
+ # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com`
+ # ]
+ # Skip DNS rebinding protection for the default health check endpoint.
+ # config.host_authorization = { exclude: ->(request) { request.path == "/up" } }
end
require Rails.root.join("config", "environments", "custom", "production")
diff --git a/config/environments/test.rb b/config/environments/test.rb
index 17f91bad8..adf9b6a18 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -15,12 +15,13 @@ Rails.application.configure do
config.i18n.default_locale = :en
config.i18n.available_locales = %w[de en es fr nl pt-BR zh-CN]
- # Turn false under Spring and add config.action_view.cache_template_loading = true.
- config.cache_classes = true
+ # While tests run files are not watched, reloading is not necessary.
+ config.enable_reloading = false
- # Eager loading loads your whole application. When running a single test locally,
- # this probably isn't necessary. It's a good idea to do in a continuous integration
- # system, or in some way before deploying your code.
+ # Eager loading loads your entire application. When running a single test locally,
+ # this is usually not necessary, and can slow down your test suite. However, it's
+ # recommended that you enable it in continuous integration systems to ensure eager
+ # loading is working properly before deploying your code.
config.eager_load = ENV["CI"].present?
# Configure public file server for tests with Cache-Control for performance.
@@ -30,12 +31,12 @@ Rails.application.configure do
}
# Show full error reports and disable caching.
- config.consider_all_requests_local = true
+ config.consider_all_requests_local = true
config.action_controller.perform_caching = false
config.cache_store = :null_store
- # Raise exceptions instead of rendering exception templates.
- config.action_dispatch.show_exceptions = false
+ # Render exception templates for rescuable exceptions and raise for other exceptions.
+ config.action_dispatch.show_exceptions = :rescuable
# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false
@@ -66,11 +67,8 @@ Rails.application.configure do
# Annotate rendered view with file names.
# config.action_view.annotate_rendered_view_with_filenames = true
- # Limit size of local logs
- # TODO: replace with config.log_file_size after upgrading to Rails 7.1
- logger = ActiveSupport::Logger.new(config.default_log_file, 1, 100.megabytes)
- logger.formatter = config.log_formatter
- config.logger = ActiveSupport::TaggedLogging.new(logger)
+ # Raise error when a before_action's only/except options reference missing actions
+ # config.action_controller.raise_on_missing_callback_actions = true
# Allow managing different tenants using the same application
config.multitenancy = true
diff --git a/config/initializers/01_filter_parameter_logging.rb b/config/initializers/01_filter_parameter_logging.rb
index adc6568ce..c2d89e28a 100644
--- a/config/initializers/01_filter_parameter_logging.rb
+++ b/config/initializers/01_filter_parameter_logging.rb
@@ -1,8 +1,8 @@
# Be sure to restart your server when you modify this file.
-# Configure parameters to be filtered from the log file. Use this to limit dissemination of
-# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported
-# notations and behaviors.
+# Configure parameters to be partially matched (e.g. passw matches password) and filtered from the log file.
+# Use this to limit dissemination of sensitive information.
+# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
Rails.application.config.filter_parameters += [
:passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn
]
diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb
index 54f47cf15..b3076b38f 100644
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -16,9 +16,9 @@
# # policy.report_uri "/csp-violation-report-endpoint"
# end
#
-# # Generate session nonces for permitted importmap and inline scripts
+# # Generate session nonces for permitted importmap, inline scripts, and inline styles.
# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s }
-# config.content_security_policy_nonce_directives = %w(script-src)
+# config.content_security_policy_nonce_directives = %w(script-src style-src)
#
# # Report violations without enforcing the policy.
# # config.content_security_policy_report_only = true
diff --git a/config/initializers/disable_active_storage_pdf_auto_previews.rb b/config/initializers/disable_active_storage_pdf_auto_previews.rb
new file mode 100644
index 000000000..019b9fba8
--- /dev/null
+++ b/config/initializers/disable_active_storage_pdf_auto_previews.rb
@@ -0,0 +1,22 @@
+ActiveSupport.on_load(:active_storage_attachment) do
+ # Code copied from Rails 7.2. TODO: remove after upgrading to Rails 7.2
+ # See: https://github.com/rails/rails/pull/51351/files
+ class ActiveStorage::Attachment
+ private
+ def transform_variants_later
+ preprocessed_variations = named_variants.filter_map { |_name, named_variant|
+ if named_variant.preprocessed?(record)
+ named_variant.transformations
+ end
+ }
+
+ if blob.preview_image_needed_before_processing_variants? && preprocessed_variations.any?
+ blob.create_preview_image_later(preprocessed_variations)
+ else
+ preprocessed_variations.each do |transformations|
+ blob.preprocessed(transformations)
+ end
+ end
+ end
+ end
+end
diff --git a/config/initializers/permissions_policy.rb b/config/initializers/permissions_policy.rb
index 00f64d71b..7db3b9577 100644
--- a/config/initializers/permissions_policy.rb
+++ b/config/initializers/permissions_policy.rb
@@ -1,11 +1,13 @@
+# Be sure to restart your server when you modify this file.
+
# Define an application-wide HTTP permissions policy. For further
-# information see https://developers.google.com/web/updates/2018/06/feature-policy
-#
-# Rails.application.config.permissions_policy do |f|
-# f.camera :none
-# f.gyroscope :none
-# f.microphone :none
-# f.usb :none
-# f.fullscreen :self
-# f.payment :self, "https://secure.example.com"
+# information see: https://developers.google.com/web/updates/2018/06/feature-policy
+
+# Rails.application.config.permissions_policy do |policy|
+# policy.camera :none
+# policy.gyroscope :none
+# policy.microphone :none
+# policy.usb :none
+# policy.fullscreen :self
+# policy.payment :self, "https://secure.example.com"
# end
diff --git a/db/schema.rb b/db/schema.rb
index a3c4a7b45..4735d48d6 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.0].define(version: 2025_03_13_014205) do
+ActiveRecord::Schema[7.1].define(version: 2025_03_13_014205) do
# These are extensions that must be enabled in order to support this database
enable_extension "pg_trgm"
enable_extension "plpgsql"
diff --git a/spec/controllers/graphql_controller_spec.rb b/spec/controllers/graphql_controller_spec.rb
index c542593dc..507a19f65 100644
--- a/spec/controllers/graphql_controller_spec.rb
+++ b/spec/controllers/graphql_controller_spec.rb
@@ -4,10 +4,11 @@ require "rails_helper"
describe GraphqlController, type: :request do
let(:proposal) { create(:proposal) }
+ let(:query_string) { "{ proposal(id: #{proposal.id}) { title } }" }
describe "handles GET request" do
specify "with query string inside query params" do
- get "/graphql", params: { query: "{ proposal(id: #{proposal.id}) { title } }" }
+ get "/graphql", params: { query: query_string }
expect(response).to have_http_status(:ok)
expect(response.parsed_body["data"]["proposal"]["title"]).to eq(proposal.title)
@@ -33,7 +34,7 @@ describe GraphqlController, type: :request do
let(:json_headers) { { "CONTENT_TYPE" => "application/json" } }
specify "with json-encoded query string inside body" do
- post "/graphql", params: { query: "{ proposal(id: #{proposal.id}) { title } }" }.to_json,
+ post "/graphql", params: { query: query_string }.to_json,
headers: json_headers
expect(response).to have_http_status(:ok)
@@ -42,7 +43,7 @@ describe GraphqlController, type: :request do
specify "with raw query string inside body" do
graphql_headers = { "CONTENT_TYPE" => "application/graphql" }
- post "/graphql", params: "{ proposal(id: #{proposal.id}) { title } }",
+ post "/graphql", params: query_string,
headers: graphql_headers
expect(response).to have_http_status(:ok)
@@ -66,8 +67,6 @@ describe GraphqlController, type: :request do
end
describe "correctly parses query variables" do
- let(:query_string) { "{ proposal(id: #{proposal.id}) { title } }" }
-
specify "when absent" do
get "/graphql", params: { query: query_string }
@@ -91,8 +90,13 @@ describe GraphqlController, type: :request do
before { Setting["feature.graphql_api"] = false }
it "is disabled" do
- expect { get "/graphql" }.to raise_exception(FeatureFlags::FeatureDisabled)
- expect { post "/graphql" }.to raise_exception(FeatureFlags::FeatureDisabled)
+ get "/graphql", params: { query: query_string }
+
+ expect(response).to have_http_status(:forbidden)
+
+ post "/graphql", params: { query: query_string }
+
+ expect(response).to have_http_status(:forbidden)
end
end
end
diff --git a/spec/controllers/officing/voters_controller_spec.rb b/spec/controllers/officing/voters_controller_spec.rb
index 4763615e4..c35ba974d 100644
--- a/spec/controllers/officing/voters_controller_spec.rb
+++ b/spec/controllers/officing/voters_controller_spec.rb
@@ -15,7 +15,7 @@ describe Officing::VotersController do
voter: { poll_id: poll.id, user_id: user.id },
format: :js
}
- rescue ActionDispatch::IllegalStateError, ActiveRecord::RecordInvalid
+ rescue ActiveRecord::RecordInvalid
end
end.each(&:join)
diff --git a/spec/controllers/polls/answers_controller_spec.rb b/spec/controllers/polls/answers_controller_spec.rb
index 171fc1cc8..a5286da3c 100644
--- a/spec/controllers/polls/answers_controller_spec.rb
+++ b/spec/controllers/polls/answers_controller_spec.rb
@@ -13,7 +13,7 @@ describe Polls::AnswersController do
option_id: question.question_options.find_by(title: "Answer A").id,
format: :js
}
- rescue ActionDispatch::IllegalStateError, ActiveRecord::RecordInvalid
+ rescue ActiveRecord::RecordInvalid
end
end.each(&:join)
diff --git a/spec/models/legislation/draft_version_spec.rb b/spec/models/legislation/draft_version_spec.rb
index 968824cf1..d9f68891e 100644
--- a/spec/models/legislation/draft_version_spec.rb
+++ b/spec/models/legislation/draft_version_spec.rb
@@ -135,16 +135,14 @@ describe Legislation::DraftVersion do
Something about this.
-
-
+
| id |
name |
age |
gender |
-
-
+
| 1 |
Roberta |
@@ -157,8 +155,7 @@ describe Legislation::DraftVersion do
25 |
F |
-
-
+
BODY_HTML
end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index c7d2e2079..a409eb399 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -10,7 +10,7 @@ Dir["./spec/shared/**/*.rb"].sort.each { |f| require f }
RSpec.configure do |config|
config.use_transactional_fixtures = true
- config.fixture_path = "spec/fixtures/files"
+ config.fixture_paths = ["spec/fixtures/files"]
config.filter_run_when_matching :focus
config.include RequestSpecHelper, type: :request
@@ -102,7 +102,7 @@ RSpec.configure do |config|
allow(Rails.application).to receive(:env_config) do
config.merge(
- "action_dispatch.show_exceptions" => true,
+ "action_dispatch.show_exceptions" => :all,
"action_dispatch.show_detailed_exceptions" => false,
"consider_all_requests_local" => false
)
diff --git a/spec/system/admin/banners_spec.rb b/spec/system/admin/banners_spec.rb
index c2bbab091..29a6eeb7d 100644
--- a/spec/system/admin/banners_spec.rb
+++ b/spec/system/admin/banners_spec.rb
@@ -86,7 +86,7 @@ describe "Admin banners magement", :admin do
visit proposals_path
expect(page).to have_content "Such banner"
- expect(page).to have_link "Such banner many text wow link", href: "https://www.url.com"
+ expect(page).to have_link "Such banner", href: "https://www.url.com"
end
scenario "Publish a banner with a translation different than the current locale" do
diff --git a/spec/system/comments_spec.rb b/spec/system/comments_spec.rb
index a5676fd3c..a20ce20a3 100644
--- a/spec/system/comments_spec.rb
+++ b/spec/system/comments_spec.rb
@@ -267,7 +267,7 @@ describe "Comments" do
scenario "Sanitizes comment body for security" do
create(:comment, commentable: resource,
body: " " \
- "click me " \
+ "click me " \
"http://www.url.com")
visit polymorphic_path(resource)
diff --git a/spec/system/debates_spec.rb b/spec/system/debates_spec.rb
index 2e4d49bb7..9604e4e59 100644
--- a/spec/system/debates_spec.rb
+++ b/spec/system/debates_spec.rb
@@ -296,7 +296,7 @@ describe "Debates" do
scenario "JS injection is prevented but autolinking is respected", :no_js do
author = create(:user)
js_injection_string = " " \
- "click me " \
+ "click me " \
"http://example.org"
login_as(author)
diff --git a/spec/system/multitenancy_spec.rb b/spec/system/multitenancy_spec.rb
index 57777ac15..f984428ba 100644
--- a/spec/system/multitenancy_spec.rb
+++ b/spec/system/multitenancy_spec.rb
@@ -3,7 +3,7 @@ require "rails_helper"
describe "Multitenancy", :seed_tenants do
before { create(:tenant, schema: "mars") }
- scenario "Disabled features", :no_js do
+ scenario "Disabled features", :show_exceptions do
create(:tenant, schema: "venus")
Tenant.switch("mars") { Setting["process.debates"] = true }
Tenant.switch("venus") { Setting["process.debates"] = nil }
@@ -15,7 +15,9 @@ describe "Multitenancy", :seed_tenants do
end
with_subdomain("venus") do
- expect { visit debates_path }.to raise_exception(FeatureFlags::FeatureDisabled)
+ visit debates_path
+
+ expect(page).to have_title "Forbidden"
end
end
diff --git a/spec/system/proposals_spec.rb b/spec/system/proposals_spec.rb
index dc9912e05..77f2ad1c3 100644
--- a/spec/system/proposals_spec.rb
+++ b/spec/system/proposals_spec.rb
@@ -514,7 +514,7 @@ describe "Proposals" do
scenario "JS injection is prevented but autolinking is respected", :no_js do
author = create(:user)
js_injection_string = " " \
- "click me " \
+ "click me " \
"http://example.org"
login_as(author)