We have to doble check all emails deliveries from the dashboard.
Using a setting to skip all dashboard email deliveries for now.
Note that a rake task to activated the `Setting["dashboard.emails"]` will need to be addded when we want to activate deliveries of these emails.
Before we used the standard poll url (vota/:id) for a user generated poll.
However this url is considered too important for this kind of polls, so we are changing it to a namespaced url (proposals/:proposal_id/polls/:id)
We were sending a new request without checking the previous one had
finished, and if it hadn't finished, the test failed.
This test started to fail after upgrading to Rails 5, since we removed
the change done in commit eda47eff which set `config.allow_concurrency`
to `false` in the test environment.
While we could re-introduce that configuration option, which might have
side effects, an easier solution is to check an AJAX request has been
completed before sending a new request depending on the previous one
seems to be a more solid option.
Note this test failed with two possible errors: "undefined method
`heading' for nil:NilClass" and "stale element reference: element is not
attached to the page document". This change fixes the second error; it
might fix the first error as well, but since I couldn't reproduce it
locally, we'll only be sure when this test stops failing in travis
builds.
When requesting files like `/hackattempt.js`, the pages controller was
responding with 404 status code.
However, since the request was considered a JavaScript request (because
of the `.js` extension), the response was also considered to be a
JavaScript one, and since the request wasn't an AJAX request, our
protection from forgery was preventing a potential security issue by
raising an InvalidCrossOriginRequest exception.
By setting HTML as content type, we correctly respond with a 404 status
code.
More info:
https://die-antwort.eu/techblog/2018-08-avoid-invalid-cross-origin-request-with-catch-all-route/
We were raising a `CanCan::AcessDenied` and were getting a 500 Internal
Server Error.
I've chosen to do the same thing we do in the ApplicationController.
There are other options to handle this request, like redirecting to the
login page or returning a 401 Unauthorized HTTP status.
Metrics/LineLength: Line is too long.
RSpec/InstanceVariable: Use let instead of an instance variable.
Layout/TrailingBlankLines: Final newline missing.
Style/StringLiterals: Prefer double-quoted strings.
If tests run very fast all votes are created within the last 24
hours, so hot_score has the same value if the creation date for the
votes is Time.current or 1.day.ago.
Creating the votes 48 hours ago we make sure hot_score has the
correct value and the tests pass correctly.
If budget is in balloting phase and there are voted investments, it
was not possible to print budgets investments because the ballot was
never being loaded in the controller and therefore an error was raised
when rendering the view.
Failure/Error: <% if ballot.has_investment?(investment) %>
ActionView::Template::Error:
undefined method `has_investment?' for nil:NilClass
app/views/budgets/investments/_ballot.html.erb:3
app/views/budgets/investments/_investment.html.erb:88
app/views/custom/management/budgets/investments/print.html.erb:26
We were getting a 500 Internal Server Error because `find_by` returned
`nil`, but the code assumed it returned an object responding to
`encrypted_password`. In this case, maybe some other status code (like
400 or 401) might be more appropriate, but I've kept 404 because it was
easier to implement and I wasn't sure which one was better.
Also note ideally we would test the controller using:
expect(response).to have_http_status(:not_found)
However, we would need to configure the test to show exceptions and not
to consider all requests local. I haven't been able to do so for
controller tests, and doing so for feature/request specs seems to
require changes in the test environment configuration which would affect
other tests.
