Merge branch 'master' of https://github.com/otwcode/otwarchive

denerose · Feb 11, 2024 · 6a236a5 · 6a236a5
2 parents 5cb3009 + 4e56a34
commit 6a236a5
Show file tree

Hide file tree

Showing 107 changed files with 1,077 additions and 684 deletions.
diff --git a/.github/workflows/automated-tests.yml b/.github/workflows/automated-tests.yml
@@ -110,11 +110,11 @@ jobs:
 
       - name: Cache VCR cassettes
         if: ${{ matrix.tests.vcr }}
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: features/cassette_library
 
-          # Unfortunately, the actions/cache@v3 version doesn't allow the cache
+          # Unfortunately, the actions/cache@v4 version doesn't allow the cache
           # key to be overwritten if there's an exact match. So instead we add
           # a unique identifier to the key to always force a "cache miss", and
           # restore from related keys to make sure that we still get to load a
@@ -149,7 +149,7 @@ jobs:
         run: bundle exec ${{ matrix.tests.command }} ${{ matrix.tests.arguments }}
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           # Optional for public repos. However, individual forks can set this
           # secret to reduce the chance of being rate-limited by GitHub.
@@ -160,7 +160,7 @@ jobs:
 
       - name: Upload failure screenshots
         if: ${{ failure() && matrix.tests.command == 'cucumber' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: test failures ${{ hashFiles('tmp/capybara/*') }}
           path: tmp/capybara
diff --git a/.github/workflows/brakeman-scan.yml b/.github/workflows/brakeman-scan.yml
@@ -39,6 +39,6 @@ jobs:
 
     # Upload the SARIF file generated in the previous step
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: output.sarif.json
diff --git a/.github/workflows/reviewdog.yml b/.github/workflows/reviewdog.yml
@@ -21,7 +21,7 @@ jobs:
           bundler-cache: true
 
       - name: rubocop
-        uses: reviewdog/action-rubocop@e70b014b8062c447d6b515ee0209f834ea93e696
+        uses: reviewdog/action-rubocop@32686543011497c256009cce0c94b73a8179cbdb
         with:
           use_bundler: true
           reporter: github-pr-check

diff --git a/Gemfile b/Gemfile
@@ -147,6 +147,7 @@ group :test, :development do
   gem 'whiny_validation'
   gem "factory_bot_rails"
   gem 'minitest'
+  gem "listen", "~> 3.3"
   gem "i18n-tasks", require: false
 end
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -120,6 +120,7 @@ GEM
     aws-sigv4 (1.4.0)
       aws-eventstream (~> 1, >= 1.0.2)
     backports (3.23.0)
+    base64 (0.2.0)
     bcrypt (3.1.16)
     better_html (2.0.1)
       actionview (>= 6.0)
@@ -163,7 +164,7 @@ GEM
     chronic (0.10.2)
     climate_control (0.2.0)
     coderay (1.1.3)
-    concurrent-ruby (1.2.2)
+    concurrent-ruby (1.2.3)
     connection_pool (2.2.5)
     crack (0.4.5)
       rexml
@@ -242,7 +243,7 @@ GEM
       smart_properties
     erubi (1.12.0)
     escape_utils (1.2.1)
-    et-orbi (1.2.6)
+    et-orbi (1.2.7)
       tzinfo
     factory_bot (6.2.1)
       activesupport (>= 5.0.0)
@@ -275,8 +276,9 @@ GEM
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
     fastimage (2.2.6)
-    fugit (1.5.2)
-      et-orbi (~> 1.1, >= 1.1.8)
+    ffi (1.16.3)
+    fugit (1.9.0)
+      et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     gherkin (5.1.0)
     globalid (1.0.1)
@@ -315,6 +317,9 @@ GEM
       terrapin (~> 0.6.0)
     launchy (2.5.0)
       addressable (~> 2.7)
+    listen (3.8.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
     lograge (0.11.2)
       actionpack (>= 4)
       activesupport (>= 4)
@@ -348,12 +353,12 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.2)
     minitest (5.17.0)
-    mono_logger (1.1.1)
+    mono_logger (1.1.2)
     multi_json (1.15.0)
     multi_test (0.1.2)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
-    mustermann (2.0.2)
+    mustermann (3.0.0)
       ruby2_keywords (~> 0.0.1)
     mysql2 (0.5.4)
     n_plus_one_control (0.6.2)
@@ -404,8 +409,9 @@ GEM
       rack (>= 1.0, < 3)
     rack-dev-mark (0.7.9)
       rack (>= 1.1, < 2.3)
-    rack-protection (2.2.3)
-      rack
+    rack-protection (3.2.0)
+      base64 (>= 0.1.0)
+      rack (~> 2.2, >= 2.2.4)
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (6.1.7.4)
@@ -444,6 +450,9 @@ GEM
     rainbow (3.1.1)
     raindrops (0.20.0)
     rake (13.0.6)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.10.1)
+      ffi (~> 1.0)
     redis (3.3.5)
     redis-namespace (1.8.1)
       redis (>= 3.0.4)
@@ -453,17 +462,16 @@ GEM
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
-    resque (2.2.0)
+    resque (2.6.0)
       mono_logger (~> 1.0)
       multi_json (~> 1.0)
       redis-namespace (~> 1.6)
       sinatra (>= 0.9.2)
-      vegas (~> 0.1.2)
-    resque-scheduler (4.5.0)
+    resque-scheduler (4.10.2)
       mono_logger (~> 1.0)
       redis (>= 3.3)
       resque (>= 1.27)
-      rufus-scheduler (~> 3.2, < 3.7)
+      rufus-scheduler (~> 3.2, != 3.3)
     rest-client (2.1.0)
       http-accept (>= 1.7.0, < 2.0)
       http-cookie (>= 1.0.2, < 2.0)
@@ -509,7 +517,7 @@ GEM
     ruby2_keywords (0.0.5)
     rubyntlm (0.6.3)
     rubyzip (2.3.2)
-    rufus-scheduler (3.6.0)
+    rufus-scheduler (3.9.1)
       fugit (~> 1.1, >= 1.1.6)
     rvm-capistrano (1.5.6)
       capistrano (~> 2.15.4)
@@ -535,10 +543,10 @@ GEM
       simplecov (~> 0.19)
     simplecov-html (0.12.3)
     simplecov_json_formatter (0.1.3)
-    sinatra (2.2.3)
-      mustermann (~> 2.0)
-      rack (~> 2.2)
-      rack-protection (= 2.2.3)
+    sinatra (3.2.0)
+      mustermann (~> 3.0)
+      rack (~> 2.2, >= 2.2.4)
+      rack-protection (= 3.2.0)
       tilt (~> 2.0)
     smart_properties (1.17.0)
     sprockets (3.7.2)
@@ -556,7 +564,7 @@ GEM
     test-unit (3.5.3)
       power_assert
     thor (1.2.1)
-    tilt (2.0.11)
+    tilt (2.3.0)
     timecop (0.9.4)
     timeliness (0.4.4)
     tzinfo (2.0.6)
@@ -573,8 +581,6 @@ GEM
     unidecoder (1.1.2)
     uniform_notifier (1.14.2)
     vcr (3.0.3)
-    vegas (0.1.11)
-      rack (>= 1.0.0)
     warden (1.2.9)
       rack (>= 2.0.9)
     webmock (3.18.1)
@@ -648,6 +654,7 @@ DEPENDENCIES
   kgio (= 2.10.0)
   kt-paperclip (>= 5.2.0)
   launchy
+  listen (~> 3.3)
   lograge
   mechanize
   mimemagic (= 0.3.10)

diff --git a/app/controllers/admin/admin_users_controller.rb b/app/controllers/admin/admin_users_controller.rb
@@ -133,13 +133,13 @@ def confirm_delete_user_creations
     @works = @user.works.paginate(page: params[:works_page])
     @comments = @user.comments.paginate(page: params[:comments_page])
     @bookmarks = @user.bookmarks
-    @collections = @user.collections
+    @collections = @user.sole_owned_collections
     @series = @user.series
   end
 
   def destroy_user_creations
     authorize @user
-    creations = @user.works + @user.bookmarks + @user.collections + @user.comments
+    creations = @user.works + @user.bookmarks + @user.sole_owned_collections + @user.comments
     creations.each do |creation|
       AdminActivity.log_action(current_admin, creation, action: "destroy spam", summary: creation.inspect)
       creation.mark_as_spam! if creation.respond_to?(:mark_as_spam!)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -1,5 +1,3 @@
-PROFILER_SESSIONS_FILE = 'used_tags.txt'
-
 class ApplicationController < ActionController::Base
   include Pundit
   protect_from_forgery with: :exception, prepend: true
@@ -98,6 +96,17 @@ def redirect_to(*args, **kwargs)
     end
   end
 
+  # Migrates session cookies from encrypted to signed format
+  before_action :migrate_session_cookie_20231230
+  def migrate_session_cookie_20231230
+    # If the request contains a valid encrypted session cookie, it means the
+    # session hasn't yet been migrated to a signed cookie, so we update the
+    # session with the contents of the encrypted cookie.
+    if cookies.encrypted[:_otwarchive_session].present?
+      session.update(cookies.encrypted[:_otwarchive_session])
+    end
+  end
+
   after_action :ensure_admin_credentials
   def ensure_admin_credentials
     if logged_in_as_admin?
@@ -135,23 +144,8 @@ def ensure_user_credentials
     end
   end
 
-  # mark the flash as being set (called when flash is set)
-  def set_flash_cookie(key=nil, msg=nil)
-    cookies[:flash_is_set] = 1
-  end
-  # aliasing setflash for set_flash_cookie
-  # def setflash (this is here in case someone is grepping for the definition of the method)
-  alias :setflash :set_flash_cookie
-
 protected
 
-  def record_not_found (exception)
-    @message=exception.message
-    respond_to do |f|
-      f.html{ render template: "errors/404", status: 404 }
-    end
-  end
-
   def logged_in?
     user_signed_in?
   end
@@ -352,8 +346,6 @@ def not_allowed(fallback=nil)
   end
 
 
-  @over_anon_threshold = true if @over_anon_threshold.nil?
-
   def get_page_title(fandom, author, title, options = {})
     # truncate any piece that is over 15 chars long to the nearest word
     if options[:truncate]
@@ -381,11 +373,6 @@ def get_page_title(fandom, author, title, options = {})
   #### -- AUTHORIZATION -- ####
 
   # It is just much easier to do this here than to try to stuff variable values into a constant in environment.rb
-  before_action :set_redirects
-  def set_redirects
-    @logged_in_redirect = url_for(current_user) if current_user.is_a?(User)
-    @logged_out_redirect = new_user_session_path
-  end
 
   def is_registered_user?
     logged_in? || logged_in_as_admin?
@@ -471,13 +458,6 @@ def check_permission_to_wrangle
     end
   end
 
-  private
- # With thanks from here: http://blog.springenwerk.com/2008/05/set-date-attribute-from-dateselect.html
-  def convert_date(hash, date_symbol_or_string)
-    attribute = date_symbol_or_string.to_s
-    return Date.new(hash[attribute + '(1i)'].to_i, hash[attribute + '(2i)'].to_i, hash[attribute + '(3i)'].to_i)
-  end
-
   public
 
   def valid_sort_column(param, model='work')
@@ -519,8 +499,8 @@ def flash_search_warnings(result)
   end
 
   # Don't get unnecessary data for json requests
+
   skip_before_action  :load_admin_banner,
-                      :set_redirects,
                       :store_location,
                       if: proc { %w(js json).include?(request.format) }
 

diff --git a/app/controllers/autocomplete_controller.rb b/app/controllers/autocomplete_controller.rb
@@ -3,7 +3,6 @@ class AutocompleteController < ApplicationController
 
   skip_before_action :store_location
   skip_before_action :set_current_user, except: [:collection_parent_name, :owned_tag_sets, :site_skins]
-  skip_before_action :set_redirects
   skip_before_action :sanitize_ac_params # can we dare!
 
   #### DO WE NEED THIS AT ALL? IF IT FIRES WITHOUT A TERM AND 500s BECAUSE USER DID SOMETHING WACKY SO WHAT

diff --git a/app/controllers/external_works_controller.rb b/app/controllers/external_works_controller.rb
@@ -11,7 +11,7 @@ def new
   # Used with bookmark form to get an existing external work and return it via ajax
   def fetch
    if params[:external_work_url]
-     url = ExternalWork.new.reformat_url(params[:external_work_url])
+     url = Addressable::URI.heuristic_parse(params[:external_work_url]).to_str
      @external_work = ExternalWork.where(url: url).first
    end
    respond_to do |format|

diff --git a/app/controllers/invite_requests_controller.rb b/app/controllers/invite_requests_controller.rb
@@ -9,40 +9,17 @@ def index
   # GET /invite_requests/1
   def show
     @invite_request = InviteRequest.find_by(email: params[:email])
-
-    if @invite_request.present?
-      @position_in_queue = @invite_request.position
-    else
-      @invitation = Invitation.unredeemed.from_queue.find_by(invitee_email: params[:email])
+    @position_in_queue = @invite_request.position if @invite_request.present?
+    unless (request.xml_http_request?) || @invite_request
+      flash[:error] = "You can search for the email address you signed up with below. If you can't find it, your invitation may have already been emailed to that address; please check your email spam folder as your spam filters may have placed it there."
+      redirect_to status_invite_requests_path and return
     end
-
     respond_to do |format|
       format.html
       format.js
     end
   end
 
-  def resend
-    @invitation = Invitation.unredeemed.from_queue.find_by(invitee_email: params[:email])
-
-    if @invitation.nil?
-      flash[:error] = t("invite_requests.resend.not_found")
-    elsif !@invitation.can_resend?
-      flash[:error] = t("invite_requests.resend.not_yet",
-                        count: ArchiveConfig.HOURS_BEFORE_RESEND_INVITATION)
-    else
-      @invitation.send_and_set_date(resend: true)
-
-      if @invitation.errors.any?
-        flash[:error] = @invitation.errors.full_messages.first
-      else
-        flash[:notice] = t("invite_requests.resend.success", email: @invitation.invitee_email)
-      end
-    end
-
-    redirect_to status_invite_requests_path
-  end
-
   # POST /invite_requests
   def create
     unless AdminSetting.current.invite_from_queue_enabled?

diff --git a/app/controllers/skins_controller.rb b/app/controllers/skins_controller.rb
@@ -77,7 +77,7 @@ def create
         flash[:notice] += ts(" We've added all the archive skin components as parents. You probably want to remove some of them now!")
         redirect_to edit_skin_path(@skin)
       else
-        redirect_to @skin
+        redirect_to skin_path(@skin)
       end
     else
       if params[:wizard]