bullet_train 1.0.4 → 1.0.8

data/app/controllers/concerns/account/users/controller_base.rb

@@ -0,0 +1,63 @@
+module Account::Users::ControllerBase
+  extend ActiveSupport::Concern
+
+  included do
+    load_and_authorize_resource
+
+    before_action do
+      # for magic locales.
+      @child_object = @user
+    end
+  end
+
+  # GET /account/users/1/edit
+  def edit
+  end
+
+  # GET /account/users/1
+  def show
+  end
+
+  def updating_password?
+    params[:user].key?(:password)
+  end
+
+  # PATCH/PUT /account/users/1
+  # PATCH/PUT /account/users/1.json
+  def update
+    respond_to do |format|
+      if updating_password? ? @user.update_with_password(user_params) : @user.update_without_password(user_params)
+        # if you update your own user account, devise will normally kick you out, so we do this instead.
+        bypass_sign_in current_user.reload
+        format.html { redirect_to [:edit, :account, @user], notice: t("users.notifications.updated") }
+        format.json { render :show, status: :ok, location: [:account, @user] }
+      else
+        format.html { render :edit, status: :unprocessable_entity }
+        format.json { render json: @user.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  private
+
+  # Never trust parameters from the scary internet, only allow the white list through.
+  def user_params
+    # TODO enforce permissions on updating the user's team name.
+    params.require(:user).permit(
+      :email,
+      :first_name,
+      :last_name,
+      :time_zone,
+      :current_password,
+      :password,
+      :password_confirmation,
+      :profile_photo_id,
+      :locale,
+      # 🚅 super scaffolding will insert new fields above this line.
+      current_team_attributes: [:name],
+      # 🚅 super scaffolding will insert new arrays above this line.
+    )
+
+    # 🚅 super scaffolding will insert processing for new fields above this line.
+  end
+end

data/app/controllers/concerns/controllers/base.rb

@@ -0,0 +1,119 @@
+module Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    # these are common for authentication workflows.
+    include InvitationOnlyHelper
+    include InvitationsHelper
+
+    include DeviseCurrentAttributes
+
+    around_action :set_locale
+    layout :layout_by_resource
+
+    before_action { @updating = request.headers["X-Cable-Ready"] == "update" }
+
+    # TODO Extract this into an optional `bullet_train-sentry` package.
+    before_action :set_sentry_context
+
+    skip_before_action :verify_authenticity_token, if: -> { controller_name == "sessions" && action_name == "create" }
+
+    rescue_from CanCan::AccessDenied do |exception|
+      if current_user.nil?
+        respond_to do |format|
+          format.html do
+            session["user_return_to"] = request.path
+            redirect_to [:new, :user, :session], alert: exception.message
+          end
+        end
+      elsif current_user.teams.none?
+        respond_to do |format|
+          format.html { redirect_to [:new, :account, :team], alert: exception.message }
+        end
+      else
+        respond_to do |format|
+          # TODO we do this for now because it ensures `current_team` doesn't remain set in an invalid state.
+          format.html { redirect_to [:account, current_user.teams.first], alert: exception.message }
+        end
+      end
+    end
+  end
+
+  # this is an ugly hack, but it's what is recommended at
+  # https://github.com/plataformatec/devise/wiki/How-To:-Create-custom-layouts
+  def layout_by_resource
+    if devise_controller?
+      "devise"
+    else
+      "public"
+    end
+  end
+
+  def after_sign_in_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def after_sign_up_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def current_team
+    helpers.current_team
+  end
+
+  def current_membership
+    helpers.current_membership
+  end
+
+  def current_locale
+    helpers.current_locale
+  end
+
+  def enforce_invitation_only
+    if invitation_only?
+      unless helpers.invited?
+        redirect_to [:account, :teams], notice: t("teams.notifications.invitation_only")
+      end
+    end
+  end
+
+  def set_locale
+    I18n.locale = [
+      current_user&.locale,
+      current_user&.current_team&.locale,
+      http_accept_language.compatible_language_from(I18n.available_locales),
+      I18n.default_locale.to_s
+    ].compact.find { |potential_locale| I18n.available_locales.include?(potential_locale.to_sym) }
+    yield
+    I18n.locale = I18n.default_locale
+  end
+
+  # Whitelist the account namespace and prevent JavaScript
+  # embedding when passing paths as parameters in links.
+  def only_allow_path(path)
+    return if path.nil?
+    account_namespace_regexp = /^\/account\/*+/
+    scheme = URI.parse(path).scheme
+    return nil unless path.match?(account_namespace_regexp) && scheme != "javascript"
+    path
+  end
+
+  # TODO Extract this into an optional `bullet_train-sentry` package.
+  def set_sentry_context
+    return unless ENV["SENTRY_DSN"]
+
+    Sentry.configure_scope do |scope|
+      scope.set_user(id: current_user.id, email: current_user.email) if current_user
+
+      scope.set_context(
+        "request",
+        {
+          url: request.url,
+          params: params.to_unsafe_h
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/devise_current_attributes.rb

@@ -0,0 +1,13 @@
+module DeviseCurrentAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_current_user
+  end
+
+  def set_current_user
+    if current_user
+      Current.user = current_user
+    end
+  end
+end

data/app/controllers/concerns/registrations/controller_base.rb

@@ -0,0 +1,39 @@
+module Registrations::ControllerBase
+  extend ActiveSupport::Concern
+
+  included do
+    def new
+      if invitation_only?
+        unless session[:invitation_uuid] || session[:invitation_key]
+          return redirect_to root_path
+        end
+      end
+
+      # do all the regular devise stuff.
+      super
+    end
+
+    def create
+      # do all the regular devise stuff first.
+      super
+
+      # if current_user is defined, that means they were successful registering.
+      if current_user
+
+        # TODO i think this might be redundant. we've added a hook into `session["user_return_to"]` in the
+        # `invitations#accept` action and that might be enough to get them where they're supposed to be after
+        # either creating a new account or signing into an existing account.
+        handle_outstanding_invitation
+
+        # if the user doesn't have a team at this point, create one.
+        unless current_user.teams.any?
+          current_user.create_default_team
+        end
+
+        # send the welcome email.
+        current_user.send_welcome_email unless current_user.email_is_oauth_placeholder?
+
+      end
+    end
+  end
+end

data/app/controllers/concerns/sessions/controller_base.rb

@@ -0,0 +1,15 @@
+module Sessions::ControllerBase
+  extend ActiveSupport::Concern
+
+  included do
+    def pre_otp
+      if (@email = params["user"]["email"].downcase.strip.presence)
+        @user = User.find_by(email: @email)
+      end
+
+      respond_to do |format|
+        format.js
+      end
+    end
+  end
+end

data/app/controllers/registrations_controller.rb

@@ -0,0 +1,9 @@
+# i really, really wanted this controller in a namespace, but devise doesn't
+# appear to support it. instead, i got the following error:
+#
+#   'Authentication::RegistrationsController' is not a supported controller name.
+#   This can lead to potential routing problems.
+
+class RegistrationsController < Devise::RegistrationsController
+  include Registrations::ControllerBase
+end

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,3 @@
+class SessionsController < Devise::SessionsController
+  include Sessions::ControllerBase
+end

data/app/helpers/account/buttons_helper.rb

@@ -0,0 +1,12 @@
+module Account::ButtonsHelper
+  def first_button_primary(context = nil)
+    @global ||= {}
+
+    if !@global[context]
+      @global[context] = true
+      "button"
+    else
+      "button-secondary"
+    end
+  end
+end

data/app/helpers/account/dates_helper.rb

@@ -0,0 +1,38 @@
+module Account::DatesHelper
+  # e.g. October 11, 2018
+  def display_date(timestamp)
+    return nil unless timestamp
+    if local_time(timestamp).year == local_time(Time.now).year
+      local_time(timestamp).strftime("%B %-d")
+    else
+      local_time(timestamp).strftime("%B %-d, %Y")
+    end
+  end
+
+  # e.g. October 11, 2018 at 4:22 PM
+  # e.g. Yesterday at 2:12 PM
+  # e.g. April 24 at 7:39 AM
+  def display_date_and_time(timestamp)
+    return nil unless timestamp
+
+    # today?
+    if local_time(timestamp).to_date == local_time(Time.now).to_date
+      "Today at #{display_time(timestamp)}"
+    # yesterday?
+    elsif (local_time(timestamp).to_date) == (local_time(Time.now).to_date - 1.day)
+      "Yesterday at #{display_time(timestamp)}"
+    else
+      "#{display_date(timestamp)} at #{display_time(timestamp)}"
+    end
+  end
+
+  # e.g. 4:22 PM
+  def display_time(timestamp)
+    local_time(timestamp).strftime("%l:%M %p")
+  end
+
+  def local_time(time)
+    return time if current_user.time_zone.nil?
+    time.in_time_zone(current_user.time_zone)
+  end
+end

data/app/helpers/account/forms_helper.rb

@@ -0,0 +1,67 @@
+module Account::FormsHelper
+  PRESENCE_VALIDATORS = [ActiveRecord::Validations::PresenceValidator, ActiveModel::Validations::PresenceValidator]
+
+  def presence_validated?(object, attribute)
+    validators = object.class.validators
+    validators.select! do |validator|
+      PRESENCE_VALIDATORS.include?(validator.class) && validator.attributes.include?(attribute)
+    end
+    validators.any?
+  end
+
+  def flush_content_for(name)
+    content_for name, flush: true do
+      ""
+    end
+  end
+
+  def options_with_labels(options, namespace)
+    hash = {}
+    options.each do |option|
+      hash[option] = t([namespace, option].join("."))
+    end
+    hash
+  end
+
+  def if_present(string)
+    string.present? ? string : nil
+  end
+
+  def id_for(form, method)
+    [form.object.class.name, form.index, method].compact.join("_").underscore
+  end
+
+  def model_key(form)
+    form.object.class.name.pluralize.underscore
+  end
+
+  def labels_for(form, method)
+    keys = [:placeholder, :label, :help, :options_help]
+    path = [model_key(form), (current_fields_namespace || :fields), method].compact
+    Struct.new(*keys).new(*keys.map { |key| t((path + [key]).join("."), default: "").presence })
+  end
+
+  def options_for(form, method)
+    # e.g. "scaffolding/completely_concrete/tangible_things.fields.text_area_value.options"
+    path = [model_key(form), (current_fields_namespace || :fields), method, :options]
+    t(path.compact.join("."))
+  end
+
+  def legacy_label_for(form, method)
+    # e.g. 'scaffolding/things.labels.name'
+    key = "#{model_key(form)}.labels.#{method}"
+    #  e.g. 'scaffolding/things.labels.name' or 'scaffolding.things.labels.name' or nil
+    t(key, default: "").presence || t(key.tr("/", "."), default: "").presence
+  end
+
+  def within_fields_namespace(namespace)
+    @fields_namespaces ||= []
+    @fields_namespaces << namespace
+    yield
+    @fields_namespaces.pop
+  end
+
+  def current_fields_namespace
+    @fields_namespaces&.last
+  end
+end

data/app/helpers/account/locale_helper.rb

@@ -0,0 +1,51 @@
+module Account::LocaleHelper
+  def current_locale
+    current_user.locale || current_team.locale || "en"
+  end
+
+  # as of now, we only calculate a possessive version of nouns in english.
+  # if you're aware of another language where we can do this, please don't hesitate to reach out!
+  def possessive_string(string)
+    [:en].include?(I18n.locale) ? string.possessive : string
+  end
+
+  def model_locales(model)
+    name = model.label_string.presence
+    return {} unless name
+
+    hash = {}
+    prefix = model.class.name.split("::").last.underscore
+    hash[:"#{prefix}_name"] = name
+    hash[:"#{prefix.pluralize}_possessive"] = possessive_string(name)
+
+    hash
+  end
+
+  def models_locales(*models)
+    hash = {}
+    models.compact.each do |model|
+      hash.merge! model_locales(model)
+    end
+    hash
+  end
+
+  # this is a bit scary, no?
+  def account_controller?
+    controller.class.name.match(/^Account::/)
+  end
+
+  def t(key, options = {})
+    if account_controller?
+      # give preference to the options they've passed in.
+      options = models_locales(@child_object, @parent_object).merge(options)
+    end
+    super(key, options)
+  end
+
+  # like 't', but if the key isn't found, it returns nil.
+  def ot(key, options = {})
+    t(key, options)
+  rescue I18n::MissingTranslationData => _
+    nil
+  end
+end

data/app/helpers/account/markdown_helper.rb

@@ -0,0 +1,5 @@
+module Account::MarkdownHelper
+  def markdown(string)
+    CommonMarker.render_html(string, :UNSAFE, [:table]).html_safe
+  end
+end

data/app/helpers/account/role_helper.rb

@@ -0,0 +1,5 @@
+module Account::RoleHelper
+  def role_options_for(object)
+    object.class.assignable_roles.map { |role| [role.id, t("#{object.class.to_s.pluralize.underscore}.fields.role_ids.options.#{role.key}.label")] }
+  end
+end

data/app/helpers/attributes_helper.rb

@@ -0,0 +1,32 @@
+module AttributesHelper
+  def current_attributes_object
+    @_attributes_helper_objects ? @_attributes_helper_objects.last : nil
+  end
+
+  def current_attributes_strategy
+    @_attributes_helper_strategies ? @_attributes_helper_strategies.last : nil
+  end
+
+  def with_attribute_settings(options)
+    @_attributes_helper_objects ||= []
+    @_attributes_helper_strategies ||= []
+
+    if options[:object]
+      @_attributes_helper_objects << options[:object]
+    end
+
+    if options[:strategy]
+      @_attributes_helper_strategies << options[:strategy]
+    end
+
+    yield
+
+    if options[:strategy]
+      @_attributes_helper_strategies.pop
+    end
+
+    if options[:object]
+      @_attributes_helper_objects.pop
+    end
+  end
+end

data/app/helpers/email_helper.rb

@@ -0,0 +1,7 @@
+module EmailHelper
+  def email_image_tag(image, **options)
+    image_underscore = image.tr("-", "_")
+    attachments.inline[image_underscore] = File.read(Rails.root.join("app/javascript/images/#{image}"))
+    image_tag attachments.inline[image_underscore].url, **options
+  end
+end

data/app/helpers/images_helper.rb

@@ -0,0 +1,7 @@
+module ImagesHelper
+  def image_width_for_height(filename, target_height)
+    source_width, source_height = FastImage.size("#{Rails.root}/app/javascript/images/#{filename}")
+    ratio = source_width.to_f / source_height.to_f
+    (target_height * ratio).to_i
+  end
+end

data/app/mailers/concerns/mailers/base.rb

@@ -0,0 +1,16 @@
+module Mailers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    default from: "#{I18n.t("application.name")} <#{I18n.t("application.support_email")}>"
+    layout "mailer"
+
+    helper :email
+    helper :application
+    helper :images
+    helper "account/teams"
+    helper "account/users"
+    helper "account/locale"
+    helper "fields/trix_editor"
+  end
+end

data/app/mailers/devise_mailer.rb

@@ -0,0 +1,10 @@
+class DeviseMailer < Devise::Mailer
+  def headers_for(action, opts)
+    headers = super(action, opts)
+    if resource.full_name.present?
+      headers[:to] = "\"#{resource.full_name}\" <#{resource.email}>"
+      @email = headers[:to]
+    end
+    headers
+  end
+end

data/app/mailers/user_mailer.rb

@@ -0,0 +1,24 @@
+class UserMailer < ApplicationMailer
+  def welcome(user)
+    @user = user
+    @cta_url = account_dashboard_url
+    @values = {
+      # are there any substitution values you want to include?
+    }
+    mail(to: @user.email, subject: I18n.t("user_mailer.welcome.subject", **@values))
+  end
+
+  # technically not a 'user' email, but they'll be a user soon.
+  # didn't seem worth creating an entirely new mailer for.
+  def invited(uuid)
+    @invitation = Invitation.find_by_uuid uuid
+    return if @invitation.nil?
+    @cta_url = accept_account_invitation_url(@invitation.uuid)
+    @values = {
+      # Just in case the inviting user has been removed from the team...
+      inviter_name: @invitation.from_membership&.user&.full_name || @invitation.from_membership.name,
+      team_name: @invitation.team.name,
+    }
+    mail(to: @invitation.email, subject: I18n.t("user_mailer.invited.subject", **@values))
+  end
+end

data/app/models/concerns/invitations/{core.rb → base.rb}

@@ -1,4 +1,4 @@
-module Invitations::Core
+module Invitations::Base
   extend ActiveSupport::Concern
 
   included do

data/app/models/concerns/memberships/{core.rb → base.rb}

@@ -1,4 +1,4 @@
-module Memberships::Core
+module Memberships::Base
   extend ActiveSupport::Concern
 
   included do

data/app/models/concerns/teams/{core.rb → base.rb}

@@ -1,4 +1,4 @@
-module Teams::Core
+module Teams::Base
   extend ActiveSupport::Concern
 
   included do

data/app/models/concerns/users/{core.rb → base.rb}

@@ -1,4 +1,4 @@
-module Users::Core
+module Users::Base
   extend ActiveSupport::Concern
 
   included do

data/app/views/account/two_factors/create.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/account/two_factors/destroy.js.erb

@@ -0,0 +1 @@
+$("#two-factor").html("<%= j render partial: "devise/registrations/two_factor"%>");

data/app/views/devise/confirmations/new.html.erb

@@ -0,0 +1,16 @@
+<h2><%= t('device.headers.resend_confirm') %></h2>
+
+<%= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <div class="field">
+    <%= f.label :email %><br />
+    <%= f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email) %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit t('devise.buttons.resend_confirm') %>
+  </div>
+<% end %>
+
+<%= render "devise/shared/links" %>

data/app/views/devise/mailer/confirmation_instructions.html.erb

@@ -0,0 +1,5 @@
+<p><%= t('.welcome', email: @email) %></p>
+
+<p><%= t('.description') %></p>
+
+<p><%= link_to t('.confirm_account'), confirmation_url(@resource, confirmation_token: @token) %></p>

data/app/views/devise/mailer/password_change.html.erb

@@ -0,0 +1,3 @@
+<p><%= t('.hello', email: @resource.email) %></p>
+
+<p><%= t('.description') %></p>

data/app/views/devise/mailer/reset_password_instructions.html.erb

@@ -0,0 +1,30 @@
+<p><%= t('.hello', email: @resource.first_name || @resource.email) %></p>
+
+<p><%= t('.requested_change') %></p>
+
+<!-- Action -->
+<table class="body-action" align="center" width="100%" cellpadding="0" cellspacing="0">
+  <tr>
+    <td align="center">
+      <!-- Border based button https://litmus.com/blog/a-guide-to-bulletproof-buttons-in-email-design -->
+      <table width="100%" border="0" cellspacing="0" cellpadding="0">
+        <tr>
+          <td align="center">
+            <table border="0" cellspacing="0" cellpadding="0">
+              <tr>
+                <td>
+                  <%= link_to t('.change_password'), edit_password_url(@resource, reset_password_token: @token), class: 'button button--', target: '_blank' %>
+                </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+
+<p><%= t('.ignore') %></p>
+<p><%= t('.access_change') %></p>
+
+<%= t('user_mailer.signature.html', support_email: t('application.support_email')) %>

data/app/views/devise/mailer/unlock_instructions.html.erb

@@ -0,0 +1,7 @@
+<p><% t('.hello', email: @resource.email) %></p>
+
+<p><%= t('.account_blocked') %></p>
+
+<p><%= t('.click_link') %></p>
+
+<p><%= link_to t('.unlock'), unlock_url(@resource, unlock_token: @token) %></p>