bullet_train 1.0.5 → 1.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 633b451afdfeee512883e8536928cc2dd247f15139d59e7bfd24cc4d637b735d
-  data.tar.gz: c2a59912f00000e2b72ae5193b6d5cd0ebcd34a736f01260f5abfa1a5c170c94
+  metadata.gz: e043af38dcb40348528dd6b925433147b3e58f0fd64d969c7396feebce04091a
+  data.tar.gz: 4546e61efd71d6b92c270e02a50ff33e558d6007d4cc761c925192d77562459f
 SHA512:
-  metadata.gz: 6cacd920c5c13800b167a1d1c3e9ae8fa6d6bc1cea28d1128f7404ce8bd9e0615957aad91b4cb7363bb10ac88823294511344bf9103febe2b0ed830508472cba
-  data.tar.gz: 1bc0e30c37ebd765df530a9d25b65a591736be8420949c68651569347280d7403d3889cdd59933384825c19d5727a25c7d16569a42e9baececfeb2970938b85a
+  metadata.gz: 4f448f5cacf14583c92761252adff72ee3c7b8474b291e1ccb3f4b7874acf341a329fc5ee96be8d948d7394739abd5508fa78a813b0d922daae5b82d791eafa0
+  data.tar.gz: b0865e4751fd3819475fea1bab30e30e503f21ad75d884e69db241af605a6178519ea3bb6b4c617a84b75c8f2888eb94ba377ee762c6218a1a21830617323c5e

data/app/controllers/account/two_factors_controller.rb

@@ -0,0 +1,18 @@
+class Account::TwoFactorsController < Account::ApplicationController
+  before_action :authenticate_user!
+
+  def create
+    @backup_codes = current_user.generate_otp_backup_codes!
+    @user = current_user
+
+    current_user.update(
+      otp_secret: User.generate_otp_secret,
+      otp_required_for_login: true
+    )
+  end
+
+  def destroy
+    @user = current_user
+    current_user.update(otp_required_for_login: false)
+  end
+end

data/app/controllers/concerns/account/controllers/base.rb

@@ -0,0 +1,118 @@
+module Account::Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    include LoadsAndAuthorizesResource
+    include Fields::ControllerSupport
+
+    before_action :set_last_seen_at, if: proc {
+      user_signed_in? && (current_user.last_seen_at.nil? || current_user.last_seen_at < 1.minute.ago)
+    }
+
+    layout "account"
+
+    before_action :authenticate_user!
+    before_action :set_paper_trail_whodunnit
+    before_action :ensure_onboarding_is_complete_and_set_next_step
+  end
+
+  class_methods do
+    # this is a template method called by LoadsAndAuthorizesResource.
+    # it allows that module to understand what namespaces of a controller
+    # are organizing the controllers, and which are organizing the models.
+    def regex_to_remove_controller_namespace
+      /^Account::/
+    end
+  end
+
+  def adding_user_email?
+    is_a?(Account::Onboarding::UserEmailController)
+  end
+
+  def adding_user_details?
+    is_a?(Account::Onboarding::UserDetailsController)
+  end
+
+  def adding_team?
+    return true if request.get? && request.path == new_account_team_path
+    return true if request.post? && request.path == account_teams_path
+    false
+  end
+
+  def switching_teams?
+    return true if request.get? && request.path == account_teams_path
+    false
+  end
+
+  def managing_account?
+    is_a?(Account::UsersController) || self.class.module_parents.include?(Oauth)
+  end
+
+  def accepting_invitation?
+    (params[:controller] == "account/invitations") && (params[:action] == "show" || params[:action] == "accept")
+  end
+
+  def ensure_onboarding_is_complete_and_set_next_step
+    unless ensure_onboarding_is_complete
+      session[:after_onboarding_url] ||= request.url
+    end
+  end
+
+  def ensure_onboarding_is_complete
+    # This is temporary, but if we've gotten this far and `@team` is loaded, we need to ensure current_team is
+    # updated for the checks below. This entire concept of `current_team` is going away soon.
+    current_user.update(current_team: @team) if @team&.persisted?
+
+    # since the onboarding controllers are child classes of this class,
+    # we actually have to check to make sure we're not currently on that
+    # step otherwise we'll end up in an endless redirection loop.
+    if current_user.email_is_oauth_placeholder?
+      if adding_user_email?
+        return true
+      else
+        redirect_to edit_account_onboarding_user_email_path(current_user)
+        return false
+      end
+    end
+
+    # some team-related onboarding steps need to be skipped if we're in the process
+    # of creating a new team.
+    unless adding_team? || accepting_invitation?
+
+      # USER ONBOARDING STUFF
+      # first we make sure the user is properly onboarded.
+      unless current_team.present?
+
+        # don't force the user to create a team if they've already got one.
+        if current_user.teams.any?
+          current_user.update(current_team: current_user.teams.first)
+        else
+          redirect_to new_account_team_path
+          return false
+        end
+      end
+
+      # TEAM ONBOARDING STUFF.
+      # then make sure the team is properly onboarded.
+
+      # since the onboarding controllers are child classes of this class,
+      # we actually have to check to make sure we're not currently on that
+      # step otherwise we'll end up in an endless redirection loop.
+      unless current_user.details_provided?
+        if adding_user_details?
+          return true
+        else
+          redirect_to edit_account_onboarding_user_detail_path(current_user)
+          return false
+        end
+      end
+
+    end
+
+    true
+  end
+
+  def set_last_seen_at
+    current_user.update_attribute(:last_seen_at, Time.current)
+  end
+end

data/app/controllers/concerns/account/users/controller_base.rb

@@ -1,7 +1,7 @@
 module Account::Users::ControllerBase
   extend ActiveSupport::Concern
 
-  include do
+  included do
     load_and_authorize_resource
 
     before_action do

data/app/controllers/concerns/controllers/base.rb

@@ -0,0 +1,119 @@
+module Controllers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    # these are common for authentication workflows.
+    include InvitationOnlyHelper
+    include InvitationsHelper
+
+    include DeviseCurrentAttributes
+
+    around_action :set_locale
+    layout :layout_by_resource
+
+    before_action { @updating = request.headers["X-Cable-Ready"] == "update" }
+
+    # TODO Extract this into an optional `bullet_train-sentry` package.
+    before_action :set_sentry_context
+
+    skip_before_action :verify_authenticity_token, if: -> { controller_name == "sessions" && action_name == "create" }
+
+    rescue_from CanCan::AccessDenied do |exception|
+      if current_user.nil?
+        respond_to do |format|
+          format.html do
+            session["user_return_to"] = request.path
+            redirect_to [:new, :user, :session], alert: exception.message
+          end
+        end
+      elsif current_user.teams.none?
+        respond_to do |format|
+          format.html { redirect_to [:new, :account, :team], alert: exception.message }
+        end
+      else
+        respond_to do |format|
+          # TODO we do this for now because it ensures `current_team` doesn't remain set in an invalid state.
+          format.html { redirect_to [:account, current_user.teams.first], alert: exception.message }
+        end
+      end
+    end
+  end
+
+  # this is an ugly hack, but it's what is recommended at
+  # https://github.com/plataformatec/devise/wiki/How-To:-Create-custom-layouts
+  def layout_by_resource
+    if devise_controller?
+      "devise"
+    else
+      "public"
+    end
+  end
+
+  def after_sign_in_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def after_sign_up_path_for(resource_or_scope)
+    resource = resource_or_scope.class.name.downcase
+    stored_location_for(resource) || account_dashboard_path
+  end
+
+  def current_team
+    helpers.current_team
+  end
+
+  def current_membership
+    helpers.current_membership
+  end
+
+  def current_locale
+    helpers.current_locale
+  end
+
+  def enforce_invitation_only
+    if invitation_only?
+      unless helpers.invited?
+        redirect_to [:account, :teams], notice: t("teams.notifications.invitation_only")
+      end
+    end
+  end
+
+  def set_locale
+    I18n.locale = [
+      current_user&.locale,
+      current_user&.current_team&.locale,
+      http_accept_language.compatible_language_from(I18n.available_locales),
+      I18n.default_locale.to_s
+    ].compact.find { |potential_locale| I18n.available_locales.include?(potential_locale.to_sym) }
+    yield
+    I18n.locale = I18n.default_locale
+  end
+
+  # Whitelist the account namespace and prevent JavaScript
+  # embedding when passing paths as parameters in links.
+  def only_allow_path(path)
+    return if path.nil?
+    account_namespace_regexp = /^\/account\/*+/
+    scheme = URI.parse(path).scheme
+    return nil unless path.match?(account_namespace_regexp) && scheme != "javascript"
+    path
+  end
+
+  # TODO Extract this into an optional `bullet_train-sentry` package.
+  def set_sentry_context
+    return unless ENV["SENTRY_DSN"]
+
+    Sentry.configure_scope do |scope|
+      scope.set_user(id: current_user.id, email: current_user.email) if current_user
+
+      scope.set_context(
+        "request",
+        {
+          url: request.url,
+          params: params.to_unsafe_h
+        }
+      )
+    end
+  end
+end

data/app/controllers/concerns/devise_current_attributes.rb

@@ -0,0 +1,13 @@
+module DeviseCurrentAttributes
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :set_current_user
+  end
+
+  def set_current_user
+    if current_user
+      Current.user = current_user
+    end
+  end
+end

data/app/controllers/concerns/registrations/controller_base.rb

@@ -0,0 +1,39 @@
+module Registrations::ControllerBase
+  extend ActiveSupport::Concern
+
+  included do
+    def new
+      if invitation_only?
+        unless session[:invitation_uuid] || session[:invitation_key]
+          return redirect_to root_path
+        end
+      end
+
+      # do all the regular devise stuff.
+      super
+    end
+
+    def create
+      # do all the regular devise stuff first.
+      super
+
+      # if current_user is defined, that means they were successful registering.
+      if current_user
+
+        # TODO i think this might be redundant. we've added a hook into `session["user_return_to"]` in the
+        # `invitations#accept` action and that might be enough to get them where they're supposed to be after
+        # either creating a new account or signing into an existing account.
+        handle_outstanding_invitation
+
+        # if the user doesn't have a team at this point, create one.
+        unless current_user.teams.any?
+          current_user.create_default_team
+        end
+
+        # send the welcome email.
+        current_user.send_welcome_email unless current_user.email_is_oauth_placeholder?
+
+      end
+    end
+  end
+end

data/app/controllers/concerns/sessions/controller_base.rb

@@ -0,0 +1,15 @@
+module Sessions::ControllerBase
+  extend ActiveSupport::Concern
+
+  included do
+    def pre_otp
+      if (@email = params["user"]["email"].downcase.strip.presence)
+        @user = User.find_by(email: @email)
+      end
+
+      respond_to do |format|
+        format.js
+      end
+    end
+  end
+end

data/app/controllers/registrations_controller.rb

@@ -0,0 +1,9 @@
+# i really, really wanted this controller in a namespace, but devise doesn't
+# appear to support it. instead, i got the following error:
+#
+#   'Authentication::RegistrationsController' is not a supported controller name.
+#   This can lead to potential routing problems.
+
+class RegistrationsController < Devise::RegistrationsController
+  include Registrations::ControllerBase
+end

data/app/controllers/sessions_controller.rb

@@ -0,0 +1,3 @@
+class SessionsController < Devise::SessionsController
+  include Sessions::ControllerBase
+end

data/app/helpers/account/buttons_helper.rb

@@ -0,0 +1,12 @@
+module Account::ButtonsHelper
+  def first_button_primary(context = nil)
+    @global ||= {}
+
+    if !@global[context]
+      @global[context] = true
+      "button"
+    else
+      "button-secondary"
+    end
+  end
+end

data/app/helpers/account/dates_helper.rb

@@ -0,0 +1,38 @@
+module Account::DatesHelper
+  # e.g. October 11, 2018
+  def display_date(timestamp)
+    return nil unless timestamp
+    if local_time(timestamp).year == local_time(Time.now).year
+      local_time(timestamp).strftime("%B %-d")
+    else
+      local_time(timestamp).strftime("%B %-d, %Y")
+    end
+  end
+
+  # e.g. October 11, 2018 at 4:22 PM
+  # e.g. Yesterday at 2:12 PM
+  # e.g. April 24 at 7:39 AM
+  def display_date_and_time(timestamp)
+    return nil unless timestamp
+
+    # today?
+    if local_time(timestamp).to_date == local_time(Time.now).to_date
+      "Today at #{display_time(timestamp)}"
+    # yesterday?
+    elsif (local_time(timestamp).to_date) == (local_time(Time.now).to_date - 1.day)
+      "Yesterday at #{display_time(timestamp)}"
+    else
+      "#{display_date(timestamp)} at #{display_time(timestamp)}"
+    end
+  end
+
+  # e.g. 4:22 PM
+  def display_time(timestamp)
+    local_time(timestamp).strftime("%l:%M %p")
+  end
+
+  def local_time(time)
+    return time if current_user.time_zone.nil?
+    time.in_time_zone(current_user.time_zone)
+  end
+end

data/app/helpers/account/forms_helper.rb

@@ -0,0 +1,67 @@
+module Account::FormsHelper
+  PRESENCE_VALIDATORS = [ActiveRecord::Validations::PresenceValidator, ActiveModel::Validations::PresenceValidator]
+
+  def presence_validated?(object, attribute)
+    validators = object.class.validators
+    validators.select! do |validator|
+      PRESENCE_VALIDATORS.include?(validator.class) && validator.attributes.include?(attribute)
+    end
+    validators.any?
+  end
+
+  def flush_content_for(name)
+    content_for name, flush: true do
+      ""
+    end
+  end
+
+  def options_with_labels(options, namespace)
+    hash = {}
+    options.each do |option|
+      hash[option] = t([namespace, option].join("."))
+    end
+    hash
+  end
+
+  def if_present(string)
+    string.present? ? string : nil
+  end
+
+  def id_for(form, method)
+    [form.object.class.name, form.index, method].compact.join("_").underscore
+  end
+
+  def model_key(form)
+    form.object.class.name.pluralize.underscore
+  end
+
+  def labels_for(form, method)
+    keys = [:placeholder, :label, :help, :options_help]
+    path = [model_key(form), (current_fields_namespace || :fields), method].compact
+    Struct.new(*keys).new(*keys.map { |key| t((path + [key]).join("."), default: "").presence })
+  end
+
+  def options_for(form, method)
+    # e.g. "scaffolding/completely_concrete/tangible_things.fields.text_area_value.options"
+    path = [model_key(form), (current_fields_namespace || :fields), method, :options]
+    t(path.compact.join("."))
+  end
+
+  def legacy_label_for(form, method)
+    # e.g. 'scaffolding/things.labels.name'
+    key = "#{model_key(form)}.labels.#{method}"
+    #  e.g. 'scaffolding/things.labels.name' or 'scaffolding.things.labels.name' or nil
+    t(key, default: "").presence || t(key.tr("/", "."), default: "").presence
+  end
+
+  def within_fields_namespace(namespace)
+    @fields_namespaces ||= []
+    @fields_namespaces << namespace
+    yield
+    @fields_namespaces.pop
+  end
+
+  def current_fields_namespace
+    @fields_namespaces&.last
+  end
+end

data/app/helpers/account/locale_helper.rb

@@ -0,0 +1,51 @@
+module Account::LocaleHelper
+  def current_locale
+    current_user.locale || current_team.locale || "en"
+  end
+
+  # as of now, we only calculate a possessive version of nouns in english.
+  # if you're aware of another language where we can do this, please don't hesitate to reach out!
+  def possessive_string(string)
+    [:en].include?(I18n.locale) ? string.possessive : string
+  end
+
+  def model_locales(model)
+    name = model.label_string.presence
+    return {} unless name
+
+    hash = {}
+    prefix = model.class.name.split("::").last.underscore
+    hash[:"#{prefix}_name"] = name
+    hash[:"#{prefix.pluralize}_possessive"] = possessive_string(name)
+
+    hash
+  end
+
+  def models_locales(*models)
+    hash = {}
+    models.compact.each do |model|
+      hash.merge! model_locales(model)
+    end
+    hash
+  end
+
+  # this is a bit scary, no?
+  def account_controller?
+    controller.class.name.match(/^Account::/)
+  end
+
+  def t(key, options = {})
+    if account_controller?
+      # give preference to the options they've passed in.
+      options = models_locales(@child_object, @parent_object).merge(options)
+    end
+    super(key, options)
+  end
+
+  # like 't', but if the key isn't found, it returns nil.
+  def ot(key, options = {})
+    t(key, options)
+  rescue I18n::MissingTranslationData => _
+    nil
+  end
+end

data/app/helpers/account/markdown_helper.rb

@@ -0,0 +1,5 @@
+module Account::MarkdownHelper
+  def markdown(string)
+    CommonMarker.render_html(string, :UNSAFE, [:table]).html_safe
+  end
+end

data/app/helpers/account/role_helper.rb

@@ -0,0 +1,5 @@
+module Account::RoleHelper
+  def role_options_for(object)
+    object.class.assignable_roles.map { |role| [role.id, t("#{object.class.to_s.pluralize.underscore}.fields.role_ids.options.#{role.key}.label")] }
+  end
+end

data/app/helpers/attributes_helper.rb

@@ -0,0 +1,32 @@
+module AttributesHelper
+  def current_attributes_object
+    @_attributes_helper_objects ? @_attributes_helper_objects.last : nil
+  end
+
+  def current_attributes_strategy
+    @_attributes_helper_strategies ? @_attributes_helper_strategies.last : nil
+  end
+
+  def with_attribute_settings(options)
+    @_attributes_helper_objects ||= []
+    @_attributes_helper_strategies ||= []
+
+    if options[:object]
+      @_attributes_helper_objects << options[:object]
+    end
+
+    if options[:strategy]
+      @_attributes_helper_strategies << options[:strategy]
+    end
+
+    yield
+
+    if options[:strategy]
+      @_attributes_helper_strategies.pop
+    end
+
+    if options[:object]
+      @_attributes_helper_objects.pop
+    end
+  end
+end

data/app/helpers/email_helper.rb

@@ -0,0 +1,7 @@
+module EmailHelper
+  def email_image_tag(image, **options)
+    image_underscore = image.tr("-", "_")
+    attachments.inline[image_underscore] = File.read(Rails.root.join("app/javascript/images/#{image}"))
+    image_tag attachments.inline[image_underscore].url, **options
+  end
+end

data/app/helpers/images_helper.rb

@@ -0,0 +1,7 @@
+module ImagesHelper
+  def image_width_for_height(filename, target_height)
+    source_width, source_height = FastImage.size("#{Rails.root}/app/javascript/images/#{filename}")
+    ratio = source_width.to_f / source_height.to_f
+    (target_height * ratio).to_i
+  end
+end

data/app/mailers/concerns/mailers/base.rb

@@ -0,0 +1,16 @@
+module Mailers::Base
+  extend ActiveSupport::Concern
+
+  included do
+    default from: "#{I18n.t("application.name")} <#{I18n.t("application.support_email")}>"
+    layout "mailer"
+
+    helper :email
+    helper :application
+    helper :images
+    helper "account/teams"
+    helper "account/users"
+    helper "account/locale"
+    helper "fields/trix_editor"
+  end
+end

data/app/mailers/devise_mailer.rb

@@ -0,0 +1,10 @@
+class DeviseMailer < Devise::Mailer
+  def headers_for(action, opts)
+    headers = super(action, opts)
+    if resource.full_name.present?
+      headers[:to] = "\"#{resource.full_name}\" <#{resource.email}>"
+      @email = headers[:to]
+    end
+    headers
+  end
+end

data/app/mailers/user_mailer.rb

@@ -0,0 +1,24 @@
+class UserMailer < ApplicationMailer
+  def welcome(user)
+    @user = user
+    @cta_url = account_dashboard_url
+    @values = {
+      # are there any substitution values you want to include?
+    }
+    mail(to: @user.email, subject: I18n.t("user_mailer.welcome.subject", **@values))
+  end
+
+  # technically not a 'user' email, but they'll be a user soon.
+  # didn't seem worth creating an entirely new mailer for.
+  def invited(uuid)
+    @invitation = Invitation.find_by_uuid uuid
+    return if @invitation.nil?
+    @cta_url = accept_account_invitation_url(@invitation.uuid)
+    @values = {
+      # Just in case the inviting user has been removed from the team...
+      inviter_name: @invitation.from_membership&.user&.full_name || @invitation.from_membership.name,
+      team_name: @invitation.team.name,
+    }
+    mail(to: @invitation.email, subject: I18n.t("user_mailer.invited.subject", **@values))
+  end
+end