RubyGems - decidim-core - Versions diffs - 0.25.0 → 0.26.0.rc2 - Mend

decidim-core 0.25.0 → 0.26.0.rc2

Potentially problematic release.

This version of decidim-core might be problematic. Click here for more details.

Files changed (165) hide show

checksums.yaml +4 -4
data/app/cells/decidim/activity_cell.rb +2 -1
data/app/cells/decidim/author/flag_user.erb +1 -1
data/app/cells/decidim/author/profile_inline.erb +1 -1
data/app/cells/decidim/author/withdraw.erb +2 -2
data/app/cells/decidim/author_cell.rb +32 -0
data/app/cells/decidim/card_m_cell.rb +1 -1
data/app/cells/decidim/content_blocks/cta_cell.rb +1 -1
data/app/cells/decidim/content_blocks/hero_cell.rb +1 -1
data/app/cells/decidim/content_blocks/highlighted_content_banner/show.erb +1 -1
data/app/cells/decidim/content_blocks/how_to_participate/show.erb +1 -1
data/app/cells/decidim/content_blocks/last_activity_cell.rb +1 -1
data/app/cells/decidim/content_blocks/stats_cell.rb +12 -0
data/app/cells/decidim/endorsers_list_cell.rb +3 -1
data/app/cells/decidim/flag_modal/flag_user.erb +2 -2
data/app/cells/decidim/flag_modal/show.erb +2 -2
data/app/cells/decidim/flag_modal_cell.rb +10 -0
data/app/cells/decidim/following/show.erb +17 -8
data/app/cells/decidim/following_cell.rb +6 -2
data/app/cells/decidim/notification/show.erb +31 -0
data/app/cells/decidim/notification_cell.rb +20 -0
data/app/cells/decidim/notifications/show.erb +1 -24
data/app/cells/decidim/notifications_cell.rb +0 -1
data/app/cells/decidim/user_conversation/conversation_header.erb +1 -1
data/app/cells/decidim/user_conversation/show.erb +4 -2
data/app/cells/decidim/user_conversations/conversation_item.erb +1 -1
data/app/commands/decidim/create_editor_image.rb +41 -0
data/app/controllers/concerns/decidim/disable_redirection_to_external_host.rb +15 -0
data/app/controllers/concerns/decidim/safe_redirect.rb +14 -3
data/app/controllers/decidim/application_controller.rb +1 -0
data/app/controllers/decidim/cookie_policy_controller.rb +2 -0
data/app/controllers/decidim/editor_images_controller.rb +47 -0
data/app/controllers/decidim/user_activities_controller.rb +2 -1
data/app/forms/decidim/editor_image_form.rb +16 -0
data/app/helpers/decidim/amendments_helper.rb +1 -1
data/app/helpers/decidim/application_helper.rb +2 -2
data/app/helpers/decidim/messaging/conversation_helper.rb +32 -3
data/app/helpers/decidim/resource_versions_helper.rb +1 -1
data/app/helpers/decidim/sanitize_helper.rb +65 -0
data/app/models/decidim/editor_image.rb +14 -0
data/app/models/decidim/messaging/conversation.rb +9 -0
data/app/models/decidim/participatory_space_private_user.rb +16 -0
data/app/models/decidim/user.rb +3 -9
data/app/models/decidim/user_base_entity.rb +24 -13
data/app/models/decidim/user_group.rb +40 -0
data/app/packs/entrypoints/decidim_core.js +1 -0
data/app/packs/src/decidim/dialog_mode.js +143 -0
data/app/packs/src/decidim/dialog_mode.test.js +168 -0
data/app/packs/src/decidim/editor.js +56 -14
data/app/packs/src/decidim/form_attachments.js +5 -0
data/app/packs/src/decidim/geocoding/attach_input.js +11 -2
data/app/packs/src/decidim/index.js +4 -0
data/app/packs/src/decidim/input_emoji.js +10 -1
data/app/packs/src/decidim/vendor/image-resize.min.js +3 -0
data/app/packs/src/decidim/vendor/image-upload.min.js +8 -0
data/app/packs/stylesheets/decidim/extras/_extras.scss +0 -1
data/app/packs/stylesheets/decidim/extras/_quill.scss +7 -0
data/app/packs/stylesheets/decidim/modules/_buttons.scss +11 -4
data/app/packs/stylesheets/decidim/modules/_cards.scss +4 -0
data/app/packs/stylesheets/decidim/modules/_layout.scss +1 -1
data/app/packs/stylesheets/decidim/modules/_timeline.scss +1 -1
data/app/presenters/decidim/nil_presenter.rb +2 -2
data/app/presenters/decidim/notification_presenter.rb +25 -0
data/app/presenters/decidim/official_author_presenter.rb +1 -1
data/app/presenters/decidim/validation_errors_presenter.rb +27 -0
data/app/queries/decidim/similar_emendations.rb +1 -1
data/app/resolvers/decidim/core/metric_resolver.rb +1 -1
data/app/services/decidim/activity_search.rb +2 -2
data/app/services/decidim/email_notification_generator.rb +4 -1
data/app/services/decidim/html_truncation.rb +130 -0
data/app/services/decidim/open_data_exporter.rb +29 -5
data/app/services/decidim/resource_search.rb +1 -1
data/app/uploaders/decidim/editor_image_uploader.rb +6 -0
data/app/validators/password_validator.rb +123 -0
data/app/views/decidim/account/_password_fields.html.erb +1 -1
data/app/views/decidim/devise/passwords/edit.html.erb +1 -1
data/app/views/decidim/devise/registrations/new.html.erb +1 -1
data/app/views/decidim/devise/shared/_omniauth_buttons_mini.html.erb +6 -4
data/app/views/decidim/messaging/conversations/_conversation.html.erb +9 -3
data/app/views/decidim/messaging/conversations/_messages.html.erb +8 -2
data/app/views/decidim/messaging/conversations/_show.html.erb +10 -12
data/app/views/decidim/messaging/conversations/show.html.erb +4 -2
data/app/views/decidim/newsletters/show.html.erb +1 -1
data/app/views/decidim/notification_mailer/event_received.html.erb +17 -0
data/app/views/decidim/pages/_tabbed.html.erb +1 -1
data/app/views/decidim/searches/_filters_small_view.html.erb +3 -3
data/app/views/decidim/shared/_login_modal.html.erb +5 -5
data/app/views/decidim/shared/_orders.html.erb +1 -1
data/app/views/decidim/shared/_results_per_page.html.erb +1 -1
data/app/views/decidim/shared/participatory_space_filters/_filters_small_view.html.erb +3 -3
data/app/views/layouts/decidim/_application.html.erb +1 -12
data/app/views/layouts/decidim/_head.html.erb +4 -0
data/app/views/layouts/decidim/_language_chooser.html.erb +1 -1
data/app/views/layouts/decidim/_meta_tags_config.html.erb +11 -0
data/app/views/layouts/decidim/_wrapper.html.erb +1 -1
data/config/brakeman.ignore +149 -0
data/config/initializers/devise.rb +1 -1
data/config/initializers/rack_attack.rb +23 -21
data/config/locales/ar.yml +8 -0
data/config/locales/ca.yml +43 -0
data/config/locales/cs.yml +61 -0
data/config/locales/en.yml +47 -0
data/config/locales/es-MX.yml +42 -0
data/config/locales/es-PY.yml +42 -0
data/config/locales/es.yml +42 -0
data/config/locales/eu.yml +27 -12
data/config/locales/fi-plain.yml +42 -0
data/config/locales/fi.yml +42 -0
data/config/locales/fr-CA.yml +43 -0
data/config/locales/fr.yml +75 -28
data/config/locales/gl.yml +6 -0
data/config/locales/it.yml +11 -0
data/config/locales/ja.yml +85 -49
data/config/locales/lb-LU.yml +1354 -0
data/config/locales/lb.yml +1 -1
data/config/locales/nl.yml +51 -0
data/config/locales/pl.yml +5 -5
data/config/locales/pt-BR.yml +1 -1
data/config/locales/ro-RO.yml +275 -252
data/config/locales/sv.yml +45 -2
data/config/locales/val-ES.yml +1 -0
data/config/routes.rb +2 -0
data/db/migrate/20210730112319_create_decidim_editor_images.rb +12 -0
data/db/migrate/20211126183540_add_timestamps_to_content_blocks.rb +14 -0
data/db/seeds.rb +16 -14
data/lib/decidim/api/functions/user_entity_finder.rb +2 -1
data/lib/decidim/api/functions/user_entity_list.rb +3 -1
data/lib/decidim/api/input_sorts/component_input_sort.rb +1 -1
data/lib/decidim/common_passwords.rb +56 -0
data/lib/decidim/content_parsers/inline_images_parser.rb +68 -0
data/lib/decidim/content_parsers.rb +1 -0
data/lib/decidim/content_renderers/link_renderer.rb +85 -1
data/lib/decidim/content_renderers/user_group_renderer.rb +1 -1
data/lib/decidim/content_renderers/user_renderer.rb +1 -1
data/lib/decidim/core/engine.rb +7 -12
data/lib/decidim/core/test/factories.rb +7 -1
data/lib/decidim/core/test/shared_examples/translated_event_examples.rb +131 -0
data/lib/decidim/core/test.rb +1 -0
data/lib/decidim/core/version.rb +1 -1
data/lib/decidim/core.rb +33 -5
data/lib/decidim/db/common-passwords.txt +128420 -0
data/lib/decidim/etherpad/pad.rb +48 -0
data/lib/decidim/etherpad.rb +7 -0
data/lib/decidim/events/base_event.rb +18 -0
data/lib/decidim/events/machine_translated_event.rb +36 -0
data/lib/decidim/events/user_group_event.rb +1 -3
data/lib/decidim/events.rb +1 -0
data/lib/decidim/exporters/csv.rb +7 -7
data/lib/decidim/faker/localized.rb +15 -6
data/lib/decidim/form_builder.rb +14 -4
data/lib/decidim/has_attachments.rb +11 -4
data/lib/decidim/has_component.rb +4 -0
data/lib/decidim/importers/import_manifest.rb +103 -3
data/lib/decidim/organization_settings.rb +1 -1
data/lib/decidim/paddable.rb +1 -9
data/lib/decidim/participable.rb +5 -0
data/lib/decidim/resourceable.rb +2 -9
data/lib/decidim/searchable.rb +2 -2
data/lib/decidim/settings_manifest.rb +2 -0
data/lib/decidim/translatable_attributes.rb +6 -6
data/lib/decidim/view_model.rb +10 -0
data/lib/tasks/decidim_active_storage_migration_tasks.rake +68 -0
data/lib/tasks/decidim_webpacker_tasks.rake +4 -10
metadata +70 -78
data/app/packs/stylesheets/decidim/extras/_social_icons_mini.scss +0 -11

data/lib/decidim/core/test/shared_examples/translated_event_examples.rb ADDED Viewed

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+shared_examples_for "a translated event" do
+  context "when it is not machine machine translated" do
+    let(:organization) { create(:organization, enable_machine_translations: false, machine_translation_display_priority: "original") }
+    it "does not perform translation" do
+      expect(subject.perform_translation?).to eq(false)
+    end
+    it "does not have a missing translation" do
+      expect(subject.translation_missing?).to eq(false)
+    end
+    it "does have content available in multiple languages" do
+      expect(subject.content_in_same_language?).to eq(false)
+    end
+    it "does return the original language" do
+      expect(subject.safe_resource_text).to eq(en_version)
+    end
+    it "does not offer an alternate translation" do
+      expect(subject.safe_resource_translated_text).to eq(en_version)
+    end
+  end
+  context "when is machine machine translated" do
+    let(:user) { create :user, organization: organization, locale: "ca" }
+    around do |example|
+      I18n.with_locale(user.locale) { example.run }
+    end
+    context "when priority is original" do
+      let(:organization) { create(:organization, enable_machine_translations: true, machine_translation_display_priority: "original") }
+      it "does perform translation" do
+        expect(subject.perform_translation?).to eq(translatable)
+      end
+      it "does not have a missing translation" do
+        expect(subject.translation_missing?).to eq(false)
+      end
+      it "does have content available in multiple languages" do
+        expect(subject.content_in_same_language?).to eq(false)
+      end
+      it "does return the original language" do
+        expect(subject.safe_resource_text).to eq(en_version)
+      end
+      it "does not offer an alternate translation" do
+        expect(subject.safe_resource_translated_text).to eq(machine_translated)
+      end
+      context "when translation is not available" do
+        let(:body) { { "en": en_body } }
+        it "does perform translation" do
+          expect(subject.perform_translation?).to eq(translatable)
+        end
+        it "does have a missing translation" do
+          expect(subject.translation_missing?).to eq(translatable)
+        end
+        it "does have content available in multiple languages" do
+          expect(subject.content_in_same_language?).to eq(false)
+        end
+        it "does return the original language" do
+          expect(subject.safe_resource_text).to eq(en_version)
+        end
+        it "does not offer an alternate translation" do
+          expect(subject.safe_resource_translated_text).to eq(en_version)
+        end
+      end
+    end
+    context "when priority is translation" do
+      let(:organization) { create(:organization, enable_machine_translations: true, machine_translation_display_priority: "translation") }
+      it "does perform translation" do
+        expect(subject.perform_translation?).to eq(translatable)
+      end
+      it "does not have a missing translation" do
+        expect(subject.translation_missing?).to eq(false)
+      end
+      it "does have content available in multiple languages" do
+        expect(subject.content_in_same_language?).to eq(false)
+      end
+      it "does return the original language" do
+        expect(subject.safe_resource_text).to eq(en_version)
+      end
+      it "does not offer an alternate translation" do
+        expect(subject.safe_resource_translated_text).to eq(machine_translated)
+      end
+      context "when translation is not available" do
+        let(:body) { { "en": en_body } }
+        it "does perform translation" do
+          expect(subject.perform_translation?).to eq(translatable)
+        end
+        it "does have a missing translation" do
+          expect(subject.translation_missing?).to eq(translatable)
+        end
+        it "does have content available in multiple languages" do
+          expect(subject.content_in_same_language?).to eq(false)
+        end
+        it "does return the original language" do
+          expect(subject.safe_resource_text).to eq(en_version)
+        end
+        it "does not offer an alternate translation" do
+          expect(subject.safe_resource_translated_text).to eq(en_version)
+        end
+      end
+    end
+  end
+end

data/lib/decidim/core/test.rb CHANGED Viewed

@@ -68,3 +68,4 @@ require "decidim/core/test/shared_examples/controller_render_views"
 require "decidim/core/test/shared_examples/share_link_examples"
 require "decidim/core/test/shared_examples/categories_container_examples"
 require "decidim/core/test/shared_examples/assembly_announcements_examples"
+require "decidim/core/test/shared_examples/translated_event_examples"

data/lib/decidim/core/version.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module Decidim
   # This holds the decidim-core version.
   module Core
     def self.version
-      "0.25.0"
+      "0.26.0.rc2"
     end
   end
 end

data/lib/decidim/core.rb CHANGED Viewed

@@ -77,6 +77,7 @@ module Decidim
   autoload :Amendable, "decidim/amendable"
   autoload :Gamification, "decidim/gamification"
   autoload :Hashtag, "decidim/hashtag"
+  autoload :Etherpad, "decidim/etherpad"
   autoload :Paddable, "decidim/paddable"
   autoload :OpenDataExporter, "decidim/open_data_exporter"
   autoload :IoEncoder, "decidim/io_encoder"
@@ -95,6 +96,7 @@ module Decidim
   autoload :RecordEncryptor, "decidim/record_encryptor"
   autoload :AttachmentAttributes, "decidim/attachment_attributes"
   autoload :CarrierWaveMigratorService, "decidim/carrier_wave_migrator_service"
+  autoload :CommonPasswords, "decidim/common_passwords"
   include ActiveSupport::Configurable
   # Loads seeds from all engines.
@@ -145,9 +147,9 @@ module Decidim
   # the mails.
   config_accessor :mailer_sender
-  # Whether SSL should be enabled or not.
+  # Whether SSL should be forced or not.
   config_accessor :force_ssl do
-    true
+    Rails.env.starts_with?("production") || Rails.env.starts_with?("staging")
   end
   # Having this on true will change the way the svg assets are being served.
@@ -165,6 +167,13 @@ module Decidim
     :en
   end
+  # Disable the redirection to the external host when performing redirect back
+  # For more details https://github.com/rails/rails/issues/39643
+  # Additional context: This has been revealed as an issue during a security audit on Future of Europe installation
+  config_accessor :allow_open_redirects do
+    false
+  end
   # Exposes a configuration option: an array of symbols representing processors
   # that will be automatically executed when a content is parsed or rendered.
   #
@@ -267,7 +276,7 @@ module Decidim
   # Time window were users can access the website even if their email is not confirmed.
   config_accessor :unconfirmed_access_for do
-    2.days
+    0.days
   end
   # Allow machine translations
@@ -377,6 +386,18 @@ module Decidim
     "decidim-cc"
   end
+  # Blacklisted passwords. Array may contain strings and regex entries.
+  config_accessor :password_blacklist do
+    []
+  end
+  # This is an internal key that allow us to properly configure the caching key separator. This is useful for redis cache store
+  # as it creates some namespaces within the cached data.
+  # use `config.cache_key_separator = ":"` in your initializer to have namespaced data
+  config_accessor :cache_key_separator do
+    "/"
+  end
   # Public: Registers a global engine. This method is intended to be used
   # by component engines that also offer unscoped functionality
   #
@@ -586,8 +607,11 @@ module Decidim
   end
   # Defines the time after which the machine translation job should be enabled.
-  # In some cases, it is required to have a delay, otherwise the ttanslation job will be discarded:
-  #  Discarded Decidim::MachineTranslationResourceJob due to a ActiveJob::DeserializationError.
+  # In some cases, like when Workers is processing faster than ActiveRecord can commit to Database,
+  # it is required to have a delay, to prevent any discarding with
+  # Decidim::MachineTranslationResourceJob due to a ActiveJob::DeserializationError.
+  # In some Decidim Installations, ActiveJob can be configured to discard jobs failing with
+  # ActiveJob::DeserializationError
   config_accessor :machine_translation_delay do
     0.seconds
   end
@@ -597,4 +621,8 @@ module Decidim
     Decidim.machine_translation_service.to_s.safe_constantize
   end
+  def self.register_assets_path(path)
+    Rails.autoloaders.main.ignore(path) if Rails.configuration.autoloader == :zeitwerk
+  end
 end