fat_free_crm 0.18.2 → 0.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: be99b1f95338b9b103c9f07cb7f81420fe6fda84a3dcd1bf98670041b20fbbae
-  data.tar.gz: 33f81c08dc06d2f2b620f653b766a15068698f01e5a11c7e2832d453680512fc
+  metadata.gz: c70ae137e3796004c207daf7a71731df62247a1e7c1ce014031bd9c7d2112efa
+  data.tar.gz: be5a75fe0f33b761b47b185265f770e69f85d1e31b7f3a68594772e425931feb
 SHA512:
-  metadata.gz: 3921b7cf87bd7fb29ab36baa164a2149f1ca2a3f2fe55f9408de79e292bd0987b5667fdcc39bb21b6aac7b5c3c94129c380068703d1b54112790b9c9c8af7562
-  data.tar.gz: 677116c75f3840e73bfcfa778836cdb2c6a205b4f087f9f81fa4a536ef329a9e92f584c01ae48b0b50dd1f8ca1cd5e7423d996370936afc2d2a3bdbdcee3b40e
+  metadata.gz: 8b6bdf7fdc54cbf917895c0ca6931d0206bb643c3250ab882002e731ca2f6845e25bdc23f7cf250c02a35c5eb2d735061384104640266617d60ed4d44a30f0a6
+  data.tar.gz: 307cb193b001c4e65f877bf50e5c9dd0bad7283b626877b7273c0ea984cbfbd996c868762fb74196ec56e7a1ab6bccbb46a8ee5e7f097e3c416ebad186dcf33a

data/.rubocop_todo.yml

@@ -1,23 +1,33 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2018-02-02 11:21:41 +0300 using RuboCop version 0.52.1.
+# on 2019-11-08 13:13:48 +1030 using RuboCop version 0.76.0.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 1
+# Offense count: 2
 # Configuration parameters: Include.
-# Include: **/Gemfile, **/gems.rb
+# Include: **/*.gemfile, **/Gemfile, **/gems.rb
 Bundler/DuplicatedGem:
   Exclude:
     - 'Gemfile'
 
-# Offense count: 1
+# Offense count: 88
 # Cop supports --auto-correct.
-Layout/EmptyLinesAroundArguments:
-  Exclude:
-    - 'lib/fat_free_crm/permissions.rb'
+# Configuration parameters: AllowMultipleStyles, EnforcedHashRocketStyle, EnforcedColonStyle, EnforcedLastArgumentHashStyle.
+# SupportedHashRocketStyles: key, separator, table
+# SupportedColonStyles: key, separator, table
+# SupportedLastArgumentHashStyles: always_inspect, always_ignore, ignore_implicit, ignore_explicit
+Layout/AlignHash:
+  Enabled: false
+
+# Offense count: 22
+# Cop supports --auto-correct.
+# Configuration parameters: EnforcedStyleAlignWith, AutoCorrect, Severity.
+# SupportedStylesAlignWith: keyword, variable, start_of_line
+Layout/EndAlignment:
+  Enabled: false
 
 # Offense count: 7
 # Cop supports --auto-correct.
@@ -28,7 +38,7 @@ Layout/SpaceInsideArrayLiteralBrackets:
   Exclude:
     - 'db/seeds/fields.rb'
 
-# Offense count: 20
+# Offense count: 21
 # Configuration parameters: AllowSafeAssignment.
 Lint/AssignmentInCondition:
   Enabled: false
@@ -38,24 +48,13 @@ Lint/BooleanSymbol:
   Exclude:
     - 'config/initializers/ransack.rb'
 
-# Offense count: 1
-Lint/Debugger:
-  Exclude:
-    - 'app/controllers/entities/opportunities_controller.rb'
-
 # Offense count: 1
 Lint/DuplicateMethods:
   Exclude:
     - 'lib/gravatar_image_tag.rb'
 
-# Offense count: 22
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyleAlignWith, AutoCorrect.
-# SupportedStylesAlignWith: keyword, variable, start_of_line
-Lint/EndAlignment:
-  Enabled: false
-
 # Offense count: 2
+# Configuration parameters: AllowComments.
 Lint/HandleExceptions:
   Exclude:
     - 'config/environments/test.rb'
@@ -67,12 +66,6 @@ Lint/ImplicitStringConcatenation:
     - 'db/migrate/20121221033947_fix_country_mapping.rb'
     - 'lib/tasks/ffcrm/update_data.rake'
 
-# Offense count: 4
-Lint/IneffectiveAccessModifier:
-  Exclude:
-    - 'db/migrate/20100928030620_remove_uuid.rb'
-    - 'lib/gravatar_image_tag.rb'
-
 # Offense count: 5
 Lint/RescueException:
   Exclude:
@@ -90,22 +83,12 @@ Lint/UriEscapeUnescape:
   Exclude:
     - 'lib/gravatar_image_tag.rb'
 
-# Offense count: 4
-# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods.
-Lint/UselessAccessModifier:
-  Exclude:
-    - 'app/models/fields/field.rb'
-    - 'app/models/users/user.rb'
-    - 'db/migrate/20100928030620_remove_uuid.rb'
-    - 'lib/gravatar_image_tag.rb'
-
-# Offense count: 3
+# Offense count: 2
 Lint/UselessAssignment:
   Exclude:
-    - 'app/helpers/application_helper.rb'
     - 'app/views/home/index.atom.builder'
 
-# Offense count: 131
+# Offense count: 133
 Metrics/AbcSize:
   Max: 57
 
@@ -117,23 +100,23 @@ Metrics/BlockNesting:
 # Offense count: 14
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 209
+  Max: 184
 
-# Offense count: 29
+# Offense count: 30
 Metrics/CyclomaticComplexity:
   Max: 14
 
-# Offense count: 102
-# Configuration parameters: CountComments.
+# Offense count: 100
+# Configuration parameters: CountComments, ExcludedMethods.
 Metrics/MethodLength:
-  Max: 38
+  Max: 36
 
 # Offense count: 2
 # Configuration parameters: CountComments.
 Metrics/ModuleLength:
-  Max: 382
+  Max: 373
 
-# Offense count: 27
+# Offense count: 26
 Metrics/PerceivedComplexity:
   Max: 15
 
@@ -153,14 +136,7 @@ Naming/AccessorMethodName:
     - 'spec/controllers/entities/opportunities_controller_spec.rb'
     - 'spec/support/macros.rb'
 
-# Offense count: 1
-# Configuration parameters: Blacklist.
-# Blacklist: END, (?-mix:EO[A-Z]{1})
-Naming/HeredocDelimiterNaming:
-  Exclude:
-    - 'app/controllers/passwords_controller.rb'
-
-# Offense count: 5
+# Offense count: 4
 # Configuration parameters: NamePrefix, NamePrefixBlacklist, NameWhitelist, MethodDefinitionMacros.
 # NamePrefix: is_, has_, have_
 # NamePrefixBlacklist: is_, has_, have_
@@ -170,37 +146,32 @@ Naming/PredicateName:
   Exclude:
     - 'spec/**/*'
     - 'app/inputs/date_time_input.rb'
-    - 'app/models/entities/opportunity.rb'
     - 'app/models/users/user.rb'
     - 'lib/fat_free_crm/fields.rb'
     - 'lib/fat_free_crm/mail_processor/base.rb'
 
-# Offense count: 12
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: snake_case, normalcase, non_integer
-Naming/VariableNumber:
-  Exclude:
-    - 'spec/controllers/home_controller_spec.rb'
-
 # Offense count: 2
 # Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect.
-Performance/HashEachMethods:
+# Configuration parameters: PreferredName.
+Naming/RescuedExceptionsVariableName:
   Exclude:
-    - 'app/controllers/entities/opportunities_controller.rb'
-    - 'lib/fat_free_crm/errors.rb'
+    - 'spec/support/assert_select.rb'
 
-# Offense count: 1
-# Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect.
-Performance/StartWith:
+# Offense count: 3
+# Configuration parameters: MinNameLength, AllowNamesEndingInNumbers, AllowedNames, ForbiddenNames.
+# AllowedNames: io, id, to, by, on, in, at, ip, db, os
+Naming/UncommunicativeMethodParamName:
   Exclude:
-    - 'app/helpers/versions_helper.rb'
+    - 'app/models/fields/field.rb'
+    - 'app/models/polymorphic/comment.rb'
+    - 'lib/missing_translation_detector.rb'
 
-# Offense count: 1
-Security/Eval:
+# Offense count: 12
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: snake_case, normalcase, non_integer
+Naming/VariableNumber:
   Exclude:
-    - 'lib/development_tasks/gem.rake'
+    - 'spec/controllers/home_controller_spec.rb'
 
 # Offense count: 1
 Security/MarshalLoad:
@@ -234,29 +205,28 @@ Style/ClassVars:
     - 'lib/fat_free_crm/tabs.rb'
     - 'lib/fat_free_crm/view_factory.rb'
 
-# Offense count: 2
+# Offense count: 1
 Style/CommentedKeyword:
   Exclude:
-    - 'app/models/users/authentication.rb'
     - 'db/migrate/20100928030617_drop_openid_tables.rb'
 
-# Offense count: 4
+# Offense count: 2
 Style/DoubleNegation:
   Exclude:
     - 'app/helpers/application_helper.rb'
-    - 'app/models/entities/opportunity.rb'
     - 'app/models/polymorphic/task.rb'
-    - 'lib/gravatar_image_tag.rb'
 
 # Offense count: 1
-Style/EvalWithLocation:
+# Configuration parameters: EnforcedStyle.
+# SupportedStyles: annotated, template, unannotated
+Style/FormatStringToken:
   Exclude:
-    - 'lib/fat_free_crm/permissions.rb'
+    - 'spec/factories/shared_factories.rb'
 
 # Offense count: 1
 # Cop supports --auto-correct.
 # Configuration parameters: EnforcedStyle.
-# SupportedStyles: when_needed, always, never
+# SupportedStyles: always, never
 Style/FrozenStringLiteralComment:
   Exclude:
     - 'db/schema.rb'
@@ -268,44 +238,22 @@ Style/GlobalVars:
     - 'db/migrate/20100928030598_create_sessions.rb'
     - 'db/migrate/20120510025219_add_not_null_constraints_for_timestamp_columns.rb'
 
-# Offense count: 46
+# Offense count: 28
 # Configuration parameters: MinBodyLength.
 Style/GuardClause:
   Enabled: false
 
 # Offense count: 2
-Style/IdenticalConditionalBranches:
-  Exclude:
-    - 'app/helpers/application_helper.rb'
-
-# Offense count: 49
-# Cop supports --auto-correct.
-Style/IfUnlessModifier:
-  Enabled: false
-
-# Offense count: 16
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle.
-# SupportedStyles: line_count_dependent, lambda, literal
-Style/Lambda:
-  Exclude:
-    - 'app/models/entities/account.rb'
-    - 'app/models/entities/campaign.rb'
-    - 'app/models/entities/contact.rb'
-    - 'app/models/entities/lead.rb'
-    - 'app/models/entities/opportunity.rb'
-    - 'app/models/polymorphic/task.rb'
-    - 'app/models/users/user.rb'
-
-# Offense count: 2
-Style/MethodMissing:
+Style/MissingRespondToMissing:
   Exclude:
     - 'app/models/setting.rb'
     - 'lib/fat_free_crm/fields.rb'
 
-# Offense count: 1
+# Offense count: 3
 Style/MixinUsage:
   Exclude:
+    - 'bin/setup'
+    - 'bin/update'
     - 'spec/helpers/fields_helper_spec.rb'
 
 # Offense count: 2
@@ -314,66 +262,19 @@ Style/MultilineBlockChain:
     - 'lib/fat_free_crm/core_ext/string.rb'
     - 'lib/tasks/ffcrm/demo.rake'
 
-# Offense count: 2
-Style/MultilineTernaryOperator:
+# Offense count: 1
+Style/MultipleComparison:
   Exclude:
-    - 'app/models/users/authentication.rb'
+    - 'app/models/polymorphic/task.rb'
 
-# Offense count: 11
+# Offense count: 5
 # Cop supports --auto-correct.
-# Configuration parameters: AutoCorrect, EnforcedStyle.
+# Configuration parameters: AutoCorrect, EnforcedStyle, IgnoredMethods.
 # SupportedStyles: predicate, comparison
 Style/NumericPredicate:
   Exclude:
     - 'spec/**/*'
-    - 'app/helpers/admin/users_helper.rb'
-    - 'app/helpers/application_helper.rb'
-    - 'app/helpers/campaigns_helper.rb'
-    - 'app/helpers/tasks_helper.rb'
     - 'app/models/fields/custom_field.rb'
     - 'app/models/polymorphic/task.rb'
     - 'app/models/users/user.rb'
     - 'lib/tasks/ffcrm/demo.rake'
-
-# Offense count: 16
-# Cop supports --auto-correct.
-# Configuration parameters: EnforcedStyle, AllowInnerSlashes.
-# SupportedStyles: slashes, percent_r, mixed
-Style/RegexpLiteral:
-  Exclude:
-    - 'app/controllers/entities/contacts_controller.rb'
-    - 'app/controllers/entities/opportunities_controller.rb'
-    - 'app/helpers/application_helper.rb'
-    - 'app/models/list.rb'
-    - 'lib/development_tasks/license.rake'
-    - 'lib/fat_free_crm/core_ext/string.rb'
-    - 'spec/helpers/users_helper_spec.rb'
-    - 'spec/lib/mail_processor/dropbox_spec.rb'
-    - 'spec/views/contacts/update.js.haml_spec.rb'
-    - 'spec/views/opportunities/update.js.haml_spec.rb'
-
-# Offense count: 8
-# Cop supports --auto-correct.
-# Configuration parameters: AllowAsExpressionSeparator.
-Style/Semicolon:
-  Exclude:
-    - 'app/controllers/entities/leads_controller.rb'
-    - 'lib/fat_free_crm/permissions.rb'
-    - 'lib/tasks/ffcrm/setup.rake'
-    - 'spec/models/fields/custom_field_date_pair_spec.rb'
-    - 'spec/models/fields/custom_field_spec.rb'
-    - 'spec/support/macros.rb'
-
-# Offense count: 2
-# Cop supports --auto-correct.
-# Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, IgnoreClassMethods, Whitelist.
-# Whitelist: to_ary, to_a, to_c, to_enum, to_h, to_hash, to_i, to_int, to_io, to_open, to_path, to_proc, to_r, to_regexp, to_str, to_s, to_sym
-Style/TrivialAccessors:
-  Exclude:
-    - 'spec/support/auth_macros.rb'
-
-# Offense count: 1924
-# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, IgnoredPatterns.
-# URISchemes: http, https
-Metrics/LineLength:
-  Max: 390

data/.travis.yml

@@ -1,8 +1,11 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.4.2
-  - 2.5.0
+  - 2.5.7
+  - 2.6.5
+  - 2.7.1
+
+dist: bionic
 
 env:
   global:
@@ -19,16 +22,26 @@ env:
 matrix:
   fast_finish: true
   exclude:
-    - rvm: 2.5.0
+    - rvm: 2.5.7
+      env: DB=postgres TEST_SUITE=rubocop
+    - rvm: 2.6.5
       env: DB=postgres TEST_SUITE=rubocop
   allow_failures:
-    - rvm: 2.4.2
+    - rvm: 2.5.7
+      env: DB=postgres TEST_SUITE="rake spec:features"
+    - rvm: 2.6.5
+      env: DB=postgres TEST_SUITE="rake spec:features"
+    - rvm: 2.7.1
+      env: DB=postgres TEST_SUITE="rake spec:features"
+    - rvm: 2.5.7
       env: DB=mysql TEST_SUITE="rake spec:models"
-    - rvm: 2.4.2
+    - rvm: 2.5.7
+      env: DB=sqlite TEST_SUITE="rake spec:models"
+    - rvm: 2.6.5
       env: DB=sqlite TEST_SUITE="rake spec:models"
-    - rvm: 2.5.0
+    - rvm: 2.7.1
       env: DB=mysql TEST_SUITE="rake spec:models"
-    - rvm: 2.5.0
+    - rvm: 2.7.1
       env: DB=sqlite TEST_SUITE="rake spec:models"
 
 addons:
@@ -38,13 +51,10 @@ bundler_args: --path=vendor/bundle --without heroku
 
 cache: bundler
 
-before_install:
-  - "export DISPLAY=:99.0"
-  - "sh -e /etc/init.d/xvfb start"
-
 before_script:
   # gem update --system is a workaround for travis-ci/travis-ci#8978
   - "gem update --system"
+  - 'gem install bundler -v 1.17.3'
   - sh -c "cp config/database.$DB.yml config/database.yml"
   - sh -c "if [ \"$DB\" = 'postgres' ]; then psql -c 'create database fat_free_crm_test;' -U postgres; fi"
   - sh -c "if [ \"$DB\" = 'mysql' ]; then mysql -e 'create database fat_free_crm_test;'; fi"
@@ -61,3 +71,9 @@ notifications:
     on_success: change  # options: [always|never|change] default: always
     on_failure: always  # options: [always|never|change] default: always
     on_start: false     # default: false
+
+dist: xenial
+services:
+  - xvfb
+  - postgresql
+  - mysql

data/CHANGELOG.md

@@ -4,40 +4,55 @@ It does not matter how slowly you go as long as you do not stop.
 First they ignore you, then they laugh at you, then they fight you,
 then you win. –- Mahatma Gandhi
 
-Sat Apr 7, 2021 (0.18.2)
----------------------------------------------------------------------
-
-#### Security fixes
-CVE-2018-1000544
-CVE-2019-16892
-CVE-2018-16470
-CVE-2018-16471
-CVE-2018-3760
-CVE-2018-8048
-CVE-2019-11068
-CVE-2019-5477
-CVE-2018-14404
-CVE-2018-1000201
-CVE-2018-16476
-CVE-2019-5418
-CVE-2019-5419
-CVE-2019-15587
-CVE-2018-16468
-CVE-2019-16676
+Wed Apr 04, 2021 (0.19.0)
+======
 
-
-Sat Oct 27, 2018 (0.18.1)
----------------------------------------------------------------------
+### Important changes
 
 #### Fixed XSS flaw in tags_helper
 Credit Antonin Steinhauser (asteinhauser) for discovery and responsible disclosure.
 
+#### Devise replaces Authlogic for user authentication
+Ticket #742 replaces Authlogic with the latest Devise (4.3.0) which has wider adoption.
+This change requires a database migration on the User model. Please note:
+ - Most User fields are renamed and can hence be rolled back. Existing Authlogic passwords will continue to work.
+ - Users will be forced logged out. Existing user sessions will not be kept and the fields `persistence_token, single_access_token, perishable_token` will be dropped from the database.
+ - Though the migration is generally safe **we recommend to make a backup of your database** before migrating.
+
+#### Existing OAuth broken
+The Devise change will break any OAuth login plugins which depend on Authlogic.
+You can [configure OAuth for Devise using the guides here](https://github.com/plataformatec/devise/wiki/omniauth:-overview).
+
+#### Login and user-related routes changed
+The login URL routes have been changed to use the defaults of Devise.
+
+#### User mailers changed
+Mailers related to user password reset, etc. are changed to use the defaults of Devise.
+
+#### PaperClip version updated from 5.2.1 to 6.0.0
+PaperClip now only depends on `aws-sdk-s3` instead of `aws-sdk`. For more info see https://github.com/thoughtbot/paperclip/pull/2481.
+Replace the Cocaine gem with Terrapin. https://github.com/thoughtbot/terrapin/ Apart from the namespace change, this is a drop in replacement.
+
+#### Rails 5.2
+The underlying framework is now rails 5.2.*
+
+#### Ruby 2.4 deprecated
+Ruby 2.4 has reached end of life and is no longer activity tested against.
+
+#### Other changes
+ * #794 Fix defect with unpermitted params in advanced search
+ * 2bc6184779a26070496e6f4caefa0cc9ba555d7b Remove broken support for delete links on arrays.
+ * #851 upgrade paper_trail
+ * Security fixes CVE-2019-16109, CVE-2019-16676, CVE-2019-5477, CVE-2019-16892
+ * Dependency updates
+
 
 Sat Apr 21, 2018 (0.18.0)
 ---------------------------------------------------------------------
 
 ### Important changes
-#### Mininium ruby version
+
+#### Minimum Ruby version
 #665 Support for Ruby 2.3 has been dropped, with test coverage for 2.4 and 2.5 enabled.
 
 #### Swap to FactoryBot
@@ -88,6 +103,7 @@ Sat Jan 20, 2018 (0.17.0)
 ---------------------------------------------------------------------
 
 ### Important changes
+
 #### Select2 for select boxes
 This release replaces [Chozen](https://harvesthq.github.io/chosen/) with [Select2](https://select2.org/) consistently across the app.
 This may break plugins which rely on Chozen. To fix any issues please