solidus_core 3.1.6 → 3.1.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/app/models/spree/log_entry.rb +74 -1
  3. data/lib/generators/solidus/install/install_generator.rb +2 -1
  4. data/lib/spree/app_configuration.rb +16 -0
  5. data/lib/spree/core/engine.rb +6 -0
  6. data/lib/spree/core/version.rb +1 -1
  7. data/lib/spree/testing_support/factories/user_factory.rb +6 -0
  8. data/solidus_core.gemspec +1 -0
  9. metadata +23 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 765367a8eed914a5abca0f078c5ffd7d3e341c504e10311e952d466e10027c32
4
- data.tar.gz: '08f36210b6b9bbf66d82c5e4bf6fa161c9f1552c003c693d5afd732065c16abc'
3
+ metadata.gz: 17023a55872c98530a41d6e9dcfa86f9cb2273d6bda4f90138414fef73faf408
4
+ data.tar.gz: 025eea8e4777138faceebbd8c8747a1529c0d56218ac908e2a42c12ef69da5b0
5
5
  SHA512:
6
- metadata.gz: 9b1189c36bd365b71dd7fe4e8ed68402db4c32d1e87ea2571b9c8ae0669ce68a1ffb8a06ec195ccdd06791d942847a10db93248bd71b324d853e724f0b0b7e16
7
- data.tar.gz: f82f01282ead4f27433e352fb2f7d793187e7efa573fdf9627c37412e944afb312e4d4ef28d4dd550111aa215c0baa47632d9152f09baa1505c2a31186e13e4a
6
+ metadata.gz: 10b6f6770fdb30bd9b2269731fbc749c32221f37c8c04c1034bf3a8621869c52df31669d80cf2d47d5f4b04eaa25305ab36f1dcda72a3aaa06fa53eda0f492b4
7
+ data.tar.gz: 62b8b420c98f055c40faea148d36769a33d7cb3e6a878dcc0a930ecf0b3b40195f6421a4e2d7150c4086770f4bdb42c2bcdca0a4c947f6bd8ab42903c799bda0
data/app/models/spree/log_entry.rb CHANGED
@@ -2,10 +2,83 @@
2
2
 
3
3
  module Spree
4
4
  class LogEntry < Spree::Base
5
+ # Classes used in core that can be present in serialized details
6
+ #
7
+ # Users can add their own classes in
8
+ # `Spree::Config#log_entry_permitted_classes`.
9
+ #
10
+ # @see Spree::AppConfiguration#log_entry_permitted_classes
11
+ CORE_PERMITTED_CLASSES = [
12
+ ActiveMerchant::Billing::Response,
13
+ ActiveSupport::TimeWithZone,
14
+ Time,
15
+ ActiveSupport::TimeZone
16
+ ].freeze
17
+
18
+ # Raised when a disallowed class is tried to be loaded
19
+ class DisallowedClass < RuntimeError
20
+ attr_reader :psych_exception
21
+
22
+ def initialize(psych_exception:)
23
+ @psych_exception = psych_exception
24
+ super(default_message)
25
+ end
26
+
27
+ private
28
+
29
+ def default_message
30
+ <<~MSG
31
+ #{psych_exception.message}
32
+
33
+ You can specify custom classes to be loaded in config/initializers/spree.rb. E.g:
34
+
35
+ Spree.config do |config|
36
+ config.log_entry_permitted_classes = ['MyClass']
37
+ end
38
+ MSG
39
+ end
40
+ end
41
+
42
+ # Raised when YAML contains aliases and they're not enabled
43
+ class BadAlias < RuntimeError
44
+ attr_reader :psych_exception
45
+
46
+ def initialize(psych_exception:)
47
+ @psych_exception = psych_exception
48
+ super(default_message)
49
+ end
50
+
51
+ private
52
+
53
+ def default_message
54
+ <<~MSG
55
+ #{psych_exception.message}
56
+
57
+ You can explicitly enable aliases in config/initializers/spree.rb. E.g:
58
+
59
+ Spree.config do |config|
60
+ config.log_entry_allow_aliases = true
61
+ end
62
+ MSG
63
+ end
64
+ end
65
+
66
+ def self.permitted_classes
67
+ CORE_PERMITTED_CLASSES + Spree::Config.log_entry_permitted_classes.map(&:constantize)
68
+ end
69
+
5
70
  belongs_to :source, polymorphic: true, optional: true
6
71
 
7
72
  def parsed_details
8
- @details ||= YAML.load(details)
73
+ @details ||= YAML.safe_load(
74
+ details,
75
+ permitted_classes: self.class.permitted_classes,
76
+ aliases: Spree::Config.log_entry_allow_aliases
77
+ )
78
+ rescue Psych::DisallowedClass => e
79
+ raise DisallowedClass.new(psych_exception: e)
80
+ rescue Psych::BadAlias => e
81
+ raise BadAlias.new(psych_exception: e)
9
82
  end
10
83
  end
11
84
  end
data/lib/generators/solidus/install/install_generator.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require 'rails/generators'
4
+ require 'rails/version'
4
5
 
5
6
  module Solidus
6
7
  # @private
@@ -15,7 +16,7 @@ module Solidus
15
16
  class_option :migrate, type: :boolean, default: true, banner: 'Run Solidus migrations'
16
17
  class_option :seed, type: :boolean, default: true, banner: 'Load seed data (migrations must be run)'
17
18
  class_option :sample, type: :boolean, default: true, banner: 'Load sample data (migrations must be run)'
18
- class_option :active_storage, type: :boolean, default: true, banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
+ class_option :active_storage, type: :boolean, default: Rails.gem_version >= Gem::Version.new("6.1.0"), banner: 'Install ActiveStorage as image attachments handler for products and taxons'
19
20
  class_option :auto_accept, type: :boolean
20
21
  class_option :user_class, type: :string
21
22
  class_option :admin_email, type: :string
data/lib/spree/app_configuration.rb CHANGED
@@ -165,6 +165,22 @@ module Spree
165
165
  # @return [String] URL of logo used on frontend (default: +'logo/solidus.svg'+)
166
166
  preference :logo, :string, default: 'logo/solidus.svg'
167
167
 
168
+ # @!attribute [rw] log_entry_permitted_classes
169
+ # @return [Array<String>] An array of extra classes that are allowed to be
170
+ # loaded from a serialized YAML as details in {Spree::LogEntry}
171
+ # (defaults to a non-frozen empty array, so that extensions can add
172
+ # their own classes).
173
+ # @example
174
+ # config.log_entry_permitted_classes = ['Date']
175
+ preference :log_entry_permitted_classes, :array, default: []
176
+
177
+ # @!attribute [rw] log_entry_allow_aliases
178
+ # @return [Boolean] Whether YAML aliases are allowed when loading
179
+ # serialized data in {Spree::LogEntry}. It defaults to true. Depending
180
+ # on the source of your data, you may consider disabling it to prevent
181
+ # entity expansion attacks.
182
+ preference :log_entry_allow_aliases, :boolean, default: true
183
+
168
184
  # @!attribute [rw] mails_from
169
185
  # @return [String] Email address used as +From:+ field in transactional emails.
170
186
  preference :mails_from, :string, default: 'solidus@example.com'
data/lib/spree/core/engine.rb CHANGED
@@ -15,6 +15,12 @@ module Spree
15
15
  generator.test_framework :rspec
16
16
  end
17
17
 
18
+ if ActiveRecord.respond_to?(:yaml_column_permitted_classes) || ActiveRecord::Base.respond_to?(:yaml_column_permitted_classes)
19
+ config.active_record.yaml_column_permitted_classes ||= []
20
+ config.active_record.yaml_column_permitted_classes |=
21
+ [Symbol, BigDecimal, ActiveSupport::HashWithIndifferentAccess]
22
+ end
23
+
18
24
  initializer "spree.environment", before: :load_config_initializers do |app|
19
25
  app.config.spree = Spree::Config.environment
20
26
  end
data/lib/spree/core/version.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spree
4
- VERSION = "3.1.6"
4
+ VERSION = "3.1.7"
5
5
 
6
6
  def self.solidus_version
7
7
  VERSION
data/lib/spree/testing_support/factories/user_factory.rb CHANGED
@@ -21,6 +21,12 @@ FactoryBot.define do
21
21
  end
22
22
  end
23
23
 
24
+ trait :with_orders do
25
+ after(:create) do |user, _|
26
+ create(:order, user: user)
27
+ end
28
+ end
29
+
24
30
  factory :admin_user do
25
31
  after(:create) do |user, _|
26
32
  admin_role = Spree::Role.find_by(name: 'admin') || create(:role, name: 'admin')
data/solidus_core.gemspec CHANGED
@@ -40,6 +40,7 @@ Gem::Specification.new do |s|
40
40
  s.add_dependency 'mini_magick', '~> 4.10'
41
41
  s.add_dependency 'monetize', '~> 1.8'
42
42
  s.add_dependency 'kt-paperclip', '~> 6.3'
43
+ s.add_dependency 'psych', ['>= 3.1.0', '< 5.0']
43
44
  s.add_dependency 'ransack', '~> 2.0'
44
45
  s.add_dependency 'state_machines-activerecord', '~> 0.6'
45
46
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: solidus_core
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.6
4
+ version: 3.1.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Solidus Team
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-01 00:00:00.000000000 Z
11
+ date: 2022-07-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: actionmailer
@@ -344,6 +344,26 @@ dependencies:
344
344
  - - "~>"
345
345
  - !ruby/object:Gem::Version
346
346
  version: '6.3'
347
+ - !ruby/object:Gem::Dependency
348
+ name: psych
349
+ requirement: !ruby/object:Gem::Requirement
350
+ requirements:
351
+ - - ">="
352
+ - !ruby/object:Gem::Version
353
+ version: 3.1.0
354
+ - - "<"
355
+ - !ruby/object:Gem::Version
356
+ version: '5.0'
357
+ type: :runtime
358
+ prerelease: false
359
+ version_requirements: !ruby/object:Gem::Requirement
360
+ requirements:
361
+ - - ">="
362
+ - !ruby/object:Gem::Version
363
+ version: 3.1.0
364
+ - - "<"
365
+ - !ruby/object:Gem::Version
366
+ version: '5.0'
347
367
  - !ruby/object:Gem::Dependency
348
368
  name: ransack
349
369
  requirement: !ruby/object:Gem::Requirement
@@ -954,7 +974,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
954
974
  - !ruby/object:Gem::Version
955
975
  version: 1.8.23
956
976
  requirements: []
957
- rubygems_version: 3.2.31
977
+ rubygems_version: 3.1.2
958
978
  signing_key:
959
979
  specification_version: 4
960
980
  summary: Essential models, mailers, and classes for the Solidus e-commerce project.