RubyGems - tolaria - Versions diffs - 1.1.0 → 1.1.1 - Mend

tolaria 1.1.0 → 1.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 06698e275214dde20127ba280a3a174a38ce8c51
-  data.tar.gz: 9d13b6a2f51edba6d0df559102897d256373219e
+  metadata.gz: 924bb7dffa35ab0de6adf4b9bd114ad055f01b10
+  data.tar.gz: ce331c2da73214162b3faa2fb95a6e18fcbc998e
 SHA512:
-  metadata.gz: 0e30d2887b0f6aed83abe67f770c17cbe6a0f00ef09f12516995d7f031564d71e06288afcaf9171941b60e4647176de19f7eb6414038b5db48f2e5cd0008c4b5
-  data.tar.gz: f206f96d3e441ca6ebac69bd8bbe45e7b8eb4e032cee34fb679467f34405cbc4e2f8c2f67154080f9a95c214fe364924957e15fbdd496d81f7430366989f9f97
+  metadata.gz: c95dd58c6023309fc4e939f9cf167ed752a2b85d8c289081b373e548ffeb9dea534786ebf8195712b484fbe7e28f26e9a6a97c86b2dbeef8111c4e28d4ae7bbf
+  data.tar.gz: b0ccd3893916a3855d69c90d233722b166eba39028f50f991409a5e4de89d5c85543769abad35d012fcd4b1cb45bd6cf42de4af81bab73e244d5f34632cb5ec2

data/app/assets/javascripts/admin/views/fields/attachment_field.js CHANGED Viewed

@@ -9,7 +9,7 @@ var AttachmentFieldView = Backbone.View.extend({
   activateFileInput: function(event) {
     event.preventDefault();
-    this.$fileInput.focus().click()
+    this.$fileInput.focus().click();
   },
   refreshLabel: function() {

data/app/assets/javascripts/admin/views/fields/has_many.js CHANGED Viewed

@@ -1,7 +1,7 @@
 var HasManyView = Backbone.View.extend({
   initialize: function() {
-    this.$button = $(".has-many-create").first();
+    this.$button = $(".has-many-create", this.el).first();
     this.template = this.$button.data("template");
     this.templateID = this.$button.data("id");
   },
@@ -24,7 +24,7 @@ var HasManyView = Backbone.View.extend({
     var $parentHeader = $(event.currentTarget).parents(".has-many-header").first();
     var $fieldgroup = $parentHeader.nextUntil(".has-many-header, .has-many-create");
-    var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first()
+    var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first();
     if (!!$destroyInput.length) {
       // The model is already persisted, set the destruction flag
@@ -43,7 +43,7 @@ var HasManyView = Backbone.View.extend({
   restoreFieldgroup: function(event) {
-    var $undoControl = $(event.currentTarget)
+    var $undoControl = $(event.currentTarget);
     var $fieldgroup = $undoControl.nextUntil(".has-many-header, .has-many-create");
     var $destroyInput = $fieldgroup.filter("input[name*='_destroy']").first();

data/app/assets/javascripts/admin/views/fields/image_association_select.js CHANGED Viewed

@@ -1,7 +1,7 @@
 var ImageAssociationSelectView = Backbone.View.extend({
   initialize: function() {
-    this.$select = this.$el.find("select")
+    this.$select = this.$el.find("select");
     this.$previewImage = this.$el.find(".image-association-select-image");
     this.hiddenClass = "-hidden";

data/app/assets/javascripts/admin/views/fields/markdown_composer.js CHANGED Viewed

@@ -90,7 +90,7 @@ var MarkdownComposerView = Backbone.View.extend({
           self.presentErrorMessage("The server refused to send you a preview. Please sign in and out of the admin panel and try again.");
         },
         500: function(xhr, status, error) {
-          self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.")
+          self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.");
         }
       },
@@ -145,7 +145,7 @@ var MarkdownComposerView = Backbone.View.extend({
   events: {
-    "keyup": "updatePreview",
+    "keyup": "keyupCallback",
     "focus textarea": "brightenSelf",
     "blur textarea": "dimSelf",

data/app/assets/javascripts/admin/views/fields/slug_field.js CHANGED Viewed

@@ -8,13 +8,13 @@ var SlugFieldView = Backbone.View.extend({
   refreshPreview: function() {
-    var val = $.trim(this.$input.val())
+    var val = $.trim(this.$input.val());
     if (!!val) {
-      this.$previewFragment.html(this.parameterize(val))
+      this.$previewFragment.html(this.parameterize(val));
     }
     else {
-      this.$previewFragment.html("*")
+      this.$previewFragment.html("*");
     }
   },

data/app/assets/javascripts/admin/views/fields/swatch_field.js CHANGED Viewed

@@ -44,10 +44,12 @@ var SwatchFieldView = Backbone.View.extend({
   events: {
     "keyup": "refreshPreview",
-    "change input": "refreshPreview",
-    "change input": "validateSelf",
     "blur input": "validateSelf",
-    "focus input": "clearError"
+    "focus input": "clearError",
+    "change input": function(event) {
+      this.refreshPreview(event);
+      this.validateSelf(event);
+    }
   }
 });

data/app/assets/javascripts/admin/views/sessions.js CHANGED Viewed

@@ -47,19 +47,19 @@ var SessionView = Backbone.View.extend({
             self.presentPasscodeInput();
           },
           404: function(xhr, status, error) {
-            self.presentErrorMessage(xhr.responseJSON.error)
+            self.presentErrorMessage(xhr.responseJSON.error);
           },
           423: function(xhr, status, error) {
-            self.presentErrorMessage(xhr.responseJSON.error)
+            self.presentErrorMessage(xhr.responseJSON.error);
           },
           500: function(xhr, status, error) {
-            self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.")
+            self.presentErrorMessage("An unexpected server error occurred. Developers have been notified. Please try again\xA0later.");
           }
         },
         timeout: 29000,
         error: function(xhr, status, error) {
-          self.presentErrorMessage("Could not connect to the server. Check your network connection and try\xA0again.")
+          self.presentErrorMessage("Could not connect to the server. Check your network connection and try\xA0again.");
         }
       });

data/app/assets/stylesheets/admin/components/_buttons.scss CHANGED Viewed

@@ -24,6 +24,9 @@
     line-height: 16px;
     padding: 2px 9px 2px 9px;
     height: auto;
+    .icon {
+      font-size: 12px;
+    }
   }
   .icon {

data/app/controllers/tolaria/tolaria_controller.rb CHANGED Viewed

@@ -11,9 +11,12 @@ class Tolaria::TolariaController < ::ApplicationController
     response.headers["X-UA-Compatible"] = "IE=edge"
     # Forbid putting the admin in a frameset/iframe
     response.headers["X-Frame-Options"] = "DENY"
-    # Strict sniffing and XSS modes for browsers that use these flags
+    # No cross-domain funny business from Flash
+    response.headers["X-Permitted-Cross-Domain-Policies"] = "none"
+    # Strict sniffing, type checks, and XSS modes for browsers that use these flags
     response.headers["X-Content-Type-Options"] = "nosniff"
     response.headers["X-XSS-Protection"] = "1; mode=block"
+    response.headers["X-Download-Options"] = "noopen"
   end
   def tolaria_template(name)

data/app/helpers/admin/table_helper.rb CHANGED Viewed

@@ -118,12 +118,12 @@ module Admin::TableHelper
   #   14×14px in size.
   #
   # Other options are forwarded to `content_tag` for the `<td>`.
-  def index_td(resource, method_or_content, options = {}, &block)
+  def index_td(resource, method_or_content = {}, options = {}, &block)
     options = method_or_content if block_given?
     if block_given?
-      content = yield
+      content = capture(resource, &block)
     elsif method_or_content.is_a?(Symbol)
       content = resource.send(method_or_content)
     else

data/app/helpers/admin/view_helper.rb CHANGED Viewed

@@ -58,6 +58,17 @@ module Admin::ViewHelper
     return %{Are you sure you want to delete the #{resource.model_name.human.downcase} “#{Tolaria.display_name(resource)}”? This action is not reversible.}
   end
+  def contextual_form_url
+    case controller.action_name
+    when "edit", "update"
+      url_for(action:"show", id:@resource.id)
+    when "new", "create"
+      url_for(action:"index")
+    else
+      nil
+    end
+  end
   # Returns a `<span>` tag that displays the given `label` as a pill
   # status badge. You can change the color of the pill by providing a
   # six-digit hexadecimal `color` string, or passing one of the predefined

data/app/mailers/passcode_mailer.rb CHANGED Viewed

@@ -5,7 +5,7 @@ class PasscodeMailer < ActionMailer::Base
   def passcode(administrator, passcode)
     @administrator = administrator
     @passcode = passcode
-    mail(to:administrator.email, subject:"#{Tolaria.config.company_name} Passcode")
+    mail(to:administrator.email, subject:"#{@passcode} is your #{Tolaria.config.company_name} passcode")
   end
 end

data/app/views/admin/session/form.html.erb CHANGED Viewed

@@ -19,7 +19,7 @@
     autocorrect: "off",
     autocapitalize: "none",
     tabindex: 1,
-    value: @email,
+    value: nil,
   } %>
   <%= f.label :passcode, "Passcode", for:"session-form-passcode", class:"visuallyhidden" %>
@@ -31,7 +31,8 @@
     spellcheck: "false",
     pattern: "[0-9]*",
     tabindex: 2,
-    style: "display:none"
+    style: "display:none",
+    value: nil,
   } %>
   <%= f.button "Request a passcode", type:"submit", id:"session-form-submit", class:"session-button" %>

data/app/views/admin/shared/_head.html.erb CHANGED Viewed

@@ -1,6 +1,6 @@
 <head>
   <meta charset="utf-8">
-  <title><%= "#{content_for(:title)} • " if content_for(:title) %><%= Tolaria.config.company_name %></title>
+  <title><%= content_for(:title) %><%= " • " if content_for(:title) %><%= Tolaria.config.company_name %></title>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <meta name="robots" content="noindex">
   <meta name="google" content="notranslate">

data/app/views/admin/shared/forms/_has_many_header.html.erb CHANGED Viewed

@@ -8,7 +8,7 @@
 <% if allow_destroy %>
   <%= button_tag type:"button", class:"has-many-undo", style:"display:none" do %>
-    <span class="has-many-undo-text">This <%= f.object.model_name.human %> will be removed when you save your changes.</span>
+    <span class="has-many-undo-text">This <%= f.object.model_name.human.titleize %> will be removed when you save your changes.</span>
     <span class="button -small"><%= fontawesome_icon :undo %> Undo</span>
   <% end %>

data/app/views/admin/shared/forms/_timestamp_field.html.erb CHANGED Viewed

@@ -6,6 +6,7 @@
       date_seperator: false,
       ampm: true,
       include_blank: "",
+      start_year: 1970,
     } %>
   </div>

data/app/views/admin/tolaria_resource/_index_table.html.erb CHANGED Viewed

@@ -52,7 +52,9 @@
     <tbody>
       <% @resources.each do |resource| %>
         <tr>
-          <%= index_td resource, :id %>
+          <%= index_td resource do |resource| %>
+            <%= resource.id %>
+          <% end %>
           <%= index_td resource, Tolaria.display_name(resource) %>
           <%= actions_td resource %>
         </tr>

data/app/views/admin/tolaria_resource/edit.html.erb CHANGED Viewed

@@ -4,7 +4,7 @@
   <%= content_for :title, "New #{@managed_class.model_name.human.titleize}" %>
 <% end %>
-<%= form_for [:admin, @resource], builder:Admin::FormBuilder, html:{class:"resource-form"}  do |form_builder| %>
+<%= form_for [:admin, @resource], url:contextual_form_url, builder:Admin::FormBuilder, html:{class:"resource-form"}  do |form_builder| %>
   <div class="main-controls">
     <div class="main-controls-left">

data/lib/tolaria/version.rb CHANGED Viewed

@@ -2,7 +2,7 @@ module Tolaria
   # Returns Tolaria’s version number
   def self.version
-    Gem::Version.new("1.1.0")
+    Gem::Version.new("1.1.1")
   end
   module VERSION

data/test/demo/app/models/blog_post.rb CHANGED Viewed

@@ -40,4 +40,8 @@ class BlogPost < ActiveRecord::Base
     # Swallow this exception
   end
+  def to_param
+    "#{id}-#{title.parameterize}"
+  end
 end

data/test/integration/interface_test.rb CHANGED Viewed

@@ -10,6 +10,17 @@ class InterfaceTest < ActionDispatch::IntegrationTest
     BlogPost.destroy_all
   end
+  test "security headers are set" do
+    sign_in_dummy_administrator!
+    visit("/admin/blog_posts")
+    assert_equal page.response_headers["X-UA-Compatible"], "IE=edge"
+    assert_equal page.response_headers["X-Frame-Options"], "DENY"
+    assert_equal page.response_headers["X-Permitted-Cross-Domain-Policies"], "none"
+    assert_equal page.response_headers["X-Content-Type-Options"], "nosniff"
+    assert_equal page.response_headers["X-XSS-Protection"], "1; mode=block"
+    assert_equal page.response_headers["X-Download-Options"], "noopen"
+  end
   test "menu is rendering" do
     sign_in_dummy_administrator!
     visit("/admin/blog_posts")

data/test/integration/session_test.rb CHANGED Viewed

@@ -31,6 +31,12 @@ class SessionTest < ActionDispatch::IntegrationTest
     assert_equal 200, status_code
   end
+  test "admin form fields should be empty" do
+    visit "/admin/signin"
+    assert_equal nil, find("#session-form-email").value()
+    assert_equal nil, find("#session-form-passcode", visible:false).value()
+  end
   test "session form doesn't explode when junk submitted" do
     post "/admin/signin", {
       a: "Z6b4y26r16eSz6w7qLef722MC1IGK36K",

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tolaria
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Corey Csuhta
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-08-21 00:00:00.000000000 Z
+date: 2015-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt
@@ -427,7 +427,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.5.1
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: A Rails CMS framework for making people happy.