NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #25 from debtcollective/od/csrf

Browse source 
Remove CSRF implementation from Grape
This commit is contained in:
Luis Castro 2019-08-12 13:50:44 +02:00 committed by GitHub
commit 068b741dbc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 225 additions and 260 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Gemfile
View file

@ -22,7 +22,6 @@ gem 'ffi', '~> 1.11', '>= 1.11.1'
gem 'httparty', '~> 0.17.0' # https://github.com/jnunemaker/httparty
gem 'rack-attack', '~> 5.2' # for blocking ip addressses
gem 'rack-ssl', '~> 1.4'
gem 'rack-timeout', '~> 0.5.1'
gem 'sprockets', '~> 3.7'
# AWS services
@ -42,7 +41,7 @@ gem 'i18n-js', '~> 3.3'
gem 'lograge', '~> 0.11.2' # make logging less terrible in rails
gem 'nearest_time_zone', '~> 0.0.4' # for detecting timezone from lat/lng https://github.com/buytruckload/nearest_time_zone
gem 'rails-i18n', '~> 5.1', '>= 5.1.3'
gem 'roadie-rails', '~> 2.1' # email generation helpers
gem 'roadie-rails', '~> 2.1' # email generation helpers
gem 'table_print', '~> 1.5', '>= 1.5.6' # Nice table printing of data for the console
# Database and Events
@ -75,6 +74,10 @@ gem 'grape-swagger-entity', '~> 0.3.3'
gem 'grape-swagger', '~> 0.33.0'
gem 'grape', '~> 1.2', '>= 1.2.4'
group :development do
gem 'grape_on_rails_routes', '~> 0.3.2'
end
group :development, :ci do
gem 'debase', '~> 0.2.3'
gem 'ruby-debug-ide', '~> 0.7.0'
@ -87,8 +90,10 @@ group :development, :ci, :test do
gem 'dotenv-rails', '~> 2.7', '>= 2.7.5'
gem 'mail_view', '~> 2.0'
gem 'pry', '~> 0.12.2'
gem 'pry-byebug', '~> 3.7.0'
gem 'ruby-prof', '0.15.9'
gem 'solargraph', '~> 0.35.1'
gem 'standard', '~> 0.1.2'
end
group :ci, :test do
@ -109,4 +114,5 @@ group :production do
# Compression of assets on heroku
# https://github.com/romanbsd/heroku-deflater
gem 'heroku-deflater', '~> 0.6.3'
gem 'rack-timeout', '~> 0.5.1'
end

94
Gemfile.lock
View file

@ -80,22 +80,22 @@ GEM
andand (1.3.3)
arel (9.0.0)
ast (2.4.0)
aws-eventstream (1.0.1)
aws-partitions (1.110.0)
aws-eventstream (1.0.3)
aws-partitions (1.198.0)
aws-sdk (1.67.0)
aws-sdk-v1 (= 1.67.0)
aws-sdk-core (3.37.0)
aws-eventstream (~> 1.0)
aws-sdk-core (3.62.0)
aws-eventstream (~> 1.0, >= 1.0.2)
aws-partitions (~> 1.0)
aws-sigv4 (~> 1.0)
aws-sigv4 (~> 1.1)
jmespath (~> 1.0)
aws-sdk-kms (1.11.0)
aws-sdk-core (~> 3, >= 3.26.0)
aws-sigv4 (~> 1.0)
aws-sdk-s3 (1.23.1)
aws-sdk-core (~> 3, >= 3.26.0)
aws-sdk-kms (1.24.0)
aws-sdk-core (~> 3, >= 3.61.1)
aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.46.0)
aws-sdk-core (~> 3, >= 3.61.1)
aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.0)
aws-sigv4 (~> 1.1)
aws-sdk-v1 (1.67.0)
json (~> 1.4)
nokogiri (~> 1)
@ -104,13 +104,14 @@ GEM
mail (> 2.2.5)
mime-types
xml-simple
aws-sigv4 (1.0.3)
aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
axiom-types (0.1.1)
descendants_tracker (~> 0.0.4)
ice_nine (~> 0.11.0)
thread_safe (~> 0.3, >= 0.3.1)
backport (1.1.2)
bcrypt (3.1.12)
bcrypt (3.1.13)
binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1)
bootsnap (1.4.4)
@ -132,10 +133,10 @@ GEM
descendants_tracker (~> 0.0.1)
colorize (0.8.1)
concurrent-ruby (1.1.5)
config (1.7.0)
config (1.7.2)
activesupport (>= 3.0)
deep_merge (~> 1.2.1)
dry-validation (>= 0.10.4)
deep_merge (~> 1.2, >= 1.2.1)
dry-validation (~> 0.12, >= 0.12.2, < 1.0.0)
countries (3.0.0)
i18n_data (~> 0.8.0)
sixarm_ruby_unaccent (~> 1.1)
@ -145,22 +146,22 @@ GEM
crass (1.0.4)
css_parser (1.7.0)
addressable
dalli (2.7.9)
dalli (2.7.10)
dante (0.2.0)
database_cleaner (1.7.0)
debase (0.2.3)
debase (0.2.4)
debase-ruby_core_source (>= 0.10.2)
debase-ruby_core_source (0.10.5)
debug_inspector (0.0.3)
deep_merge (1.2.1)
delayed_job (4.1.5)
delayed_job (4.1.7)
activesupport (>= 3.0, < 5.3)
delayed_job_active_record (4.1.3)
activerecord (>= 3.0, < 5.3)
delayed_job (>= 3.0, < 5)
descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1)
devise (4.5.0)
devise (4.6.2)
bcrypt (~> 3.0)
orm_adapter (~> 0.1)
railties (>= 4.1.0, < 6.0)
@ -170,8 +171,8 @@ GEM
activejob (>= 5.0)
devise (>= 4.0)
diff-lcs (1.3)
docile (1.3.1)
domain_name (0.5.20180417)
docile (1.3.2)
domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0)
dotenv (2.7.5)
dotenv-rails (2.7.5)
@ -183,7 +184,7 @@ GEM
dry-container (0.7.2)
concurrent-ruby (~> 1.0)
dry-configurable (~> 0.1, >= 0.1.3)
dry-core (0.4.8)
dry-core (0.4.9)
concurrent-ruby (~> 1.0)
dry-equalizer (0.2.2)
dry-inflector (0.1.2)
@ -215,7 +216,7 @@ GEM
railties (>= 4.2.0)
faraday (0.11.0)
multipart-post (>= 1.2, < 3)
faraday_middleware (0.13.0)
faraday_middleware (0.13.1)
faraday (>= 0.7.4, < 1.0)
ffi (1.11.1)
font_assets (0.1.14)
@ -226,7 +227,7 @@ GEM
faraday (~> 0.11.0)
faraday_middleware (>= 0.10)
hashie (>= 2.0, < 4.0)
geocoder (1.5.0)
geocoder (1.5.1)
get_process_mem (0.2.4)
ffi (~> 1.0)
globalid (0.4.2)
@ -249,6 +250,8 @@ GEM
grape_logging (1.8.1)
grape
rack
grape_on_rails_routes (0.3.2)
rails (>= 3.1.1)
grape_url_validator (1.0.0)
grape (>= 0.12.0)
hamster (3.0.0)
@ -294,14 +297,14 @@ GEM
mime-types-data (~> 3.2015)
mime-types-data (3.2019.0331)
mimemagic (0.3.3)
mini_magick (4.9.2)
mini_magick (4.9.5)
mini_mime (1.0.2)
mini_portile2 (2.4.0)
minitest (5.11.3)
msgpack (1.3.1)
multi_json (1.13.1)
multi_xml (0.6.0)
multipart-post (2.0.0)
multipart-post (2.1.1)
mustermann (1.0.3)
mustermann-grape (1.0.0)
mustermann (~> 1.0.0)
@ -322,8 +325,11 @@ GEM
pry (0.12.2)
coderay (~> 1.1.0)
method_source (~> 0.9.0)
pry-byebug (3.7.0)
byebug (~> 11.0)
pry (~> 0.10)
public_suffix (3.1.1)
puma (4.0.1)
puma (4.1.0)
nio4r (~> 2.0)
puma_worker_killer (0.1.1)
get_process_mem (~> 0.2)
@ -356,7 +362,7 @@ GEM
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
rails-html-sanitizer (1.0.4)
rails-html-sanitizer (1.2.0)
loofah (~> 2.2, >= 2.2.2)
rails-i18n (5.1.3)
i18n (>= 0.7, < 2)
@ -368,13 +374,13 @@ GEM
rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0)
rainbow (3.0.0)
rake (12.3.2)
rake (12.3.3)
request_store (1.4.1)
rack (>= 1.4)
require_all (2.0.0)
responders (2.4.1)
actionpack (>= 4.2.0, < 6.0)
railties (>= 4.2.0, < 6.0)
responders (3.0.0)
actionpack (>= 5.0)
railties (>= 5.0)
rest-client (2.0.2)
http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0)
@ -391,12 +397,12 @@ GEM
rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0)
rspec-core (3.8.0)
rspec-core (3.8.2)
rspec-support (~> 3.8.0)
rspec-expectations (3.8.2)
rspec-expectations (3.8.4)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-mocks (3.8.0)
rspec-mocks (3.8.1)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0)
rspec-rails (3.8.2)
@ -407,14 +413,16 @@ GEM
rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0)
rspec-support (~> 3.8.0)
rspec-support (3.8.0)
rubocop (0.74.0)
rspec-support (3.8.2)
rubocop (0.72.0)
jaro_winkler (~> 1.5.1)
parallel (~> 1.10)
parser (>= 2.6)
rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 1.7)
rubocop-performance (1.4.1)
rubocop (>= 0.71.0)
ruby-debug-ide (0.7.0)
rake (>= 0.8.1)
ruby-prof (0.15.9)
@ -435,7 +443,7 @@ GEM
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
sixarm_ruby_unaccent (1.2.0)
solargraph (0.35.1)
solargraph (0.35.2)
backport (~> 1.1)
bundler (>= 1.17.2)
htmlentities (~> 4.3, >= 4.3.4)
@ -454,6 +462,9 @@ GEM
actionpack (>= 4.0)
activesupport (>= 4.0)
sprockets (>= 3.0.0)
standard (0.1.2)
rubocop (~> 0.72.0)
rubocop-performance (~> 1.4.0)
stripe (1.58.0)
rest-client (>= 1.4, < 4.0)
table_print (1.5.6)
@ -471,7 +482,7 @@ GEM
execjs (>= 0.3.0, < 3)
unf (0.1.4)
unf_ext
unf_ext (0.0.7.5)
unf_ext (0.0.7.6)
unicode-display_width (1.6.0)
unicode_utils (1.4.0)
virtus (1.0.5)
@ -529,6 +540,7 @@ DEPENDENCIES
grape-swagger-entity (~> 0.3.3)
grape_devise!
grape_logging (~> 1.8, >= 1.8.1)
grape_on_rails_routes (~> 0.3.2)
grape_url_validator (~> 1.0)
hamster (~> 3.0)
heroku-deflater (~> 0.6.3)
@ -543,6 +555,7 @@ DEPENDENCIES
param_validation!
pg (~> 0.11)
pry (~> 0.12.2)
pry-byebug (~> 3.7.0)
puma (~> 4.0, >= 4.0.1)
puma_worker_killer (~> 0.1.1)
qx!
@ -563,6 +576,7 @@ DEPENDENCIES
simplecov (~> 0.16.1)
solargraph (~> 0.35.1)
sprockets (~> 3.7)
standard (~> 0.1.2)
stripe (~> 1.58)
stripe-ruby-mock (~> 2.4.1)!
table_print (~> 1.5, >= 1.5.6)

27
app/api/houdini/v1/base_api.rb
View file

@ -2,31 +2,4 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class Houdini::V1::BaseAPI < Grape::API
# helpers ApplicationHelper
# helpers do
# def session
# env['rack.session']
# end
#
# def protect_against_forgery
# unless verified_request?
# error!('Unauthorized', 401)
# end
# end
#
# def verified_request?
# !protect_against_forgery? || request.get? || request.head? ||
# form_authenticity_token == request.headers['X-CSRF-Token'] ||
# form_authenticity_token == request.headers['X-Csrf-Token']
# end
#
# def form_authenticity_token
# session[:_csrf_token] ||= SecureRandom.base64(32)
# end
#
# def protect_against_forgery?
# allow_forgery_protection = Rails.configuration.action_controller.allow_forgery_protection
# allow_forgery_protection.nil? || allow_forgery_protection
# end
# end
end

35
app/api/houdini/v1/helpers/application_helper.rb
View file

@ -3,39 +3,4 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
module Houdini::V1::Helpers::ApplicationHelper
extend Grape::API::Helpers
def session
env['rack.session']
end
def protect_against_forgery
error!('Unauthorized', 401) unless verified_request?
end
def verified_request?
!protect_against_forgery? || request.get? || request.head? ||
form_authenticity_token == request.headers['X-CSRF-Token'] ||
form_authenticity_token == request.headers['X-Csrf-Token']
end
def form_authenticity_token
session[:_csrf_token] ||= SecureRandom.base64(32)
end
def protect_against_forgery?
allow_forgery_protection = Rails.configuration.action_controller.allow_forgery_protection
allow_forgery_protection.nil? || allow_forgery_protection
end
# def rescue_ar_invalid( *class_to_hash)
# rescue_with ActiveRecord::RecordInvalid do |error|
# output = []
# error.record.errors do |attr,message|
# output.push({params: "#{class_to_hash[error.record.class]}['#{attr}']",
# message: message})
# end
# raise Grape::Exceptions::ValidationErrors.new(output)
#
# end
# end
end

8
app/api/houdini/v1/nonprofit.rb
View file

@ -4,10 +4,6 @@
class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
helpers Houdini::V1::Helpers::ApplicationHelper, Houdini::V1::Helpers::RescueHelper
before do
protect_against_forgery
end
desc 'Return a nonprofit.' do
success Houdini::V1::Entities::Nonprofit
end
@ -16,7 +12,7 @@ class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
end
route_param :id do
get do
np = Nonprofit.find(params[:id])
np = ::Nonprofit.find(params[:id])
present np, as: Houdini::V1::Entities::Nonprofit
end
end
@ -57,7 +53,7 @@ class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
np = nil
u = nil
Qx.transaction do
np = Nonprofit.new(OnboardAccounts.set_nonprofit_defaults(declared_params[:nonprofit]))
np = ::Nonprofit.new(OnboardAccounts.set_nonprofit_defaults(declared_params[:nonprofit]))
begin
np.save!

4
app/assets/stylesheets/boot/editor.css.scss Normal file
View file

@ -0,0 +1,4 @@
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
@import "common/vendor/froala_editor";
@import "common/vendor/quill.bubble";

3
app/assets/stylesheets/boot/editor.css.scss.erb
View file

@ -1,3 +0,0 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
@import 'common/vendor/froala_editor';
@import 'common/vendor/quill.bubble';

23
app/assets/stylesheets/boot/font-awesome.css.scss.erb → app/assets/stylesheets/boot/font-awesome.css.scss
View file

@ -1,15 +1,18 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
/*!
* Font Awesome 4.1.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/
$path: "<%= asset_path('FontAwesome') %>";
@font-face {
font-family: 'FontAwesome';
src: url($path + '/fontawesome-webfont.eot?v=4.1.0');
src: url($path + '/fontawesome-webfont.eot?#iefix&v=4.1.0') format('embedded-opentype'), url($path + '/fontawesome-webfont.woff?v=4.1.0') format('woff'), url($path + '/fontawesome-webfont.ttf?v=4.1.0') format('truetype'), url($path + '/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular') format('svg');
font-family: "FontAwesome";
src: font-url("FontAwesome/fontawesome-webfont.eot?v=4.1.0");
src: font-url("FontAwesome/fontawesome-webfont.eot?#iefix&v=4.1.0")
format("embedded-opentype"),
font-url("FontAwesome/fontawesome-webfont.woff?v=4.1.0") format("woff"),
font-url("FontAwesome/fontawesome-webfont.ttf?v=4.1.0") format("truetype"),
font-url("FontAwesome/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular")
format("svg");
font-weight: normal;
font-style: normal;
}
@ -63,9 +66,9 @@ $path: "<%= asset_path('FontAwesome') %>";
left: -1.85714286em;
}
.fa-border {
padding: .2em .25em .15em;
padding: 0.2em 0.25em 0.15em;
border: solid 0.08em #eeeeee;
border-radius: .1em;
border-radius: 0.1em;
}
.pull-right {
float: right;
@ -74,10 +77,10 @@ $path: "<%= asset_path('FontAwesome') %>";
float: left;
}
.fa.pull-left {
margin-right: .3em;
margin-right: 0.3em;
}
.fa.pull-right {
margin-left: .3em;
margin-left: 0.3em;
}
.fa-spin {
-webkit-animation: spin 2s infinite linear;

79
app/assets/stylesheets/boot/google-webfonts.css.scss Normal file
View file

@ -0,0 +1,79 @@
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
/* Open Sans */
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-regular-webfont.eot");
src: font-url("Open_Sans/opensans-regular-webfont.eot?#iefix"),
format("embedded-opentype"),
font-url("Open_Sans/opensans-regular-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-regular-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-regular-webfont.svg#open_sansregular")
format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-light-webfont.eot");
src: font-url("Open_Sans/opensans-light-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans/opensans-light-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-light-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-light-webfont.svg#open_sanslight")
format("svg");
font-weight: 200;
font-style: normal;
}
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-bold-webfont.eot");
src: font-url("Open_Sans/opensans-bold-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans/opensans-bold-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-bold-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-bold-webfont.svg#open_sansbold") format("svg");
font-weight: bold;
font-style: normal;
}
/* Bitter */
@font-face {
font-family: "OpenSansCondensed";
src: font-url("Open_Sans_Condensed/opensans-condbold-webfont.eot");
src: font-url("Open_Sans_Condensed/opensans-condbold-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.woff")
format("woff"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.ttf")
format("truetype"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.svg") format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Bitter";
src: font-url("Bitter/Bitter-Regular.eot");
src: font-url("Bitter/Bitter-Regular.eot?#iefix") format("embedded-opentype"),
font-url("Bitter/Bitter-Regular.woff") format("woff"),
font-url("Bitter/Bitter-Regular.ttf") format("truetype"),
font-url("Bitter/Bitter-Regular.svg#bitterregular") format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Bitter";
src: font-url("Bitter/Bitter-Bold.eot");
src: font-url("Bitter/Bitter-Bold.eot?#iefix") format("embedded-opentype"),
font-url("Bitter/Bitter-Bold.woff") format("woff"),
font-url("Bitter/Bitter-Bold.ttf") format("truetype"),
font-url("Bitter/Bitter-Bold.svg#bitterbold") format("svg");
font-weight: bold;
font-style: normal;
}

77
app/assets/stylesheets/boot/google-webfonts.css.scss.erb
View file

@ -1,77 +0,0 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
/* Open Sans */
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-regular-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-regular-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.svg#open_sansregular') %>') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-light-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-light-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.svg#open_sanslight') %>') format('svg');
font-weight: 200;
font-style: normal;
}
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-bold-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-bold-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.svg#open_sansbold') %>') format('svg');
font-weight: bold;
font-style: normal;
}
/* Bitter */
$condensed: '<%= asset_path('Open_Sans_Condensed') %>';
@font-face {
font-family: 'OpenSansCondensed';
src: url($condensed + '/opensans-condbold-webfont.eot');
src: url($condensed + '/opensans-condbold-webfont.eot?#iefix') format('embedded-opentype'),
url($condensed + '/opensans-condbold-webfont.woff') format('woff'),
url($condensed + '/opensans-condbold-webfont.ttf') format('truetype'),
url($condensed + '/opensans-condbold-webfont.svg') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Bitter';
src: url('<%= asset_path('Bitter/Bitter-Regular.eot') %>');
src: url('<%= asset_path('Bitter/Bitter-Regular.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Bitter/Bitter-Regular.woff') %>') format('woff'),
url('<%= asset_path('Bitter/Bitter-Regular.ttf') %>') format('truetype'),
url('<%= asset_path('Bitter/Bitter-Regular.svg#bitterregular') %>') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Bitter';
src: url('<%= asset_path('Bitter/Bitter-Bold.eot') %>');
src: url('<%= asset_path('Bitter/Bitter-Bold.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Bitter/Bitter-Bold.woff') %>') format('woff'),
url('<%= asset_path('Bitter/Bitter-Bold.ttf') %>') format('truetype'),
url('<%= asset_path('Bitter/Bitter-Bold.svg#bitterbold') %>') format('svg');
font-weight: bold;
font-style: normal;
}

25
app/assets/stylesheets/boot/streamline-icons.css.scss.erb → app/assets/stylesheets/boot/streamline-icons.css.scss
View file

@ -1,17 +1,16 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
@charset "UTF-8";
$path: "<%= asset_path('Streamline') %>";
@font-face {
font-family: "streamline-30px";
src:url($path + "/streamline-30px.eot");
src:url($path + "/streamline-30px.eot?#iefix") format("embedded-opentype"),
url($path + "/streamline-30px.woff") format("woff"),
url($path + "/streamline-30px.ttf") format("truetype"),
url($path + "/streamline-30px.svg#streamline-30px") format("svg");
font-weight: normal;
font-style: normal;
font-family: "streamline-30px";
src: font-url("Streamline/streamline-30px.eot");
src: font-url("Streamline/streamline-30px.eot?#iefix")
format("embedded-opentype"),
font-url("Streamline/streamline-30px.woff") format("woff"),
font-url("Streamline/streamline-30px.ttf") format("truetype"),
font-url("Streamline/streamline-30px.svg#streamline-30px") format("svg");
font-weight: normal;
font-style: normal;
}
[data-icon]:before {
@ -31,8 +30,8 @@ $path: "<%= asset_path('Streamline') %>";
[class*=" icon-"]:before {
font-family: "streamline-30px" !important;
font-style: normal !important;
font-weight: normal !important;
font-variant: normal !important;
font-weight: normal !important;
font-variant: normal !important;
text-transform: none !important;
speak: none;
line-height: 1;

1
app/controllers/onboard_controller.rb
View file

@ -2,6 +2,7 @@
class OnboardController < ApplicationController
layout 'layouts/apified'
def index
@theme = 'minimal'
end

3
config/application.rb
View file

@ -72,6 +72,9 @@ module Commitchange
end
end
# add fonts to assets pipeline
config.assets.paths << Rails.root.join('app', 'assets', 'fonts')
# Version of your assets, change this If you want to expire all your assets
# config.assets.version = '1.0'

2
config/initializers/session_store.rb
View file

@ -2,4 +2,4 @@
# Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_commitchange_session'
Rails.application.config.session_store :cookie_store, key: ENV['COOKIE_STORE_KEY'] || '_commitchange_session'

51
docs/GETTING_STARTED.MD
View file

@ -6,9 +6,9 @@
You'll need to have in your Mac the following dependencies installed, if you don't want to use the provided Docker containers.
* Ruby `2.5.1`
* Rails `5.0.7.1`
* Node `11.12.0`
- Ruby `2.5.1`
- Rails `5.0.7.1`
- Node `11.12.0`
## Local Config
@ -17,45 +17,47 @@ You'll need to have in your Mac the following dependencies installed, if you don
Instructions for running Development environment using macOS Catalina
### Initial steps
*Dependencies:*
_Dependencies:_
Have a ruby version installed, you can learn more about how to use multiple versions of Ruby installed in your computer with [rbenv](https://github.com/rbenv/rbenv) or [rvm](https://rvm.io).
An instance of PostgresSQL running.
*Setting up secrets:*
_Setting up secrets:_
Run `cp .env.template .env` to copy the provided template file for env variables to create your own.
You'll need to provide a `DEVISE_SECRET_KEY` and `SECRET_TOKEN` which you can obtain by running `bundle exec rake secret`.
Set the following secrets in your `.env` file with your *Stripe account* information.
Set the following secrets in your `.env` file with your _Stripe account_ information.
* `STRIPE_API_KEY` with your Stripe *private* key.
* `STRIPE_API_PUBLIC` with your Stripe *public* key.
- `STRIPE_API_KEY` with your Stripe _private_ key.
- `STRIPE_API_PUBLIC` with your Stripe _public_ key.
The last secrets you'll need are related to AWS. You can learn how to [create an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html) within the AWS Documentation, and to obtain your access and secret key, you can [learn more here](https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/).
* `S3_BUCKET_NAME`
* `AWS_ACCESS_KEY`
* `AWS_SECRET_ACCESS_KEY`
- `S3_BUCKET_NAME`
- `AWS_ACCESS_KEY`
- `AWS_SECRET_ACCESS_KEY`
*Setting up the local database:*
_Setting up the local database:_
Run `rake db:setup` to run all the db tasks within one command. This will create the dbs for each environment, load the `structure.sql`, run pending migrations and will also run the seed functionality.
-------
---
**Known problems**
If you encounter `database doesnt exist in rake db create` after running both `rake db:setup` and `rake db:create`, you'll need to comment out the lines these lines at `pg_type_map.rb`
```
Qx.config(type_map: PG::BasicTypeMapForResults.new(ActiveRecord::Base.connection.raw_connection))
Qx.execute("SET TIME ZONE utc")
```
### How to run
You'll need 2 consoles to run the project. One for the rails env and another one to run the asset pipeline through [webpack](https://webpack.js.org) , since it's *not incorporated yet* into the rails asset pipeline.
You'll need 2 consoles to run the project. One for the rails env and another one to run the asset pipeline through [webpack](https://webpack.js.org) , since it's _not incorporated yet_ into the rails asset pipeline.
```bash
# Console one (1)
@ -80,3 +82,22 @@ npx webpack --watch
---
Run `bundle exec rspec` to run test suite.
## Formatting
We are using [Standard](https://github.com/testdouble/standard) that is a wrapper on top of Rubocop with a predefined set of Rules. If you use VS Code you will want to install [vscode-ruby](https://marketplace.visualstudio.com/items?itemName=rebornix.Ruby) extension and enable formatting on save.
To enable formatting on save add these lines to your `settings.json`.
```json
{
"[ruby]": {
"editor.formatOnSave": true
},
"ruby.lint": {
"rubocop": true
},
"ruby.format": "rubocop",
"editor.formatOnSaveTimeout": 5000
}
```

41
package-lock.json generated
View file

@ -10583,8 +10583,7 @@
"ansi-regex": {
"version": "2.1.1",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"aproba": {
"version": "1.2.0",
@ -10605,14 +10604,12 @@
"balanced-match": {
"version": "1.0.0",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"brace-expansion": {
"version": "1.1.11",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"balanced-match": "^1.0.0",
"concat-map": "0.0.1"
@ -10627,20 +10624,17 @@
"code-point-at": {
"version": "1.1.0",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"concat-map": {
"version": "0.0.1",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"console-control-strings": {
"version": "1.1.0",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"core-util-is": {
"version": "1.0.2",
@ -10757,8 +10751,7 @@
"inherits": {
"version": "2.0.3",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"ini": {
"version": "1.3.5",
@ -10770,7 +10763,6 @@
"version": "1.0.0",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"number-is-nan": "^1.0.0"
}
@ -10785,7 +10777,6 @@
"version": "3.0.4",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"brace-expansion": "^1.1.7"
}
@ -10793,14 +10784,12 @@
"minimist": {
"version": "0.0.8",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"minipass": {
"version": "2.3.5",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"safe-buffer": "^5.1.2",
"yallist": "^3.0.0"
@ -10819,7 +10808,6 @@
"version": "0.5.1",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"minimist": "0.0.8"
}
@ -10900,8 +10888,7 @@
"number-is-nan": {
"version": "1.0.1",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"object-assign": {
"version": "4.1.1",
@ -10913,7 +10900,6 @@
"version": "1.4.0",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"wrappy": "1"
}
@ -10999,8 +10985,7 @@
"safe-buffer": {
"version": "5.1.2",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"safer-buffer": {
"version": "2.1.2",
@ -11036,7 +11021,6 @@
"version": "1.0.2",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0",
@ -11056,7 +11040,6 @@
"version": "3.0.1",
"bundled": true,
"dev": true,
"optional": true,
"requires": {
"ansi-regex": "^2.0.0"
}
@ -11100,14 +11083,12 @@
"wrappy": {
"version": "1.0.2",
"bundled": true,
"dev": true,
"optional": true
"dev": true
},
"yallist": {
"version": "3.0.3",
"bundled": true,
"dev": true,
"optional": true
"dev": true
}
}
},

2
spec/api/houdini/nonprofit_spec.rb
View file

@ -54,7 +54,7 @@ describe Houdini::V1::Nonprofit, type: :request do
it 'rejects csrf' do
post '/api/v1/nonprofit', params: {}, xhr: true
expect(response.code).to eq '401'
expect(response.code).to eq '400'
end
end