NPO-Accounting/houdini
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #25 from debtcollective/od/csrf

Browse source 
Remove CSRF implementation from Grape
This commit is contained in:
Luis Castro 2019-08-12 13:50:44 +02:00 committed by GitHub
commit 068b741dbc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 225 additions and 260 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Gemfile
View file

@ -22,7 +22,6 @@ gem 'ffi', '~> 1.11', '>= 1.11.1'
gem 'httparty', '~> 0.17.0' # https://github.com/jnunemaker/httparty gem 'httparty', '~> 0.17.0' # https://github.com/jnunemaker/httparty
gem 'rack-attack', '~> 5.2' # for blocking ip addressses gem 'rack-attack', '~> 5.2' # for blocking ip addressses
gem 'rack-ssl', '~> 1.4' gem 'rack-ssl', '~> 1.4'
gem 'rack-timeout', '~> 0.5.1'
gem 'sprockets', '~> 3.7' gem 'sprockets', '~> 3.7'
# AWS services # AWS services
@ -42,7 +41,7 @@ gem 'i18n-js', '~> 3.3'
gem 'lograge', '~> 0.11.2' # make logging less terrible in rails gem 'lograge', '~> 0.11.2' # make logging less terrible in rails
gem 'nearest_time_zone', '~> 0.0.4' # for detecting timezone from lat/lng https://github.com/buytruckload/nearest_time_zone gem 'nearest_time_zone', '~> 0.0.4' # for detecting timezone from lat/lng https://github.com/buytruckload/nearest_time_zone
gem 'rails-i18n', '~> 5.1', '>= 5.1.3' gem 'rails-i18n', '~> 5.1', '>= 5.1.3'
gem 'roadie-rails', '~> 2.1' # email generation helpers gem 'roadie-rails', '~> 2.1' # email generation helpers
gem 'table_print', '~> 1.5', '>= 1.5.6' # Nice table printing of data for the console gem 'table_print', '~> 1.5', '>= 1.5.6' # Nice table printing of data for the console
# Database and Events # Database and Events
@ -75,6 +74,10 @@ gem 'grape-swagger-entity', '~> 0.3.3'
gem 'grape-swagger', '~> 0.33.0' gem 'grape-swagger', '~> 0.33.0'
gem 'grape', '~> 1.2', '>= 1.2.4' gem 'grape', '~> 1.2', '>= 1.2.4'
group :development do
gem 'grape_on_rails_routes', '~> 0.3.2'
end
group :development, :ci do group :development, :ci do
gem 'debase', '~> 0.2.3' gem 'debase', '~> 0.2.3'
gem 'ruby-debug-ide', '~> 0.7.0' gem 'ruby-debug-ide', '~> 0.7.0'
@ -87,8 +90,10 @@ group :development, :ci, :test do
gem 'dotenv-rails', '~> 2.7', '>= 2.7.5' gem 'dotenv-rails', '~> 2.7', '>= 2.7.5'
gem 'mail_view', '~> 2.0' gem 'mail_view', '~> 2.0'
gem 'pry', '~> 0.12.2' gem 'pry', '~> 0.12.2'
gem 'pry-byebug', '~> 3.7.0'
gem 'ruby-prof', '0.15.9' gem 'ruby-prof', '0.15.9'
gem 'solargraph', '~> 0.35.1' gem 'solargraph', '~> 0.35.1'
gem 'standard', '~> 0.1.2'
end end
group :ci, :test do group :ci, :test do
@ -109,4 +114,5 @@ group :production do
# Compression of assets on heroku # Compression of assets on heroku
# https://github.com/romanbsd/heroku-deflater # https://github.com/romanbsd/heroku-deflater
gem 'heroku-deflater', '~> 0.6.3' gem 'heroku-deflater', '~> 0.6.3'
gem 'rack-timeout', '~> 0.5.1'
end end

94
Gemfile.lock
View file

@ -80,22 +80,22 @@ GEM
andand (1.3.3) andand (1.3.3)
arel (9.0.0) arel (9.0.0)
ast (2.4.0) ast (2.4.0)
aws-eventstream (1.0.1) aws-eventstream (1.0.3)
aws-partitions (1.110.0) aws-partitions (1.198.0)
aws-sdk (1.67.0) aws-sdk (1.67.0)
aws-sdk-v1 (= 1.67.0) aws-sdk-v1 (= 1.67.0)
aws-sdk-core (3.37.0) aws-sdk-core (3.62.0)
aws-eventstream (~> 1.0) aws-eventstream (~> 1.0, >= 1.0.2)
aws-partitions (~> 1.0) aws-partitions (~> 1.0)
aws-sigv4 (~> 1.0) aws-sigv4 (~> 1.1)
jmespath (~> 1.0) jmespath (~> 1.0)
aws-sdk-kms (1.11.0) aws-sdk-kms (1.24.0)
aws-sdk-core (~> 3, >= 3.26.0) aws-sdk-core (~> 3, >= 3.61.1)
aws-sigv4 (~> 1.0) aws-sigv4 (~> 1.1)
aws-sdk-s3 (1.23.1) aws-sdk-s3 (1.46.0)
aws-sdk-core (~> 3, >= 3.26.0) aws-sdk-core (~> 3, >= 3.61.1)
aws-sdk-kms (~> 1) aws-sdk-kms (~> 1)
aws-sigv4 (~> 1.0) aws-sigv4 (~> 1.1)
aws-sdk-v1 (1.67.0) aws-sdk-v1 (1.67.0)
json (~> 1.4) json (~> 1.4)
nokogiri (~> 1) nokogiri (~> 1)
@ -104,13 +104,14 @@ GEM
mail (> 2.2.5) mail (> 2.2.5)
mime-types mime-types
xml-simple xml-simple
aws-sigv4 (1.0.3) aws-sigv4 (1.1.0)
aws-eventstream (~> 1.0, >= 1.0.2)
axiom-types (0.1.1) axiom-types (0.1.1)
descendants_tracker (~> 0.0.4) descendants_tracker (~> 0.0.4)
ice_nine (~> 0.11.0) ice_nine (~> 0.11.0)
thread_safe (~> 0.3, >= 0.3.1) thread_safe (~> 0.3, >= 0.3.1)
backport (1.1.2) backport (1.1.2)
bcrypt (3.1.12) bcrypt (3.1.13)
binding_of_caller (0.8.0) binding_of_caller (0.8.0)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
bootsnap (1.4.4) bootsnap (1.4.4)
@ -132,10 +133,10 @@ GEM
descendants_tracker (~> 0.0.1) descendants_tracker (~> 0.0.1)
colorize (0.8.1) colorize (0.8.1)
concurrent-ruby (1.1.5) concurrent-ruby (1.1.5)
config (1.7.0) config (1.7.2)
activesupport (>= 3.0) activesupport (>= 3.0)
deep_merge (~> 1.2.1) deep_merge (~> 1.2, >= 1.2.1)
dry-validation (>= 0.10.4) dry-validation (~> 0.12, >= 0.12.2, < 1.0.0)
countries (3.0.0) countries (3.0.0)
i18n_data (~> 0.8.0) i18n_data (~> 0.8.0)
sixarm_ruby_unaccent (~> 1.1) sixarm_ruby_unaccent (~> 1.1)
@ -145,22 +146,22 @@ GEM
crass (1.0.4) crass (1.0.4)
css_parser (1.7.0) css_parser (1.7.0)
addressable addressable
dalli (2.7.9) dalli (2.7.10)
dante (0.2.0) dante (0.2.0)
database_cleaner (1.7.0) database_cleaner (1.7.0)
debase (0.2.3) debase (0.2.4)
debase-ruby_core_source (>= 0.10.2) debase-ruby_core_source (>= 0.10.2)
debase-ruby_core_source (0.10.5) debase-ruby_core_source (0.10.5)
debug_inspector (0.0.3) debug_inspector (0.0.3)
deep_merge (1.2.1) deep_merge (1.2.1)
delayed_job (4.1.5) delayed_job (4.1.7)
activesupport (>= 3.0, < 5.3) activesupport (>= 3.0, < 5.3)
delayed_job_active_record (4.1.3) delayed_job_active_record (4.1.3)
activerecord (>= 3.0, < 5.3) activerecord (>= 3.0, < 5.3)
delayed_job (>= 3.0, < 5) delayed_job (>= 3.0, < 5)
descendants_tracker (0.0.4) descendants_tracker (0.0.4)
thread_safe (~> 0.3, >= 0.3.1) thread_safe (~> 0.3, >= 0.3.1)
devise (4.5.0) devise (4.6.2)
bcrypt (~> 3.0) bcrypt (~> 3.0)
orm_adapter (~> 0.1) orm_adapter (~> 0.1)
railties (>= 4.1.0, < 6.0) railties (>= 4.1.0, < 6.0)
@ -170,8 +171,8 @@ GEM
activejob (>= 5.0) activejob (>= 5.0)
devise (>= 4.0) devise (>= 4.0)
diff-lcs (1.3) diff-lcs (1.3)
docile (1.3.1) docile (1.3.2)
domain_name (0.5.20180417) domain_name (0.5.20190701)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
dotenv (2.7.5) dotenv (2.7.5)
dotenv-rails (2.7.5) dotenv-rails (2.7.5)
@ -183,7 +184,7 @@ GEM
dry-container (0.7.2) dry-container (0.7.2)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
dry-configurable (~> 0.1, >= 0.1.3) dry-configurable (~> 0.1, >= 0.1.3)
dry-core (0.4.8) dry-core (0.4.9)
concurrent-ruby (~> 1.0) concurrent-ruby (~> 1.0)
dry-equalizer (0.2.2) dry-equalizer (0.2.2)
dry-inflector (0.1.2) dry-inflector (0.1.2)
@ -215,7 +216,7 @@ GEM
railties (>= 4.2.0) railties (>= 4.2.0)
faraday (0.11.0) faraday (0.11.0)
multipart-post (>= 1.2, < 3) multipart-post (>= 1.2, < 3)
faraday_middleware (0.13.0) faraday_middleware (0.13.1)
faraday (>= 0.7.4, < 1.0) faraday (>= 0.7.4, < 1.0)
ffi (1.11.1) ffi (1.11.1)
font_assets (0.1.14) font_assets (0.1.14)
@ -226,7 +227,7 @@ GEM
faraday (~> 0.11.0) faraday (~> 0.11.0)
faraday_middleware (>= 0.10) faraday_middleware (>= 0.10)
hashie (>= 2.0, < 4.0) hashie (>= 2.0, < 4.0)
geocoder (1.5.0) geocoder (1.5.1)
get_process_mem (0.2.4) get_process_mem (0.2.4)
ffi (~> 1.0) ffi (~> 1.0)
globalid (0.4.2) globalid (0.4.2)
@ -249,6 +250,8 @@ GEM
grape_logging (1.8.1) grape_logging (1.8.1)
grape grape
rack rack
grape_on_rails_routes (0.3.2)
rails (>= 3.1.1)
grape_url_validator (1.0.0) grape_url_validator (1.0.0)
grape (>= 0.12.0) grape (>= 0.12.0)
hamster (3.0.0) hamster (3.0.0)
@ -294,14 +297,14 @@ GEM
mime-types-data (~> 3.2015) mime-types-data (~> 3.2015)
mime-types-data (3.2019.0331) mime-types-data (3.2019.0331)
mimemagic (0.3.3) mimemagic (0.3.3)
mini_magick (4.9.2) mini_magick (4.9.5)
mini_mime (1.0.2) mini_mime (1.0.2)
mini_portile2 (2.4.0) mini_portile2 (2.4.0)
minitest (5.11.3) minitest (5.11.3)
msgpack (1.3.1) msgpack (1.3.1)
multi_json (1.13.1) multi_json (1.13.1)
multi_xml (0.6.0) multi_xml (0.6.0)
multipart-post (2.0.0) multipart-post (2.1.1)
mustermann (1.0.3) mustermann (1.0.3)
mustermann-grape (1.0.0) mustermann-grape (1.0.0)
mustermann (~> 1.0.0) mustermann (~> 1.0.0)
@ -322,8 +325,11 @@ GEM
pry (0.12.2) pry (0.12.2)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.9.0) method_source (~> 0.9.0)
pry-byebug (3.7.0)
byebug (~> 11.0)
pry (~> 0.10)
public_suffix (3.1.1) public_suffix (3.1.1)
puma (4.0.1) puma (4.1.0)
nio4r (~> 2.0) nio4r (~> 2.0)
puma_worker_killer (0.1.1) puma_worker_killer (0.1.1)
get_process_mem (~> 0.2) get_process_mem (~> 0.2)
@ -356,7 +362,7 @@ GEM
rails-dom-testing (2.0.3) rails-dom-testing (2.0.3)
activesupport (>= 4.2.0) activesupport (>= 4.2.0)
nokogiri (>= 1.6) nokogiri (>= 1.6)
rails-html-sanitizer (1.0.4) rails-html-sanitizer (1.2.0)
loofah (~> 2.2, >= 2.2.2) loofah (~> 2.2, >= 2.2.2)
rails-i18n (5.1.3) rails-i18n (5.1.3)
i18n (>= 0.7, < 2) i18n (>= 0.7, < 2)
@ -368,13 +374,13 @@ GEM
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.19.0, < 2.0) thor (>= 0.19.0, < 2.0)
rainbow (3.0.0) rainbow (3.0.0)
rake (12.3.2) rake (12.3.3)
request_store (1.4.1) request_store (1.4.1)
rack (>= 1.4) rack (>= 1.4)
require_all (2.0.0) require_all (2.0.0)
responders (2.4.1) responders (3.0.0)
actionpack (>= 4.2.0, < 6.0) actionpack (>= 5.0)
railties (>= 4.2.0, < 6.0) railties (>= 5.0)
rest-client (2.0.2) rest-client (2.0.2)
http-cookie (>= 1.0.2, < 2.0) http-cookie (>= 1.0.2, < 2.0)
mime-types (>= 1.16, < 4.0) mime-types (>= 1.16, < 4.0)
@ -391,12 +397,12 @@ GEM
rspec-core (~> 3.8.0) rspec-core (~> 3.8.0)
rspec-expectations (~> 3.8.0) rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0) rspec-mocks (~> 3.8.0)
rspec-core (3.8.0) rspec-core (3.8.2)
rspec-support (~> 3.8.0) rspec-support (~> 3.8.0)
rspec-expectations (3.8.2) rspec-expectations (3.8.4)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0) rspec-support (~> 3.8.0)
rspec-mocks (3.8.0) rspec-mocks (3.8.1)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.8.0) rspec-support (~> 3.8.0)
rspec-rails (3.8.2) rspec-rails (3.8.2)
@ -407,14 +413,16 @@ GEM
rspec-expectations (~> 3.8.0) rspec-expectations (~> 3.8.0)
rspec-mocks (~> 3.8.0) rspec-mocks (~> 3.8.0)
rspec-support (~> 3.8.0) rspec-support (~> 3.8.0)
rspec-support (3.8.0) rspec-support (3.8.2)
rubocop (0.74.0) rubocop (0.72.0)
jaro_winkler (~> 1.5.1) jaro_winkler (~> 1.5.1)
parallel (~> 1.10) parallel (~> 1.10)
parser (>= 2.6) parser (>= 2.6)
rainbow (>= 2.2.2, < 4.0) rainbow (>= 2.2.2, < 4.0)
ruby-progressbar (~> 1.7) ruby-progressbar (~> 1.7)
unicode-display_width (>= 1.4.0, < 1.7) unicode-display_width (>= 1.4.0, < 1.7)
rubocop-performance (1.4.1)
rubocop (>= 0.71.0)
ruby-debug-ide (0.7.0) ruby-debug-ide (0.7.0)
rake (>= 0.8.1) rake (>= 0.8.1)
ruby-prof (0.15.9) ruby-prof (0.15.9)
@ -435,7 +443,7 @@ GEM
simplecov-html (~> 0.10.0) simplecov-html (~> 0.10.0)
simplecov-html (0.10.2) simplecov-html (0.10.2)
sixarm_ruby_unaccent (1.2.0) sixarm_ruby_unaccent (1.2.0)
solargraph (0.35.1) solargraph (0.35.2)
backport (~> 1.1) backport (~> 1.1)
bundler (>= 1.17.2) bundler (>= 1.17.2)
htmlentities (~> 4.3, >= 4.3.4) htmlentities (~> 4.3, >= 4.3.4)
@ -454,6 +462,9 @@ GEM
actionpack (>= 4.0) actionpack (>= 4.0)
activesupport (>= 4.0) activesupport (>= 4.0)
sprockets (>= 3.0.0) sprockets (>= 3.0.0)
standard (0.1.2)
rubocop (~> 0.72.0)
rubocop-performance (~> 1.4.0)
stripe (1.58.0) stripe (1.58.0)
rest-client (>= 1.4, < 4.0) rest-client (>= 1.4, < 4.0)
table_print (1.5.6) table_print (1.5.6)
@ -471,7 +482,7 @@ GEM
execjs (>= 0.3.0, < 3) execjs (>= 0.3.0, < 3)
unf (0.1.4) unf (0.1.4)
unf_ext unf_ext
unf_ext (0.0.7.5) unf_ext (0.0.7.6)
unicode-display_width (1.6.0) unicode-display_width (1.6.0)
unicode_utils (1.4.0) unicode_utils (1.4.0)
virtus (1.0.5) virtus (1.0.5)
@ -529,6 +540,7 @@ DEPENDENCIES
grape-swagger-entity (~> 0.3.3) grape-swagger-entity (~> 0.3.3)
grape_devise! grape_devise!
grape_logging (~> 1.8, >= 1.8.1) grape_logging (~> 1.8, >= 1.8.1)
grape_on_rails_routes (~> 0.3.2)
grape_url_validator (~> 1.0) grape_url_validator (~> 1.0)
hamster (~> 3.0) hamster (~> 3.0)
heroku-deflater (~> 0.6.3) heroku-deflater (~> 0.6.3)
@ -543,6 +555,7 @@ DEPENDENCIES
param_validation! param_validation!
pg (~> 0.11) pg (~> 0.11)
pry (~> 0.12.2) pry (~> 0.12.2)
pry-byebug (~> 3.7.0)
puma (~> 4.0, >= 4.0.1) puma (~> 4.0, >= 4.0.1)
puma_worker_killer (~> 0.1.1) puma_worker_killer (~> 0.1.1)
qx! qx!
@ -563,6 +576,7 @@ DEPENDENCIES
simplecov (~> 0.16.1) simplecov (~> 0.16.1)
solargraph (~> 0.35.1) solargraph (~> 0.35.1)
sprockets (~> 3.7) sprockets (~> 3.7)
standard (~> 0.1.2)
stripe (~> 1.58) stripe (~> 1.58)
stripe-ruby-mock (~> 2.4.1)! stripe-ruby-mock (~> 2.4.1)!
table_print (~> 1.5, >= 1.5.6) table_print (~> 1.5, >= 1.5.6)

27
app/api/houdini/v1/base_api.rb
View file

@ -2,31 +2,4 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
class Houdini::V1::BaseAPI < Grape::API class Houdini::V1::BaseAPI < Grape::API
# helpers ApplicationHelper
# helpers do
# def session
# env['rack.session']
# end
#
# def protect_against_forgery
# unless verified_request?
# error!('Unauthorized', 401)
# end
# end
#
# def verified_request?
# !protect_against_forgery? || request.get? || request.head? ||
# form_authenticity_token == request.headers['X-CSRF-Token'] ||
# form_authenticity_token == request.headers['X-Csrf-Token']
# end
#
# def form_authenticity_token
# session[:_csrf_token] ||= SecureRandom.base64(32)
# end
#
# def protect_against_forgery?
# allow_forgery_protection = Rails.configuration.action_controller.allow_forgery_protection
# allow_forgery_protection.nil? || allow_forgery_protection
# end
# end
end end

35
app/api/houdini/v1/helpers/application_helper.rb
View file

@ -3,39 +3,4 @@
# License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
module Houdini::V1::Helpers::ApplicationHelper module Houdini::V1::Helpers::ApplicationHelper
extend Grape::API::Helpers extend Grape::API::Helpers
def session
env['rack.session']
end
def protect_against_forgery
error!('Unauthorized', 401) unless verified_request?
end
def verified_request?
!protect_against_forgery? || request.get? || request.head? ||
form_authenticity_token == request.headers['X-CSRF-Token'] ||
form_authenticity_token == request.headers['X-Csrf-Token']
end
def form_authenticity_token
session[:_csrf_token] ||= SecureRandom.base64(32)
end
def protect_against_forgery?
allow_forgery_protection = Rails.configuration.action_controller.allow_forgery_protection
allow_forgery_protection.nil? || allow_forgery_protection
end
# def rescue_ar_invalid( *class_to_hash)
# rescue_with ActiveRecord::RecordInvalid do |error|
# output = []
# error.record.errors do |attr,message|
# output.push({params: "#{class_to_hash[error.record.class]}['#{attr}']",
# message: message})
# end
# raise Grape::Exceptions::ValidationErrors.new(output)
#
# end
# end
end end

8
app/api/houdini/v1/nonprofit.rb
View file

@ -4,10 +4,6 @@
class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
helpers Houdini::V1::Helpers::ApplicationHelper, Houdini::V1::Helpers::RescueHelper helpers Houdini::V1::Helpers::ApplicationHelper, Houdini::V1::Helpers::RescueHelper
before do
protect_against_forgery
end
desc 'Return a nonprofit.' do desc 'Return a nonprofit.' do
success Houdini::V1::Entities::Nonprofit success Houdini::V1::Entities::Nonprofit
end end
@ -16,7 +12,7 @@ class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
end end
route_param :id do route_param :id do
get do get do
np = Nonprofit.find(params[:id]) np = ::Nonprofit.find(params[:id])
present np, as: Houdini::V1::Entities::Nonprofit present np, as: Houdini::V1::Entities::Nonprofit
end end
end end
@ -57,7 +53,7 @@ class Houdini::V1::Nonprofit < Houdini::V1::BaseAPI
np = nil np = nil
u = nil u = nil
Qx.transaction do Qx.transaction do
np = Nonprofit.new(OnboardAccounts.set_nonprofit_defaults(declared_params[:nonprofit])) np = ::Nonprofit.new(OnboardAccounts.set_nonprofit_defaults(declared_params[:nonprofit]))
begin begin
np.save! np.save!

4
app/assets/stylesheets/boot/editor.css.scss Normal file
View file

@ -0,0 +1,4 @@
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
@import "common/vendor/froala_editor";
@import "common/vendor/quill.bubble";

3
app/assets/stylesheets/boot/editor.css.scss.erb
View file

@ -1,3 +0,0 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
@import 'common/vendor/froala_editor';
@import 'common/vendor/quill.bubble';

23
app/assets/stylesheets/boot/font-awesome.css.scss.erb → app/assets/stylesheets/boot/font-awesome.css.scss
View file

@ -1,15 +1,18 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %> // License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
/*! /*!
* Font Awesome 4.1.0 by @davegandy - http://fontawesome.io - @fontawesome * Font Awesome 4.1.0 by @davegandy - http://fontawesome.io - @fontawesome
* License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License)
*/ */
$path: "<%= asset_path('FontAwesome') %>";
@font-face { @font-face {
font-family: 'FontAwesome'; font-family: "FontAwesome";
src: url($path + '/fontawesome-webfont.eot?v=4.1.0'); src: font-url("FontAwesome/fontawesome-webfont.eot?v=4.1.0");
src: url($path + '/fontawesome-webfont.eot?#iefix&v=4.1.0') format('embedded-opentype'), url($path + '/fontawesome-webfont.woff?v=4.1.0') format('woff'), url($path + '/fontawesome-webfont.ttf?v=4.1.0') format('truetype'), url($path + '/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular') format('svg'); src: font-url("FontAwesome/fontawesome-webfont.eot?#iefix&v=4.1.0")
format("embedded-opentype"),
font-url("FontAwesome/fontawesome-webfont.woff?v=4.1.0") format("woff"),
font-url("FontAwesome/fontawesome-webfont.ttf?v=4.1.0") format("truetype"),
font-url("FontAwesome/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular")
format("svg");
font-weight: normal; font-weight: normal;
font-style: normal; font-style: normal;
} }
@ -63,9 +66,9 @@ $path: "<%= asset_path('FontAwesome') %>";
left: -1.85714286em; left: -1.85714286em;
} }
.fa-border { .fa-border {
padding: .2em .25em .15em; padding: 0.2em 0.25em 0.15em;
border: solid 0.08em #eeeeee; border: solid 0.08em #eeeeee;
border-radius: .1em; border-radius: 0.1em;
} }
.pull-right { .pull-right {
float: right; float: right;
@ -74,10 +77,10 @@ $path: "<%= asset_path('FontAwesome') %>";
float: left; float: left;
} }
.fa.pull-left { .fa.pull-left {
margin-right: .3em; margin-right: 0.3em;
} }
.fa.pull-right { .fa.pull-right {
margin-left: .3em; margin-left: 0.3em;
} }
.fa-spin { .fa-spin {
-webkit-animation: spin 2s infinite linear; -webkit-animation: spin 2s infinite linear;

79
app/assets/stylesheets/boot/google-webfonts.css.scss Normal file
View file

@ -0,0 +1,79 @@
// License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
/* Open Sans */
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-regular-webfont.eot");
src: font-url("Open_Sans/opensans-regular-webfont.eot?#iefix"),
format("embedded-opentype"),
font-url("Open_Sans/opensans-regular-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-regular-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-regular-webfont.svg#open_sansregular")
format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-light-webfont.eot");
src: font-url("Open_Sans/opensans-light-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans/opensans-light-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-light-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-light-webfont.svg#open_sanslight")
format("svg");
font-weight: 200;
font-style: normal;
}
@font-face {
font-family: "Open Sans";
src: font-url("Open_Sans/opensans-bold-webfont.eot");
src: font-url("Open_Sans/opensans-bold-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans/opensans-bold-webfont.woff") format("woff"),
font-url("Open_Sans/opensans-bold-webfont.ttf") format("truetype"),
font-url("Open_Sans/opensans-bold-webfont.svg#open_sansbold") format("svg");
font-weight: bold;
font-style: normal;
}
/* Bitter */
@font-face {
font-family: "OpenSansCondensed";
src: font-url("Open_Sans_Condensed/opensans-condbold-webfont.eot");
src: font-url("Open_Sans_Condensed/opensans-condbold-webfont.eot?#iefix")
format("embedded-opentype"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.woff")
format("woff"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.ttf")
format("truetype"),
font-url("Open_Sans_Condensed/opensans-condbold-webfont.svg") format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Bitter";
src: font-url("Bitter/Bitter-Regular.eot");
src: font-url("Bitter/Bitter-Regular.eot?#iefix") format("embedded-opentype"),
font-url("Bitter/Bitter-Regular.woff") format("woff"),
font-url("Bitter/Bitter-Regular.ttf") format("truetype"),
font-url("Bitter/Bitter-Regular.svg#bitterregular") format("svg");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Bitter";
src: font-url("Bitter/Bitter-Bold.eot");
src: font-url("Bitter/Bitter-Bold.eot?#iefix") format("embedded-opentype"),
font-url("Bitter/Bitter-Bold.woff") format("woff"),
font-url("Bitter/Bitter-Bold.ttf") format("truetype"),
font-url("Bitter/Bitter-Bold.svg#bitterbold") format("svg");
font-weight: bold;
font-style: normal;
}

77
app/assets/stylesheets/boot/google-webfonts.css.scss.erb
View file

@ -1,77 +0,0 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %>
/* Open Sans */
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-regular-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-regular-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-regular-webfont.svg#open_sansregular') %>') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-light-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-light-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-light-webfont.svg#open_sanslight') %>') format('svg');
font-weight: 200;
font-style: normal;
}
@font-face {
font-family: 'Open Sans';
src: url('<%= asset_path('Open_Sans/opensans-bold-webfont.eot') %>');
src: url('<%= asset_path('Open_Sans/opensans-bold-webfont.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.woff') %>') format('woff'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.ttf') %>') format('truetype'),
url('<%= asset_path('Open_Sans/opensans-bold-webfont.svg#open_sansbold') %>') format('svg');
font-weight: bold;
font-style: normal;
}
/* Bitter */
$condensed: '<%= asset_path('Open_Sans_Condensed') %>';
@font-face {
font-family: 'OpenSansCondensed';
src: url($condensed + '/opensans-condbold-webfont.eot');
src: url($condensed + '/opensans-condbold-webfont.eot?#iefix') format('embedded-opentype'),
url($condensed + '/opensans-condbold-webfont.woff') format('woff'),
url($condensed + '/opensans-condbold-webfont.ttf') format('truetype'),
url($condensed + '/opensans-condbold-webfont.svg') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Bitter';
src: url('<%= asset_path('Bitter/Bitter-Regular.eot') %>');
src: url('<%= asset_path('Bitter/Bitter-Regular.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Bitter/Bitter-Regular.woff') %>') format('woff'),
url('<%= asset_path('Bitter/Bitter-Regular.ttf') %>') format('truetype'),
url('<%= asset_path('Bitter/Bitter-Regular.svg#bitterregular') %>') format('svg');
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: 'Bitter';
src: url('<%= asset_path('Bitter/Bitter-Bold.eot') %>');
src: url('<%= asset_path('Bitter/Bitter-Bold.eot?#iefix') %>') format('embedded-opentype'),
url('<%= asset_path('Bitter/Bitter-Bold.woff') %>') format('woff'),
url('<%= asset_path('Bitter/Bitter-Bold.ttf') %>') format('truetype'),
url('<%= asset_path('Bitter/Bitter-Bold.svg#bitterbold') %>') format('svg');
font-weight: bold;
font-style: normal;
}

25
app/assets/stylesheets/boot/streamline-icons.css.scss.erb → app/assets/stylesheets/boot/streamline-icons.css.scss
View file

@ -1,17 +1,16 @@
<% # License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later %> // License: AGPL-3.0-or-later WITH Web-Template-Output-Additional-Permission-3.0-or-later
@charset "UTF-8"; @charset "UTF-8";
$path: "<%= asset_path('Streamline') %>";
@font-face { @font-face {
font-family: "streamline-30px"; font-family: "streamline-30px";
src:url($path + "/streamline-30px.eot"); src: font-url("Streamline/streamline-30px.eot");
src:url($path + "/streamline-30px.eot?#iefix") format("embedded-opentype"), src: font-url("Streamline/streamline-30px.eot?#iefix")
url($path + "/streamline-30px.woff") format("woff"), format("embedded-opentype"),
url($path + "/streamline-30px.ttf") format("truetype"), font-url("Streamline/streamline-30px.woff") format("woff"),
url($path + "/streamline-30px.svg#streamline-30px") format("svg"); font-url("Streamline/streamline-30px.ttf") format("truetype"),
font-weight: normal; font-url("Streamline/streamline-30px.svg#streamline-30px") format("svg");
font-style: normal; font-weight: normal;
font-style: normal;
} }
[data-icon]:before { [data-icon]:before {
@ -31,8 +30,8 @@ $path: "<%= asset_path('Streamline') %>";
[class*=" icon-"]:before { [class*=" icon-"]:before {
font-family: "streamline-30px" !important; font-family: "streamline-30px" !important;
font-style: normal !important; font-style: normal !important;
font-weight: normal !important; font-weight: normal !important;
font-variant: normal !important; font-variant: normal !important;
text-transform: none !important; text-transform: none !important;
speak: none; speak: none;
line-height: 1; line-height: 1;

1
app/controllers/onboard_controller.rb
View file

@ -2,6 +2,7 @@
class OnboardController < ApplicationController class OnboardController < ApplicationController
layout 'layouts/apified' layout 'layouts/apified'
def index def index
@theme = 'minimal' @theme = 'minimal'
end end

3
config/application.rb
View file

@ -72,6 +72,9 @@ module Commitchange
end end
end end
# add fonts to assets pipeline
config.assets.paths << Rails.root.join('app', 'assets', 'fonts')
# Version of your assets, change this If you want to expire all your assets # Version of your assets, change this If you want to expire all your assets
# config.assets.version = '1.0' # config.assets.version = '1.0'

2
config/initializers/session_store.rb
View file

@ -2,4 +2,4 @@
# Be sure to restart your server when you modify this file. # Be sure to restart your server when you modify this file.
Rails.application.config.session_store :cookie_store, key: '_commitchange_session' Rails.application.config.session_store :cookie_store, key: ENV['COOKIE_STORE_KEY'] || '_commitchange_session'

51
docs/GETTING_STARTED.MD
View file

@ -6,9 +6,9 @@
You'll need to have in your Mac the following dependencies installed, if you don't want to use the provided Docker containers. You'll need to have in your Mac the following dependencies installed, if you don't want to use the provided Docker containers.
* Ruby `2.5.1` - Ruby `2.5.1`
* Rails `5.0.7.1` - Rails `5.0.7.1`
* Node `11.12.0` - Node `11.12.0`
## Local Config ## Local Config
@ -17,45 +17,47 @@ You'll need to have in your Mac the following dependencies installed, if you don
Instructions for running Development environment using macOS Catalina Instructions for running Development environment using macOS Catalina
### Initial steps ### Initial steps
*Dependencies:*
_Dependencies:_
Have a ruby version installed, you can learn more about how to use multiple versions of Ruby installed in your computer with [rbenv](https://github.com/rbenv/rbenv) or [rvm](https://rvm.io). Have a ruby version installed, you can learn more about how to use multiple versions of Ruby installed in your computer with [rbenv](https://github.com/rbenv/rbenv) or [rvm](https://rvm.io).
An instance of PostgresSQL running. An instance of PostgresSQL running.
*Setting up secrets:* _Setting up secrets:_
Run `cp .env.template .env` to copy the provided template file for env variables to create your own. Run `cp .env.template .env` to copy the provided template file for env variables to create your own.
You'll need to provide a `DEVISE_SECRET_KEY` and `SECRET_TOKEN` which you can obtain by running `bundle exec rake secret`. You'll need to provide a `DEVISE_SECRET_KEY` and `SECRET_TOKEN` which you can obtain by running `bundle exec rake secret`.
Set the following secrets in your `.env` file with your *Stripe account* information. Set the following secrets in your `.env` file with your _Stripe account_ information.
* `STRIPE_API_KEY` with your Stripe *private* key. - `STRIPE_API_KEY` with your Stripe _private_ key.
* `STRIPE_API_PUBLIC` with your Stripe *public* key. - `STRIPE_API_PUBLIC` with your Stripe _public_ key.
The last secrets you'll need are related to AWS. You can learn how to [create an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html) within the AWS Documentation, and to obtain your access and secret key, you can [learn more here](https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/). The last secrets you'll need are related to AWS. You can learn how to [create an S3 Bucket](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingBucket.html) within the AWS Documentation, and to obtain your access and secret key, you can [learn more here](https://aws.amazon.com/blogs/security/wheres-my-secret-access-key/).
* `S3_BUCKET_NAME` - `S3_BUCKET_NAME`
* `AWS_ACCESS_KEY` - `AWS_ACCESS_KEY`
* `AWS_SECRET_ACCESS_KEY` - `AWS_SECRET_ACCESS_KEY`
*Setting up the local database:* _Setting up the local database:_
Run `rake db:setup` to run all the db tasks within one command. This will create the dbs for each environment, load the `structure.sql`, run pending migrations and will also run the seed functionality. Run `rake db:setup` to run all the db tasks within one command. This will create the dbs for each environment, load the `structure.sql`, run pending migrations and will also run the seed functionality.
------- ---
**Known problems** **Known problems**
If you encounter `database doesnt exist in rake db create` after running both `rake db:setup` and `rake db:create`, you'll need to comment out the lines these lines at `pg_type_map.rb` If you encounter `database doesnt exist in rake db create` after running both `rake db:setup` and `rake db:create`, you'll need to comment out the lines these lines at `pg_type_map.rb`
``` ```
Qx.config(type_map: PG::BasicTypeMapForResults.new(ActiveRecord::Base.connection.raw_connection)) Qx.config(type_map: PG::BasicTypeMapForResults.new(ActiveRecord::Base.connection.raw_connection))
Qx.execute("SET TIME ZONE utc") Qx.execute("SET TIME ZONE utc")
``` ```
### How to run ### How to run
You'll need 2 consoles to run the project. One for the rails env and another one to run the asset pipeline through [webpack](https://webpack.js.org) , since it's *not incorporated yet* into the rails asset pipeline.
You'll need 2 consoles to run the project. One for the rails env and another one to run the asset pipeline through [webpack](https://webpack.js.org) , since it's _not incorporated yet_ into the rails asset pipeline.
```bash ```bash
# Console one (1) # Console one (1)
@ -80,3 +82,22 @@ npx webpack --watch
--- ---
Run `bundle exec rspec` to run test suite. Run `bundle exec rspec` to run test suite.
## Formatting
We are using [Standard](https://github.com/testdouble/standard) that is a wrapper on top of Rubocop with a predefined set of Rules. If you use VS Code you will want to install [vscode-ruby](https://marketplace.visualstudio.com/items?itemName=rebornix.Ruby) extension and enable formatting on save.
To enable formatting on save add these lines to your `settings.json`.
```json
{
"[ruby]": {
"editor.formatOnSave": true
},
"ruby.lint": {
"rubocop": true
},
"ruby.format": "rubocop",
"editor.formatOnSaveTimeout": 5000
}
```

41
package-lock.json generated
View file

@ -10583,8 +10583,7 @@
"ansi-regex": { "ansi-regex": {
"version": "2.1.1", "version": "2.1.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"aproba": { "aproba": {
"version": "1.2.0", "version": "1.2.0",
@ -10605,14 +10604,12 @@
"balanced-match": { "balanced-match": {
"version": "1.0.0", "version": "1.0.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"brace-expansion": { "brace-expansion": {
"version": "1.1.11", "version": "1.1.11",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"balanced-match": "^1.0.0", "balanced-match": "^1.0.0",
"concat-map": "0.0.1" "concat-map": "0.0.1"
@ -10627,20 +10624,17 @@
"code-point-at": { "code-point-at": {
"version": "1.1.0", "version": "1.1.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"concat-map": { "concat-map": {
"version": "0.0.1", "version": "0.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"console-control-strings": { "console-control-strings": {
"version": "1.1.0", "version": "1.1.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"core-util-is": { "core-util-is": {
"version": "1.0.2", "version": "1.0.2",
@ -10757,8 +10751,7 @@
"inherits": { "inherits": {
"version": "2.0.3", "version": "2.0.3",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"ini": { "ini": {
"version": "1.3.5", "version": "1.3.5",
@ -10770,7 +10763,6 @@
"version": "1.0.0", "version": "1.0.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"number-is-nan": "^1.0.0" "number-is-nan": "^1.0.0"
} }
@ -10785,7 +10777,6 @@
"version": "3.0.4", "version": "3.0.4",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"brace-expansion": "^1.1.7" "brace-expansion": "^1.1.7"
} }
@ -10793,14 +10784,12 @@
"minimist": { "minimist": {
"version": "0.0.8", "version": "0.0.8",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"minipass": { "minipass": {
"version": "2.3.5", "version": "2.3.5",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"safe-buffer": "^5.1.2", "safe-buffer": "^5.1.2",
"yallist": "^3.0.0" "yallist": "^3.0.0"
@ -10819,7 +10808,6 @@
"version": "0.5.1", "version": "0.5.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"minimist": "0.0.8" "minimist": "0.0.8"
} }
@ -10900,8 +10888,7 @@
"number-is-nan": { "number-is-nan": {
"version": "1.0.1", "version": "1.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"object-assign": { "object-assign": {
"version": "4.1.1", "version": "4.1.1",
@ -10913,7 +10900,6 @@
"version": "1.4.0", "version": "1.4.0",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"wrappy": "1" "wrappy": "1"
} }
@ -10999,8 +10985,7 @@
"safe-buffer": { "safe-buffer": {
"version": "5.1.2", "version": "5.1.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"safer-buffer": { "safer-buffer": {
"version": "2.1.2", "version": "2.1.2",
@ -11036,7 +11021,6 @@
"version": "1.0.2", "version": "1.0.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"code-point-at": "^1.0.0", "code-point-at": "^1.0.0",
"is-fullwidth-code-point": "^1.0.0", "is-fullwidth-code-point": "^1.0.0",
@ -11056,7 +11040,6 @@
"version": "3.0.1", "version": "3.0.1",
"bundled": true, "bundled": true,
"dev": true, "dev": true,
"optional": true,
"requires": { "requires": {
"ansi-regex": "^2.0.0" "ansi-regex": "^2.0.0"
} }
@ -11100,14 +11083,12 @@
"wrappy": { "wrappy": {
"version": "1.0.2", "version": "1.0.2",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
}, },
"yallist": { "yallist": {
"version": "3.0.3", "version": "3.0.3",
"bundled": true, "bundled": true,
"dev": true, "dev": true
"optional": true
} }
} }
}, },

2
spec/api/houdini/nonprofit_spec.rb
View file

@ -54,7 +54,7 @@ describe Houdini::V1::Nonprofit, type: :request do
it 'rejects csrf' do it 'rejects csrf' do
post '/api/v1/nonprofit', params: {}, xhr: true post '/api/v1/nonprofit', params: {}, xhr: true
expect(response.code).to eq '401' expect(response.code).to eq '400'
end end
end end