From ecd09a2445f82f4897265caf4a3bf6b6cd2146cb Mon Sep 17 00:00:00 2001 From: Adam Cooke Date: Fri, 23 Feb 2024 14:24:17 +0000 Subject: [PATCH] chore: upgrade rails to 7.0 and other dependencies --- Gemfile | 12 +- Gemfile.lock | 181 +++++++++--------- app/controllers/application_controller.rb | 3 +- app/controllers/messages_controller.rb | 2 +- app/models/concerns/has_authentication.rb | 17 +- app/models/credential.rb | 2 +- app/models/domain.rb | 26 +-- app/models/webhook.rb | 16 +- app/views/domains/index.html.haml | 2 +- app/views/messages/_deliveries.html.haml | 4 +- app/views/messages/_list.html.haml | 2 +- app/views/messages/_message_header.html.haml | 2 +- app/views/messages/activity.html.haml | 8 +- app/views/messages/suppressions.html.haml | 4 +- app/views/servers/show.html.haml | 3 +- config/application.rb | 2 +- config/boot.rb | 3 - .../initializers/content_security_policy.rb | 26 +++ .../initializers/filter_parameter_logging.rb | 8 +- config/initializers/new_framework_defaults.rb | 23 --- .../new_framework_defaults_7_0.rb | 142 ++++++++++++++ config/initializers/permissions_policy.rb | 12 ++ ..._two_factor_required_to_sessions.authie.rb | 10 + ...add_countries_to_authie_sessions.authie.rb | 12 ++ db/schema.rb | 161 ++++++++-------- script/smtp_server.rb | 3 + script/worker.rb | 3 + 27 files changed, 439 insertions(+), 250 deletions(-) create mode 100644 config/initializers/content_security_policy.rb delete mode 100644 config/initializers/new_framework_defaults.rb create mode 100644 config/initializers/new_framework_defaults_7_0.rb create mode 100644 config/initializers/permissions_policy.rb create mode 100644 db/migrate/20240223141500_add_two_factor_required_to_sessions.authie.rb create mode 100644 db/migrate/20240223141501_add_countries_to_authie_sessions.authie.rb diff --git a/Gemfile b/Gemfile index 8c9fe266..e8837afd 100644 --- a/Gemfile +++ b/Gemfile @@ -3,15 +3,12 @@ source "https://rubygems.org" gem "authie" gem "autoprefixer-rails" -gem "basic_ssl" gem "bcrypt" -gem "changey" gem "chronic" gem "dotenv-rails" gem "dynamic_form" gem "encrypto_signo" gem "execjs", "~> 2.7", "< 2.8" -gem "foreman" gem "gelf" gem "haml" gem "hashie" @@ -26,11 +23,10 @@ gem "nifty-utils" gem "nilify_blanks" gem "nio4r" gem "puma" -gem "rails", "= 6.1.7.6" -gem "resolv", "~> 0.2.1" +gem "rails", "= 7.0.8.1" +gem "resolv" gem "secure_headers" gem "sentry-rails" -gem "sentry-ruby" gem "turbolinks", "~> 5" group :development, :assets do @@ -40,10 +36,6 @@ group :development, :assets do gem "uglifier", ">= 1.3.0" end -group :development, :test do - gem "byebug" -end - group :development do gem "annotate" gem "database_cleaner", require: false diff --git a/Gemfile.lock b/Gemfile.lock index 476e9241..d0e48689 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,82 +1,85 @@ GEM remote: https://rubygems.org/ specs: - actioncable (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + actioncable (7.0.8.1) + actionpack (= 7.0.8.1) + activesupport (= 7.0.8.1) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailbox (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actionmailbox (7.0.8.1) + actionpack (= 7.0.8.1) + activejob (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) mail (>= 2.7.1) - actionmailer (6.1.7.6) - actionpack (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activesupport (= 6.1.7.6) + net-imap + net-pop + net-smtp + actionmailer (7.0.8.1) + actionpack (= 7.0.8.1) + actionview (= 7.0.8.1) + activejob (= 7.0.8.1) + activesupport (= 7.0.8.1) mail (~> 2.5, >= 2.5.4) + net-imap + net-pop + net-smtp rails-dom-testing (~> 2.0) - actionpack (6.1.7.6) - actionview (= 6.1.7.6) - activesupport (= 6.1.7.6) - rack (~> 2.0, >= 2.0.9) + actionpack (7.0.8.1) + actionview (= 7.0.8.1) + activesupport (= 7.0.8.1) + rack (~> 2.0, >= 2.2.4) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.2.0) - actiontext (6.1.7.6) - actionpack (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + actiontext (7.0.8.1) + actionpack (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) + globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (6.1.7.6) - activesupport (= 6.1.7.6) + actionview (7.0.8.1) + activesupport (= 7.0.8.1) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.1, >= 1.2.0) - activejob (6.1.7.6) - activesupport (= 6.1.7.6) + activejob (7.0.8.1) + activesupport (= 7.0.8.1) globalid (>= 0.3.6) - activemodel (6.1.7.6) - activesupport (= 6.1.7.6) - activerecord (6.1.7.6) - activemodel (= 6.1.7.6) - activesupport (= 6.1.7.6) - activestorage (6.1.7.6) - actionpack (= 6.1.7.6) - activejob (= 6.1.7.6) - activerecord (= 6.1.7.6) - activesupport (= 6.1.7.6) + activemodel (7.0.8.1) + activesupport (= 7.0.8.1) + activerecord (7.0.8.1) + activemodel (= 7.0.8.1) + activesupport (= 7.0.8.1) + activestorage (7.0.8.1) + actionpack (= 7.0.8.1) + activejob (= 7.0.8.1) + activerecord (= 7.0.8.1) + activesupport (= 7.0.8.1) marcel (~> 1.0) mini_mime (>= 1.1.0) - activesupport (6.1.7.6) + activesupport (7.0.8.1) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 1.6, < 2) minitest (>= 5.1) tzinfo (~> 2.0) - zeitwerk (~> 2.3) addressable (2.8.6) public_suffix (>= 2.0.2, < 6.0) annotate (3.2.0) activerecord (>= 3.2, < 8.0) rake (>= 10.4, < 14.0) ast (2.4.2) - authie (3.4.0) - secure_random_string + authie (4.1.3) + activerecord (>= 6.1, < 8.0) autoprefixer-rails (10.4.13.0) execjs (~> 2) - basic_ssl (1.0.3) - bcrypt (3.1.18) + base64 (0.2.0) + bcrypt (3.1.20) bigdecimal (3.1.6) builder (3.2.4) - byebug (11.1.3) - changey (1.1.0) - activerecord (>= 4.2, < 7) chronic (0.10.2) coffee-rails (5.0.0) coffee-script (>= 2.2.0) @@ -96,13 +99,13 @@ GEM activerecord (>= 5.a) database_cleaner-core (~> 2.0.0) database_cleaner-core (2.0.1) - date (3.3.3) + date (3.3.4) deep_merge (1.2.2) diff-lcs (1.5.0) - dotenv (2.8.1) - dotenv-rails (2.8.1) - dotenv (= 2.8.1) - railties (>= 3.2) + dotenv (3.0.2) + dotenv-rails (3.0.2) + dotenv (= 3.0.2) + railties (>= 6.1) dynamic_form (1.3.1) actionview (> 5.2.0) activemodel (> 5.2.0) @@ -115,12 +118,11 @@ GEM factory_bot (~> 6.4) railties (>= 5.0.0) ffi (1.15.5) - foreman (0.87.2) gelf (3.1.0) json globalid (1.2.1) activesupport (>= 6.1) - haml (6.1.1) + haml (6.3.0) temple (>= 0.8.2) thor tilt @@ -134,7 +136,8 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (2.6.3) - jwt (2.7.0) + jwt (2.8.0) + base64 kaminari (1.2.2) activesupport (>= 4.1.0) kaminari-actionview (= 1.2.2) @@ -161,22 +164,22 @@ GEM net-smtp marcel (1.0.2) method_source (1.0.0) - mini_mime (1.1.2) + mini_mime (1.1.5) mini_portile2 (2.8.5) minitest (5.22.2) moonrope (2.0.2) deep_merge (~> 1.0) json rack (>= 1.4) - mysql2 (0.5.5) - net-imap (0.3.4) + mysql2 (0.5.6) + net-imap (0.4.10) date net-protocol net-pop (0.1.2) net-protocol - net-protocol (0.2.1) + net-protocol (0.2.2) timeout - net-smtp (0.3.3) + net-smtp (0.4.0.1) net-protocol nifty-utils (1.1.7) nilify_blanks (1.4.0) @@ -197,24 +200,23 @@ GEM puma (6.4.2) nio4r (~> 2.0) racc (1.7.3) - rack (2.2.8) + rack (2.2.8.1) rack-test (2.1.0) rack (>= 1.3) - rails (6.1.7.6) - actioncable (= 6.1.7.6) - actionmailbox (= 6.1.7.6) - actionmailer (= 6.1.7.6) - actionpack (= 6.1.7.6) - actiontext (= 6.1.7.6) - actionview (= 6.1.7.6) - activejob (= 6.1.7.6) - activemodel (= 6.1.7.6) - activerecord (= 6.1.7.6) - activestorage (= 6.1.7.6) - activesupport (= 6.1.7.6) + rails (7.0.8.1) + actioncable (= 7.0.8.1) + actionmailbox (= 7.0.8.1) + actionmailer (= 7.0.8.1) + actionpack (= 7.0.8.1) + actiontext (= 7.0.8.1) + actionview (= 7.0.8.1) + activejob (= 7.0.8.1) + activemodel (= 7.0.8.1) + activerecord (= 7.0.8.1) + activestorage (= 7.0.8.1) + activesupport (= 7.0.8.1) bundler (>= 1.15.0) - railties (= 6.1.7.6) - sprockets-rails (>= 2.0.0) + railties (= 7.0.8.1) rails-dom-testing (2.2.0) activesupport (>= 5.0.0) minitest @@ -222,16 +224,17 @@ GEM rails-html-sanitizer (1.6.0) loofah (~> 2.21) nokogiri (~> 1.14) - railties (6.1.7.6) - actionpack (= 6.1.7.6) - activesupport (= 6.1.7.6) + railties (7.0.8.1) + actionpack (= 7.0.8.1) + activesupport (= 7.0.8.1) method_source rake (>= 12.2) thor (~> 1.0) + zeitwerk (~> 2.5) rainbow (3.1.1) rake (13.1.0) regexp_parser (2.7.0) - resolv (0.2.2) + resolv (0.3.0) rexml (3.2.5) rouge (4.2.0) rspec (3.12.0) @@ -283,11 +286,10 @@ GEM sprockets-rails tilt secure_headers (6.5.0) - secure_random_string (1.0.0) - sentry-rails (5.8.0) + sentry-rails (5.16.1) railties (>= 5.0) - sentry-ruby (~> 5.8.0) - sentry-ruby (5.8.0) + sentry-ruby (~> 5.16.1) + sentry-ruby (5.16.1) concurrent-ruby (~> 1.0, >= 1.0.2) shoulda-matchers (6.1.0) activesupport (>= 5.2.0) @@ -298,11 +300,11 @@ GEM actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) - temple (0.10.0) + temple (0.10.3) thor (1.3.0) - tilt (2.1.0) + tilt (2.3.0) timecop (0.9.8) - timeout (0.3.2) + timeout (0.4.1) turbolinks (5.2.1) turbolinks-source (~> 5.2) turbolinks-source (5.2.0) @@ -330,10 +332,7 @@ DEPENDENCIES annotate authie autoprefixer-rails - basic_ssl bcrypt - byebug - changey chronic coffee-rails (~> 5.0) database_cleaner @@ -342,7 +341,6 @@ DEPENDENCIES encrypto_signo execjs (~> 2.7, < 2.8) factory_bot_rails - foreman gelf haml hashie @@ -358,8 +356,8 @@ DEPENDENCIES nilify_blanks nio4r puma - rails (= 6.1.7.6) - resolv (~> 0.2.1) + rails (= 7.0.8.1) + resolv rspec rspec-rails rubocop @@ -367,7 +365,6 @@ DEPENDENCIES sass-rails secure_headers sentry-rails - sentry-ruby shoulda-matchers timecop turbolinks (~> 5) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 30535752..d2c36cda 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -109,7 +109,8 @@ def login(user) auth_session.invalidate! reset_session end - Authie::Session.start(self, user: user) + + create_auth_session(user) @current_user = user end diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 2e6a25d6..ea0e940c 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -19,7 +19,7 @@ def new @message.from = "test@#{domain.name}" end end - @message.subject = "Test Message at #{Time.zone.now.to_s(:long)}" + @message.subject = "Test Message at #{Time.zone.now.to_fs(:long)}" @message.plain_body = "This is a message to test the delivery of messages through Postal." end diff --git a/app/models/concerns/has_authentication.rb b/app/models/concerns/has_authentication.rb index 80a52ce4..4491a775 100644 --- a/app/models/concerns/has_authentication.rb +++ b/app/models/concerns/has_authentication.rb @@ -8,13 +8,7 @@ module HasAuthentication has_secure_password validates :password, length: { minimum: 8, allow_blank: true } - - when_attribute :password_digest, changes_to: :anything do - before_save do - self.password_reset_token = nil - self.password_reset_token_valid_until = nil - end - end + before_save :clear_password_reset_token_on_password_change end class_methods do @@ -42,6 +36,15 @@ def begin_password_reset(return_to = nil) AppMailer.password_reset(self, return_to).deliver end + private + + def clear_password_reset_token_on_password_change + return unless password_digest_changed? + + self.password_reset_token = nil + self.password_reset_token_valid_until = nil + end + end # -*- SkipSchemaAnnotations diff --git a/app/models/credential.rb b/app/models/credential.rb index 18e32661..8062eb50 100644 --- a/app/models/credential.rb +++ b/app/models/credential.rb @@ -39,7 +39,7 @@ def generate_key return if type == "SMTP-IP" return if persisted? - self.key = SecureRandomString.new(24) + self.key = SecureRandom.alphanumeric(24) end def to_param diff --git a/app/models/domain.rb b/app/models/domain.rb index 6c3b2ff5..d4498470 100644 --- a/app/models/domain.rb +++ b/app/models/domain.rb @@ -61,17 +61,7 @@ class Domain < ApplicationRecord scope :verified, -> { where.not(verified_at: nil) } - when_attribute :verification_method, changes_to: :anything do - before_save do - if verification_method == "DNS" - self.verification_token = Nifty::Utils::RandomString.generate(length: 32) - elsif verification_method == "Email" - self.verification_token = rand(999_999).to_s.ljust(6, "0") - else - self.verification_token = nil - end - end - end + before_save :update_verification_token_on_method_change def verified? verified_at.present? @@ -168,4 +158,18 @@ def verify_with_dns false end + private + + def update_verification_token_on_method_change + return unless verification_method_changed? + + if verification_method == "DNS" + self.verification_token = Nifty::Utils::RandomString.generate(length: 32) + elsif verification_method == "Email" + self.verification_token = rand(999_999).to_s.ljust(6, "0") + else + self.verification_token = nil + end + end + end diff --git a/app/models/webhook.rb b/app/models/webhook.rb index a334632c..cfa9891b 100644 --- a/app/models/webhook.rb +++ b/app/models/webhook.rb @@ -35,12 +35,7 @@ class Webhook < ApplicationRecord scope :enabled, -> { where(enabled: true) } after_save :save_events - - when_attribute :all_events, changes_to: true do - after_save do - webhook_events.destroy_all - end - end + after_save :destroy_events_when_all_events_enabled def events @events ||= webhook_events.map(&:event) @@ -50,13 +45,22 @@ def events=(value) @events = value.map(&:to_s).select(&:present?) end + private + def save_events return unless @events @events.each do |event| webhook_events.where(event: event).first_or_create! end + webhook_events.where.not(event: @events).destroy_all end + def destroy_events_when_all_events_enabled + return unless all_events + + webhook_events.destroy_all + end + end diff --git a/app/views/domains/index.html.haml b/app/views/domains/index.html.haml index eafd3a32..2238e01a 100644 --- a/app/views/domains/index.html.haml +++ b/app/views/domains/index.html.haml @@ -63,7 +63,7 @@ %ul.domainList__properties - if domain.verified? - %li.domainList__verificationTime Verified on #{domain.verified_at.to_s(:long)} + %li.domainList__verificationTime Verified on #{domain.verified_at.to_fs(:long)} - else %li= link_to "Verify this domain", [:verify, organization, @server, domain], :class => "domainList__verificationLink" %li.domainList__links diff --git a/app/views/messages/_deliveries.html.haml b/app/views/messages/_deliveries.html.haml index 707948be..dc9f4f92 100644 --- a/app/views/messages/_deliveries.html.haml +++ b/app/views/messages/_deliveries.html.haml @@ -11,7 +11,7 @@ %p This message has been held. By releasing the message, we will allow it to continue on its way to its destination. - if @message.hold_expiry - It will be held until #{@message.hold_expiry.to_s(:long)}. + It will be held until #{@message.hold_expiry.to_fs(:long)}. %p.buttonSet = link_to "Release message", retry_organization_server_message_path(organization, @server, message.id), :class => "button button--small", :remote => true, :method => :post = link_to "Cancel hold", cancel_hold_organization_server_message_path(organization, @server, message.id), :class => "button button--small button--danger", :remote => true, :method => :post @@ -33,7 +33,7 @@ %li.deliveryList__item .deliveryList__top .deliveryList__time - = delivery.timestamp.to_s(:long) + = delivery.timestamp.to_fs(:long) .deliveryList__status - if delivery.sent_with_ssl = image_tag 'icons/lock.svg', :class => 'deliveryList__secure' diff --git a/app/views/messages/_list.html.haml b/app/views/messages/_list.html.haml index 79e5fdba..4d1a4ad7 100644 --- a/app/views/messages/_list.html.haml +++ b/app/views/messages/_list.html.haml @@ -17,7 +17,7 @@ %dd= message.mail_from || "none" .messageList__meta - %p.messageList__timestamp= message.timestamp.in_time_zone.to_s(:long) + %p.messageList__timestamp= message.timestamp.in_time_zone.to_fs(:long) %p.messageList__status - if message.read? %span.label.label--purple Opened diff --git a/app/views/messages/_message_header.html.haml b/app/views/messages/_message_header.html.haml index 41c537ce..0ec98b44 100644 --- a/app/views/messages/_message_header.html.haml +++ b/app/views/messages/_message_header.html.haml @@ -23,7 +23,7 @@ = link_to @message.rcpt_to || "[blank]", send("#{@message.scope}_organization_server_messages_path", organization, @server, :query => "to: #{@message.rcpt_to}"), :class => 'u-link' %dl %dt Received - %dd= @message.timestamp.in_time_zone.to_s(:long) + %dd= @message.timestamp.in_time_zone.to_fs(:long) .navBar.navBar--tertiary %ul diff --git a/app/views/messages/activity.html.haml b/app/views/messages/activity.html.haml index fba73419..6e28cca4 100644 --- a/app/views/messages/activity.html.haml +++ b/app/views/messages/activity.html.haml @@ -11,7 +11,7 @@ - for entry in @entries.reverse - if entry.is_a?(Postal::MessageDB::Delivery) %li.messageActivity__event - %p.messageActivity__timestamp= entry.timestamp.to_s(:long) + %p.messageActivity__timestamp= entry.timestamp.to_fs(:long) .messageActivity__details.messageActivity--detailsDelivery %p.messageActivity__subject =# entry.status.underscore.humanize @@ -21,20 +21,20 @@ - elsif entry.is_a?(Postal::MessageDB::Click) %li.messageActivity__event - %p.messageActivity__timestamp= entry.timestamp.to_s(:long) + %p.messageActivity__timestamp= entry.timestamp.to_fs(:long) .messageActivity__details.messageActivity--detailsClick %p.messageActivity__subject Click for #{entry.url} %p.messageActivity__extra Clicked from #{entry.ip_address} (#{entry.user_agent}) - elsif entry.is_a?(Postal::MessageDB::Load) %li.messageActivity__event - %p.messageActivity__timestamp= entry.timestamp.to_s(:long) + %p.messageActivity__timestamp= entry.timestamp.to_fs(:long) .messageActivity__details.messageActivity--detailsLoad %p.messageActivity__subject Message Viewed %p.messageActivity__extra Opened from #{entry.ip_address} (#{entry.user_agent}) %li.messageActivity__event - %p.messageActivity__timestamp= @message.timestamp.to_s(:long) + %p.messageActivity__timestamp= @message.timestamp.to_fs(:long) .messageActivity__details %p.messageActivity__subject Message received by Postal diff --git a/app/views/messages/suppressions.html.haml b/app/views/messages/suppressions.html.haml index 7fbfee81..ffc97a90 100644 --- a/app/views/messages/suppressions.html.haml +++ b/app/views/messages/suppressions.html.haml @@ -22,9 +22,9 @@ %p.suppressionList__address= link_to suppression['address'], outgoing_organization_server_messages_path(organization, @server, :query => "to: #{suppression['address']}") %p.suppressionList__reason= suppression['reason'].capitalize .suppressionList__right - %p.suppressionList__timestamp Added #{Time.zone.at(suppression['timestamp']).to_s(:long)} + %p.suppressionList__timestamp Added #{Time.zone.at(suppression['timestamp']).to_fs(:long)} %p.suppressionList__timestamp - Expires #{Time.zone.at(suppression['keep_until']).to_s(:long)} + Expires #{Time.zone.at(suppression['keep_until']).to_fs(:long)} - if suppression['keep_until'] < Time.now.to_f %span.u-red expired = render 'shared/message_db_pagination', :data => @suppressions, :name => "suppression" diff --git a/app/views/servers/show.html.haml b/app/views/servers/show.html.haml index 3f6558c8..3ae1b428 100644 --- a/app/views/servers/show.html.haml +++ b/app/views/servers/show.html.haml @@ -35,7 +35,7 @@ %li #{@first_date.strftime("%A at %l%P")} → %li Today at #{Time.now.strftime("%l%P")} - else - %li #{@first_date.to_date.to_s(:long)} → + %li #{@first_date.to_date.to_fs(:long)} → %li Today .titleWithLinks.u-margin @@ -44,4 +44,3 @@ %li= link_to "View message queue", [:queue, organization, @server], :class => 'titleWithLinks__link' %li= link_to "View full e-mail history", [:outgoing, organization, @server, :messages], :class => 'titleWithLinks__link' = render 'messages/list', :messages => @messages - diff --git a/config/application.rb b/config/application.rb index 13b46779..3d54d964 100644 --- a/config/application.rb +++ b/config/application.rb @@ -17,7 +17,7 @@ module Postal class Application < Rails::Application - config.load_defaults 6.0 + config.load_defaults 7.0 # Disable most generators config.generators do |g| diff --git a/config/boot.rb b/config/boot.rb index 73db71c1..192372bb 100644 --- a/config/boot.rb +++ b/config/boot.rb @@ -2,9 +2,6 @@ ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) -$stdout.sync = true -$stderr.sync = true - require "bundler/setup" # Set up gems listed in the Gemfile. require_relative "../lib/postal/config" diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb new file mode 100644 index 00000000..691cfa11 --- /dev/null +++ b/config/initializers/content_security_policy.rb @@ -0,0 +1,26 @@ +# frozen_string_literal: true +# Be sure to restart your server when you modify this file. + +# Define an application-wide content security policy. +# See the Securing Rails Applications Guide for more information: +# https://guides.rubyonrails.org/security.html#content-security-policy-header + +# Rails.application.configure do +# config.content_security_policy do |policy| +# policy.default_src :self, :https +# policy.font_src :self, :https, :data +# policy.img_src :self, :https, :data +# policy.object_src :none +# policy.script_src :self, :https +# policy.style_src :self, :https +# # Specify URI for violation reports +# # policy.report_uri "/csp-violation-report-endpoint" +# end +# +# # Generate session nonces for permitted importmap and inline scripts +# config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } +# config.content_security_policy_nonce_directives = %w(script-src) +# +# # Report violations without enforcing the policy. +# # config.content_security_policy_report_only = true +# end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index 7a4f47b4..ca55f952 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -2,5 +2,9 @@ # Be sure to restart your server when you modify this file. -# Configure sensitive parameters which will be filtered from the log file. -Rails.application.config.filter_parameters += [:password] +# Configure parameters to be filtered from the log file. Use this to limit dissemination of +# sensitive information. See the ActiveSupport::ParameterFilter documentation for supported +# notations and behaviors. +Rails.application.config.filter_parameters += [ + :passw, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn +] diff --git a/config/initializers/new_framework_defaults.rb b/config/initializers/new_framework_defaults.rb deleted file mode 100644 index 420535c8..00000000 --- a/config/initializers/new_framework_defaults.rb +++ /dev/null @@ -1,23 +0,0 @@ -# frozen_string_literal: true - -# Be sure to restart your server when you modify this file. -# -# This file contains migration options to ease your Rails 5.0 upgrade. -# -# Read the Rails 5.0 release notes for more info on each option. - -# Enable per-form CSRF tokens. Previous versions had false. -Rails.application.config.action_controller.per_form_csrf_tokens = true - -# Enable origin-checking CSRF mitigation. Previous versions had false. -Rails.application.config.action_controller.forgery_protection_origin_check = true - -# Make Ruby 2.4 preserve the timezone of the receiver when calling `to_time`. -# Previous versions had false. -ActiveSupport.to_time_preserves_timezone = true - -# Require `belongs_to` associations by default. Previous versions had false. -Rails.application.config.active_record.belongs_to_required_by_default = true - -# Configure SSL options to enable HSTS with subdomains. Previous versions had false. -Rails.application.config.ssl_options = false diff --git a/config/initializers/new_framework_defaults_7_0.rb b/config/initializers/new_framework_defaults_7_0.rb new file mode 100644 index 00000000..a13554e0 --- /dev/null +++ b/config/initializers/new_framework_defaults_7_0.rb @@ -0,0 +1,142 @@ +# frozen_string_literal: true +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 7.0 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `7.0`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +# `button_to` view helper will render `