Permalink
Browse files

Remove Spree::Alert.

The initial intent of Spree::Alert was to push notifications from Spree Commerce
to store owners when there were security alerts or new versions released.
This functionality hasn't been used much though in the past several years
with only a couple alerts issued for security updates.  The implementation
was simply sticking the alerts in admin cookies, and has now taken up too much
space causing CookieOverflow errors.  Since this feature isn't really being used,
and most developers rather follow the https://groups.google.com/forum/#!forum/spree-user
mailing list or the Spree Commerce blog & twitter accounts we're just going to
remove it and shut down the alerts.spreecommerce.com service.

Fixes #6465
Fixes #6516
  • Loading branch information...
JDutil committed Jun 20, 2015
1 parent ef635b9 commit d9bd19468d34ee12cc5ce0f73509748ca569957f
@@ -7,92 +7,62 @@ class BaseController < Spree::BaseController
helper 'spree/admin/tables'
layout '/spree/layouts/admin'
- before_action :check_alerts
before_action :authorize_admin
protected
- def action
- params[:action].to_sym
- end
-
- def authorize_admin
- if respond_to?(:model_class, true) && model_class
- record = model_class
- else
- record = controller_name.to_sym
- end
- authorize! :admin, record
- authorize! action, record
- end
-
- # Need to generate an API key for a user due to some backend actions
- # requiring authentication to the Spree API
- def generate_admin_api_key
- if (user = try_spree_current_user) && user.spree_api_key.blank?
- user.generate_spree_api_key!
- end
- end
-
- def check_alerts
- return unless should_check_alerts?
- unless session.has_key? :alerts
- session[:alerts] = Spree::Alert.current(request.host)
- filter_dismissed_alerts
- Spree::Config.set :last_check_for_spree_alerts => DateTime.now.to_s
- end
- end
-
- def should_check_alerts?
- return false if !Rails.env.production? || !Spree::Config[:check_for_spree_alerts]
+ def action
+ params[:action].to_sym
+ end
- last_check = Spree::Config[:last_check_for_spree_alerts]
- return true if last_check.blank?
-
- DateTime.parse(last_check) < 12.hours.ago
- end
-
- def flash_message_for(object, event_sym)
- resource_desc = object.class.model_name.human
- resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
- Spree.t(event_sym, :resource => resource_desc)
- end
-
- def render_js_for_destroy
- render :partial => '/spree/admin/shared/destroy'
+ def authorize_admin
+ if respond_to?(:model_class, true) && model_class
+ record = model_class
+ else
+ record = controller_name.to_sym
end
-
- # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
- def check_json_authenticity
- return unless request.format.js? or request.format.json?
- return unless protect_against_forgery?
- auth_token = params[request_forgery_protection_token]
- unless (auth_token and form_authenticity_token == URI.unescape(auth_token))
- raise(ActionController::InvalidAuthenticityToken)
- end
+ authorize! :admin, record
+ authorize! action, record
+ end
+
+ # Need to generate an API key for a user due to some backend actions
+ # requiring authentication to the Spree API
+ def generate_admin_api_key
+ if (user = try_spree_current_user) && user.spree_api_key.blank?
+ user.generate_spree_api_key!
end
-
- def filter_dismissed_alerts
- return unless session[:alerts]
- dismissed = (Spree::Config[:dismissed_spree_alerts] || '').split(',')
- # If it's a string, something has gone wrong with the alerts service. Ignore it.
- if session[:alerts].is_a?(String)
- session[:alerts] = nil
- else
- session[:alerts].reject! { |a| dismissed.include? a["id"].to_s }
- end
+ end
+
+ def flash_message_for(object, event_sym)
+ resource_desc = object.class.model_name.human
+ resource_desc += " \"#{object.name}\"" if object.respond_to?(:name) && object.name.present?
+ Spree.t(event_sym, resource: resource_desc)
+ end
+
+ def render_js_for_destroy
+ render partial: '/spree/admin/shared/destroy'
+ end
+
+ # Index request for JSON needs to pass a CSRF token in order to prevent JSON Hijacking
+ def check_json_authenticity
+ return unless request.format.js? || request.format.json?
+ return unless protect_against_forgery?
+ auth_token = params[request_forgery_protection_token]
+ unless auth_token && form_authenticity_token == URI.unescape(auth_token)
+ raise(ActionController::InvalidAuthenticityToken)
end
+ end
- def config_locale
- Spree::Backend::Config[:locale]
- end
+ def config_locale
+ Spree::Backend::Config[:locale]
+ end
- def can_not_transition_without_customer_info
- unless @order.billing_address.present?
- flash[:notice] = Spree.t(:fill_in_customer_info)
- redirect_to edit_admin_order_customer_url(@order)
- end
+ def can_not_transition_without_customer_info
+ unless @order.billing_address.present?
+ flash[:notice] = Spree.t(:fill_in_customer_info)
+ redirect_to edit_admin_order_customer_url(@order)
end
+ end
end
end
end
@@ -6,9 +6,7 @@ class GeneralSettingsController < Spree::Admin::BaseController
before_action :set_store
def edit
- @preferences_security = [:allow_ssl_in_production,
- :allow_ssl_in_staging, :allow_ssl_in_development_and_test,
- :check_for_spree_alerts]
+ @preferences_security = [:allow_ssl_in_production, :allow_ssl_in_staging, :allow_ssl_in_development_and_test]
@preferences_currency = [:display_currency, :hide_cents]
end
@@ -24,15 +22,6 @@ def update
redirect_to edit_admin_general_settings_path
end
- def dismiss_alert
- if request.xhr? and params[:alert_id]
- dismissed = Spree::Config[:dismissed_spree_alerts] || ''
- Spree::Config.set dismissed_spree_alerts: dismissed.split(',').push(params[:alert_id]).join(',')
- filter_dismissed_alerts
- render nothing: true
- end
- end
-
def clear_cache
Rails.cache.clear
invoke_callbacks(:clear_cache, :after)
@@ -1,5 +0,0 @@
-<div class="alert <%= alert['severity'].downcase %>">
- <%= alert['message'] %> <%= link_to alert['url_name'], alert['url'] if alert['url'] %>
- <%= link_to 'X', spree.dismiss_alert_admin_general_settings_path(:alert_id => alert['id']),
- :remote => true, :method => :post, :class => 'dismiss' %>
-</div>
@@ -28,8 +28,6 @@
</div>
</div>
- <%= render :partial => 'spree/admin/shared/alert', :collection => session[:alerts] %>
-
<%= render :partial => 'spree/admin/shared/header' %>
<%= render :partial => 'spree/admin/shared/menu' %>
<%= render :partial => 'spree/admin/shared/sub_menu' %>
View
@@ -112,7 +112,6 @@
resource :general_settings do
collection do
- post :dismiss_alert
post :clear_cache
end
end
@@ -1,25 +0,0 @@
-require 'spec_helper'
-
-describe 'alerts', :type => :controller do
- stub_authorization!
-
- controller(Spree::Admin::BaseController) do
- def index
- render :text => 'ok'
- end
-
- def should_check_alerts?
- true
- end
- end
-
- before do
- # Spree::Alert.should_receive(:current).and_return("string")
- end
-
- # Regression test for #3716
- it "alerts returned wrong data type" do
- get :index, {}
- expect(response.body).to eq('ok')
- end
-end
@@ -3,11 +3,11 @@
# we call process directly instead of get
require 'spec_helper'
-describe Spree::Admin::BaseController, :type => :controller do
+describe Spree::Admin::BaseController, type: :controller do
controller(Spree::Admin::BaseController) do
def index
authorize! :update, Spree::Order
- render :text => 'test'
+ render text: 'test'
end
end
@@ -22,42 +22,4 @@ def index
expect(response).to redirect_to '/root'
end
end
-
- describe "check alerts" do
- stub_authorization!
-
- it "checks alerts with before_filter" do
- expect(controller).to receive :check_alerts
- process :index
- end
-
- it "saves alerts into session" do
- allow(controller).to receive_messages(:should_check_alerts? => true)
- expect(Spree::Alert).to receive(:current).and_return([{"id" => "1", "message" => "test alert", "severity" => 'release'}])
- process :index
- expect(session[:alerts].first["message"]).to eq "test alert"
- end
-
- describe "should_check_alerts?" do
- before do
- allow(Rails.env).to receive_messages(:production? => true)
- Spree::Config[:check_for_spree_alerts] = true
- Spree::Config[:last_check_for_spree_alerts] = nil
- end
-
- it "only checks alerts if production and preference is true" do
- expect(controller.send(:should_check_alerts?)).to be true
- end
-
- it "only checks for production" do
- allow(Rails.env).to receive_messages(:production? => false)
- expect(controller.send(:should_check_alerts?)).to be false
- end
-
- it "only checks if preference is true" do
- Spree::Config[:check_for_spree_alerts] = false
- expect(controller.send(:should_check_alerts?)).to be false
- end
- end
- end
end
@@ -1,17 +0,0 @@
-require 'httparty'
-
-module Spree
- class Alert
- def self.current(host)
- params = {
- version: Spree.version,
- name: Spree::Store.current.name,
- host: host,
- rails_env: Rails.env,
- rails_version: Rails.version
- }
-
- HTTParty.get('http://alerts.spreecommerce.com/alerts.json', query: params).parsed_response
- end
- end
-end
@@ -36,7 +36,6 @@ class AppConfiguration < Preferences::Configuration
preference :auto_capture, :boolean, default: false # automatically capture the credit card (as opposed to just authorize and capture later)
preference :auto_capture_on_dispatch, :boolean, default: false # Captures payment for each shipment in Shipment#after_ship callback, and makes Shipment.ready when payment authorized.
preference :binary_inventory_cache, :boolean, default: false # only invalidate product cache when a stock item changes whether it is in_stock
- preference :check_for_spree_alerts, :boolean, default: false
preference :checkout_zone, :string, default: nil # replace with the name of a zone if you would like to limit the countries
preference :company, :boolean, default: false # Request company field for billing and shipping addr
preference :currency, :string, default: "USD"
@@ -46,11 +45,9 @@ class AppConfiguration < Preferences::Configuration
preference :currency_thousands_separator, :string, default: ","
preference :display_currency, :boolean, default: false
preference :default_country_id, :integer
- preference :dismissed_spree_alerts, :string, default: ''
preference :expedited_exchanges, :boolean, default: false # NOTE this requires payment profiles to be supported on your gateway of choice as well as a delayed job handler to be configured with activejob. kicks off an exchange shipment upon return authorization save. charge customer if they do not return items within timely manner.
preference :expedited_exchanges_days_window, :integer, default: 14 # the amount of days the customer has to return their item after the expedited exchange is shipped in order to avoid being charged
preference :hide_cents, :boolean, default: false
- preference :last_check_for_spree_alerts, :string, default: nil
preference :layout, :string, default: 'spree/layouts/spree_application'
preference :logo, :string, default: 'logo/spree_50.png'
preference :max_level_in_taxons_menu, :integer, default: 1 # maximum nesting level in taxons menu
@@ -525,7 +525,6 @@ en:
categories: Categories
category: Category
charged: Charged
- check_for_spree_alerts: Check for Spree alerts
checkout: Checkout
choose_a_customer: Choose a customer
choose_a_taxon_to_sort_products_for: "Choose a taxon to sort products for"
@@ -1,16 +0,0 @@
-HTTP/1.1 200 OK
-Server: nginx/0.7.65
-Date: Thu, 01 Nov 2012 00:49:03 GMT
-Content-Type: application/json; charset=utf-8
-Transfer-Encoding: chunked
-Connection: keep-alive
-Keep-Alive: timeout=5
-Vary: Accept-Encoding
-Status: 200 OK
-ETag: "95cbb123f97455ca5767677a1938f677"
-X-UA-Compatible: IE=Edge,chrome=1
-X-Rack-Cache: miss
-X-Runtime: 0.027425
-Cache-Control: max-age=0, private, must-revalidate
-
-[{"created_at":"2012-07-13T11:47:58Z","updated_at":"2012-07-13T11:47:58Z","url":"http://spreecommerce.com/blog/2012/07/12/spree-1-0-6-released/","id":24,"url_name":"Blog Post","severity":"Release","message":"Spree 1.0.6 Released"},{"created_at":"2012-07-05T15:32:38Z","updated_at":"2012-07-05T15:32:38Z","url":" http://spreecommerce.com/blog/2012/07/05/security-issue-all-versions","id":23,"url_name":"Blog Post","severity":"Security","message":"A vulnerability exists in Product Scopes that could allow for unauthenticated remote command execution. There is also a potential XSS vulnerability related to the analytics dashboard."},{"created_at":"2012-05-17T00:01:39Z","updated_at":"2012-05-17T00:01:39Z","url":"http://spreecommerce.com/blog/2012/05/16/spree-1-1-1-released/","id":22,"url_name":"Spree 1.1.1 Released","severity":"Release","message":"A minor patch release to prior versions of Spree 1.1.x is now available."},{"created_at":"2012-05-03T17:05:45Z","updated_at":"2012-05-03T17:05:45Z","url":"http://spreecommerce.com/blog/2012/04/30/spree-1-1-0-released/","id":21,"url_name":"Spree 1.1.0 Released","severity":"Release","message":"New version of Spree is available"},{"created_at":"2012-03-16T11:54:39Z","updated_at":"2012-03-16T11:54:39Z","url":"http://spreecommerce.com/blog/2012/03/15/spree-1-0-3-released","id":20,"url_name":"Release Notes","severity":"Security","message":"Spree 1.0.3 has been released. Addresses a recently discovered security vulnerability."},{"created_at":"2012-03-16T11:53:03Z","updated_at":"2012-03-16T11:54:58Z","url":"http://spreecommerce.com/blog/2012/03/15/spree-0-70-5-released","id":19,"url_name":"Release Notes","severity":"Security","message":"Spree 0.70.5 has been released. Addresses a recently discovered security vulnerability."},{"created_at":"2012-03-16T11:50:53Z","updated_at":"2012-03-16T11:55:15Z","url":"http://spreecommerce.com/blog/2012/03/15/spree-0-60-6-released","id":18,"url_name":"Release Notes","severity":"Security","message":"Spree 0.60.6 has been released. Addresses a recently discovered security vulnerability."},{"created_at":"2012-03-05T16:18:17Z","updated_at":"2012-03-05T16:18:17Z","url":"http://spreecommerce.com/blog/2012/03/05/spree-1-0-1-released/","id":17,"url_name":"Spree 1.0.1 Released","severity":"Security","message":"Two major security issues in Rails have recently been discovered. Please upgrade to a more secure version of Spree."},{"created_at":"2012-03-05T16:17:36Z","updated_at":"2012-03-05T16:17:36Z","url":"http://spreecommerce.com/blog/2012/03/05/spree-0-70-4-released/","id":16,"url_name":"Spree 0.70.4 Released","severity":"Security","message":"Two major security issues in Rails have recently been discovered. Please upgrade to a more secure version of Spree."},{"created_at":"2012-03-05T16:16:28Z","updated_at":"2012-03-05T16:16:28Z","url":"http://spreecommerce.com/blog/2012/03/05/spree-0-60-5-released/","id":15,"url_name":"Spree 0.60.5 Released","severity":"Security","message":"Two major security issues in Rails have recently been discovered. Please upgrade to a more secure version of Spree."},{"created_at":"2012-02-22T13:03:29Z","updated_at":"2012-02-22T13:03:29Z","url":"http://guides.spreecommerce.com/release_notes_1_0_0.html","id":14,"url_name":"Release Notes","severity":"Release","message":"The official release of Spree 1.0.0 is available"},{"created_at":"2011-11-24T19:59:36Z","updated_at":"2011-11-24T19:59:36Z","url":"http://spreecommerce.com/blog/2011/11/24/spree-0-70-3-released/","id":13,"url_name":"Announcement","severity":"Release","message":"Spree 0.70.3 is now available. Works with the new Rails 3.1.3."},{"created_at":"2011-11-24T19:58:41Z","updated_at":"2011-11-24T19:58:41Z","url":"http://spreecommerce.com/blog/2011/11/20/spree-0-70-2-released/","id":12,"url_name":"Security Alert","severity":"Security","message":"Security vulnerability in Rails 3.1.1 you should update to Spree 0.70.2 or higher."},{"created_at":"2011-10-21T19:41:32Z","updated_at":"2011-10-21T19:41:32Z","url":"http://spreecommerce.com/blog/2011/10/05/remote-command-product-group/","id":11,"url_name":"Blog Post","severity":"Security","message":"We have now backported an important security patch for Spree 0.50.x. Please upgrade immediately."},{"created_at":"2011-10-21T18:56:07Z","updated_at":"2011-10-21T18:56:07Z","url":"http://weblog.rubyonrails.org/2011/8/16/ann-rails-3-0-10","id":10,"url_name":"Blog Post","severity":"Security","message":"New 0.60.4 release addresses a Rails security issue. Please upgrade ASAP."},{"created_at":"2011-10-20T01:15:59Z","updated_at":"2011-10-20T14:29:11Z","url":"http://spreecommerce.com/blog/2011/10/20/spree-0-70-1-released/","id":9,"url_name":"Blog Post","severity":"Release","message":"Spree 0.70.1 has been released. "}]
@@ -1,33 +0,0 @@
-require 'spec_helper'
-require 'webmock'
-
-module Spree
- describe Spree::Alert, :type => :model do
- include WebMock::API
-
- before { WebMock.enable! }
-
- it "gets current alerts" do
- alerts_json = File.read(File.join(fixture_path, "alerts.json"))
-
- stub_request(:get, "alerts.spreecommerce.com/alerts.json").
- with(:query => {
- version: Spree.version,
- name: Spree::Store.current.name,
- host: "localhost",
- rails_env: Rails.env,
- rails_version: Rails.version
- }).to_return(alerts_json)
- alerts = Spree::Alert.current("localhost")
- expect(alerts.first).to eq({
- "created_at"=>"2012-07-13T11:47:58Z",
- "updated_at"=>"2012-07-13T11:47:58Z",
- "url"=>"http://spreecommerce.com/blog/2012/07/12/spree-1-0-6-released/",
- "id"=>24,
- "url_name"=>"Blog Post",
- "severity"=>"Release",
- "message"=>"Spree 1.0.6 Released"
- })
- end
- end
-end
View
@@ -27,7 +27,6 @@ Gem::Specification.new do |s|
s.add_dependency 'font-awesome-rails', '~> 4.0'
s.add_dependency 'friendly_id', '~> 5.0.4'
s.add_dependency 'highline', '~> 1.6.18' # Necessary for the install generator
- s.add_dependency 'httparty', '~> 0.11' # For checking alerts.
s.add_dependency 'json', '~> 1.7'
s.add_dependency 'kaminari', '~> 0.15', '>= 0.15.1'
s.add_dependency 'monetize', '~> 1.1'
@@ -412,14 +412,6 @@ Determines whether or not a currency is displayed with a price. Defaults to `fal
The default country's id. Defaults to 214, as this is the id for the United States within the seed data.
-`dismissed_spree_alerts`
-
-The list of alert IDs that you have dismissed.
-
-`last_check_for_spree_alerts`
-
-Stores the last time that alerts were checked for. Alerts are checked for every 12 hours.
-
`layout`
The path to the layout of your application, relative to the `app/views` directory. Defaults to `spree/layouts/spree_application`. To make Spree use your application's layout rather than Spree's default, use this:
Oops, something went wrong.

0 comments on commit d9bd194

Please sign in to comment.