Merge/upstream into master#198
Merged
Merged
Conversation
* Admin: Better new user form * Disable User editing
* Merge all strings into en.yml * Latest language strings * Use _() translation function for internationalization. * Normalization & latest language strings
* More String Translations * Fix method calls * Fix more method calls * Move all strings to gettext * Fix call signature * More string translations
* Test Coverage * log_event tests and a couple fixes * System tests
* Clean up and improve docker compose file * Removed older compose files * Make "stable" tag the default * More compose documentation and better entrypoint * Fix health endpoint
* Change default database location * Set new SQLite3 database path in /storage/db directory
* Add a timeout to the default sqlite3 connection * Use dotenv to setup env for shell access
* Add a background job to delete finished jobs * Add queue name for a job * Update schedule for a background job --------- Co-authored-by: Peter Giacomo Lombardo <pglombardo@hey.com>
* Fix flaky system tests by pinning Chrome to v133 Chrome 134+ has a known bug causing intermittent Selenium/Capybara failures where session paths don't update correctly after visit() calls. Also fixes deprecated set-output GitHub Actions command. See: teamcapybara/capybara#2800 * Install ChromeDriver and set CHROME_BIN for Selenium Ensure Selenium uses the pinned Chrome 133 instead of system Chrome by setting CHROME_BIN environment variable and installing matching ChromeDriver. * Configure Capybara to use CHROME_BIN for pinned Chrome binary The CHROME_BIN environment variable was being set but Selenium wasn't configured to use it. This registers a custom Capybara driver that explicitly passes the binary path to Chrome options when CHROME_BIN is set.
* Add edit and update functionality for pushes with appropriate validations and UI updates * Add integration tests for editing various push types with validations * Update push expiration logic to skip validations and enhance push controls in UI tests * Add logging for push updates and enhance audit log entries * Update push forms to display current expiration values and enhance edit functionality * Refactor push update logging and validation; add new audit log view for updates * Update app/controllers/pushes_controller.rb Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update app/controllers/pushes_controller.rb Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Remove passphrase from expired pushes and update related tests * Update app/views/pushes/_files_form.html.erb Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Refactor update action to use update_params for stronger parameter handling and security * Refactor push attribute assignment methods for clarity and consistency * Update deletable_by_viewer and retrieval_step handling to include '1' as a valid input * Refactor push validation tests to remove explicit update context * Enhance push update logic to prevent file clearance and improve file handling in forms * Implement file deletion functionality and enhance file handling in push updates * Refactor checkbox handling in push form and update edit push test for header consistency * Refactor push preview messages and enhance checkbox options handling - Updated the preview page to consistently display "Push Preview" instead of "Your push has been created." - Refactored checkbox options in forms to use a helper method for better maintainability and readability. - Removed unnecessary logging in the delete_file action of the PushesController. - Cleaned up integration tests to reflect the updated preview message. - Removed commented-out test code related to file uploads in the file push editing test. * Update push preview header text for consistency * Refactor delete_file method to remove unnecessary logging and improve readability; update tests for created_at assertion and checkbox rendering * Fix x_default attribute references to x-default in checkbox handling for consistency * Add tests for checkbox_options_for_push helper and x-default attribute handling * Update forms to display remaining days and views instead of original values * Improve error message assertions for incorrect passphrase attempts in tests * Fix user ownership checks in edit, update, and delete_file actions * Prevent unnecessary updates for unchanged expiration values in push edits * Add integration tests for push updates and security handling * Update google-apis-storage_v1 gem to version 0.58.0 * Pushes#edit: Remove unused tab variables * Pushes#edit: Set expiration min values to be +1 of already consumed * Refactor file handling in PushesController to simplify logic and ensure files are only attached after validation passes * Update forms to conditionally display save block based on edit action; add integration tests to verify visibility behavior for file, QR, and URL pushes. * Update GitHub Actions workflow to pin Chrome to version 133 and add support for multiple storage providers in storage.yml * Update Gemfile.lock to bump aws-partitions to 1.1209.0, modify GitHub Actions workflow for Chrome driver configuration, and enhance system test setup with a custom headless Chrome driver for CI compatibility. * Fix GitHub Actions workflow by ensuring newline at end of file for job_failed template configuration. * Refactor audit log event names from :update_push to :edit, update related tests and remove obsolete view template. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Peter Giacomo Lombardo <pglombardo@hey.com>
* Add server-side validation for edit push expiration values Security fix: Prevent users from setting expiration values below already-consumed thresholds when editing pushes. Changes: - Add server-side validation in update action that rejects requests where expire_after_views < view_count + 1 or expire_after_days < days_old + 1 - Fix client-side min validation for expire_after_views in _form.html.erb to match other form templates (files, url, qr) - Add 4 new integration tests for expiration validation This addresses a security gap where malicious users could bypass client-side HTML min attributes and submit invalid expiration values via direct requests. * Fix validation order: filter unchanged values before validating Reorder the expiration validation logic to filter out unchanged values before applying min threshold validation. This fixes the case where submitting the current remaining value (no change intended) was being incorrectly rejected by the server-side validation.
Switch from GitHub main branch to the official 5.0 release now that it's available.
Removed Twitter follow badge from README.
Bumps [prism](https://github.com/ruby/prism) from 1.8.0 to 1.9.0. - [Release notes](https://github.com/ruby/prism/releases) - [Changelog](https://github.com/ruby/prism/blob/main/CHANGELOG.md) - [Commits](ruby/prism@v1.8.0...v1.9.0) --- updated-dependencies: - dependency-name: prism dependency-version: 1.9.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [aws-partitions](https://github.com/aws/aws-sdk-ruby) from 1.1209.0 to 1.1210.0. - [Release notes](https://github.com/aws/aws-sdk-ruby/releases) - [Changelog](https://github.com/aws/aws-sdk-ruby/blob/version-3/gems/aws-partitions/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-ruby/commits) --- updated-dependencies: - dependency-name: aws-partitions dependency-version: 1.1210.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ng (#4155) * Push edit: blur payload, reveal UX, character count fix, header styling - Blur textarea on push#edit when push.text? and enable_blur; add spoiler + reveal zone - Payload reveal zone: info banner, icon, standard.css cursor/min-height - Fix character count on edit: run updateCharacterCount in passwords controller connect() - Improve Editing Push header: card-style bar, icon, monospace token * Update system test: edit header is h4 not h3 * Address Copilot review: data-spoiler-state DOM attr, edit blur test - spoiler_alert.js: use setAttribute/getAttribute for data-spoiler-state so CSS selector [data-spoiler-state=revealed] in standard.css applies - Add integration test for edit-page blur: spoiler class, no autofocus, reveal zone with instructions when enable_blur is true
- Remove :unsafe_inline from script_src and script_src_elem in CSP - Add countdown_controller.js for file link expiration countdown - Replace inline script in _push_expiration partial with Stimulus - GA scripts already use nonce; Plausible is external only
…tes; migrate branding into consolidated 'pushes' views; preserve logos; add footer improvements
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.