diff --git a/Gemfile b/Gemfile index f261f8e8f8..56f11a488d 100644 --- a/Gemfile +++ b/Gemfile @@ -7,11 +7,11 @@ gem 'attr_encrypted', '~> 3.1.0' gem 'awesome_print' gem 'bootsnap', '>= 1.1.0', require: false gem 'cloudflare-rails', '~> 0.4.0' -gem 'connection_pool','~> 2.2.2' +gem 'connection_pool', '~> 2.2.2' gem 'dalli', '~> 2.7.9' gem 'ddtrace', '~> 0.18.2' gem 'faraday', '~> 0.15.4', require: false -gem "fog-aws", "~> 3.3" +gem 'fog-aws', '~> 3.3' gem 'htmlentities', '~> 4.3' gem 'jwt', '~> 2.1.0' gem 'lograge' @@ -19,7 +19,7 @@ gem 'memcachier' gem 'nokogiri', '~> 1.10.8' gem 'oauth2', '~> 1.4.1' gem 'omniauth', '~> 1.9.0' -gem 'omniauth-oauth2' +gem 'omniauth-oauth2', '~> 1.6.0' gem 'omniauth-rails_csrf_protection', '~> 0.1.2' gem 'pg', '~> 1.1' gem 'puma', '~> 3.12' @@ -39,29 +39,29 @@ gem 'wicked', '~> 1.3.4' group :development, :test do gem 'brakeman' # Call 'byebug' anywhere in the code to stop execution and get a debugger console - gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] + gem 'byebug', platforms: %i[mri mingw x64_mingw] gem 'dotenv-rails' gem 'erb_lint', require: false gem 'factory_bot_rails' - gem 'guard-rspec', '~> 4.7.3', :require => false + gem 'guard-rspec', '~> 4.7.3', require: false gem 'reek' - gem 'rubocop' - gem 'rubocop-rspec' gem 'rspec-mocks' gem 'rspec-rails', '~> 3.8' + gem 'rubocop' + gem 'rubocop-rspec' gem 'webmock' end group :development do # Access an interactive console on exception pages or by calling 'console' anywhere in the code. - gem 'web-console', '>= 3.3.0' gem 'listen', '>= 3.0.5', '< 3.2' gem 'spring' gem 'spring-watcher-listen', '~> 2.0.0' + gem 'web-console', '>= 3.3.0' end group :test do - gem 'axe-matchers', '>= 2.5.0', :require => false + gem 'axe-matchers', '>= 2.5.0', require: false gem 'capybara', '>= 2.15' gem 'rails-controller-testing' gem 'selenium-webdriver' @@ -70,4 +70,4 @@ group :test do gem 'webdrivers' end -gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] +gem 'tzinfo-data', platforms: %i[mingw mswin x64_mingw jruby] diff --git a/Gemfile.lock b/Gemfile.lock index a6f53e30a0..0f295965e1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,55 +1,55 @@ GEM remote: https://rubygems.org/ specs: - actioncable (5.2.2) - actionpack (= 5.2.2) + actioncable (5.2.4.2) + actionpack (= 5.2.4.2) nio4r (~> 2.0) websocket-driver (>= 0.6.1) - actionmailer (5.2.2) - actionpack (= 5.2.2) - actionview (= 5.2.2) - activejob (= 5.2.2) + actionmailer (5.2.4.2) + actionpack (= 5.2.4.2) + actionview (= 5.2.4.2) + activejob (= 5.2.4.2) mail (~> 2.5, >= 2.5.4) rails-dom-testing (~> 2.0) - actionpack (5.2.2) - actionview (= 5.2.2) - activesupport (= 5.2.2) - rack (~> 2.0) + actionpack (5.2.4.2) + actionview (= 5.2.4.2) + activesupport (= 5.2.4.2) + rack (~> 2.0, >= 2.0.8) rack-test (>= 0.6.3) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.2) - actionview (5.2.2) - activesupport (= 5.2.2) + actionview (5.2.4.2) + activesupport (= 5.2.4.2) builder (~> 3.1) erubi (~> 1.4) rails-dom-testing (~> 2.0) rails-html-sanitizer (~> 1.0, >= 1.0.3) - activejob (5.2.2) - activesupport (= 5.2.2) + activejob (5.2.4.2) + activesupport (= 5.2.4.2) globalid (>= 0.3.6) - activemodel (5.2.2) - activesupport (= 5.2.2) - activerecord (5.2.2) - activemodel (= 5.2.2) - activesupport (= 5.2.2) + activemodel (5.2.4.2) + activesupport (= 5.2.4.2) + activerecord (5.2.4.2) + activemodel (= 5.2.4.2) + activesupport (= 5.2.4.2) arel (>= 9.0) - activestorage (5.2.2) - actionpack (= 5.2.2) - activerecord (= 5.2.2) + activestorage (5.2.4.2) + actionpack (= 5.2.4.2) + activerecord (= 5.2.4.2) marcel (~> 0.3.1) - activesupport (5.2.2) + activesupport (5.2.4.2) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) tzinfo (~> 1.1) - addressable (2.5.2) - public_suffix (>= 2.0.2, < 4.0) + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) arel (9.0.0) ast (2.4.0) attr_encrypted (3.1.0) encryptor (~> 3.0.0) awesome_print (1.8.0) - axe-matchers (2.5.0) + axe-matchers (2.6.1) dumb_delegator (~> 0.8) virtus (~> 1.0) axiom-types (0.1.1) @@ -64,22 +64,21 @@ GEM html_tokenizer (~> 0.0.6) parser (>= 2.4) smart_properties - bindex (0.5.0) - bootsnap (1.3.2) + bindex (0.8.1) + bootsnap (1.4.6) msgpack (~> 1.0) - brakeman (4.7.2) - builder (3.2.3) - byebug (10.0.2) - capybara (3.12.0) + brakeman (4.8.0) + builder (3.2.4) + byebug (11.1.1) + capybara (3.31.0) addressable mini_mime (>= 0.1.3) nokogiri (~> 1.8) rack (>= 1.6.0) rack-test (>= 0.6.3) - regexp_parser (~> 1.2) + regexp_parser (~> 1.5) xpath (~> 3.2) - childprocess (0.9.0) - ffi (~> 1.0, >= 1.0.11) + childprocess (3.0.0) cloudflare-rails (0.4.0) httparty rails (~> 5.0) @@ -88,26 +87,26 @@ GEM coderay (1.1.2) coercible (1.0.0) descendants_tracker (~> 0.0.1) - concurrent-ruby (1.1.4) + concurrent-ruby (1.1.6) connection_pool (2.2.2) crack (0.4.3) safe_yaml (~> 1.0.0) crass (1.0.6) - dalli (2.7.9) - ddtrace (0.18.2) + dalli (2.7.10) + ddtrace (0.18.3) msgpack opentracing (>= 0.4.1) descendants_tracker (0.0.4) thread_safe (~> 0.3, >= 0.3.1) diff-lcs (1.3) - docile (1.3.1) - domain_name (0.5.20180417) + docile (1.3.2) + domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dotenv (2.6.0) - dotenv-rails (2.6.0) - dotenv (= 2.6.0) - railties (>= 3.2, < 6.0) - dumb_delegator (0.8.0) + dotenv (2.7.5) + dotenv-rails (2.7.5) + dotenv (= 2.7.5) + railties (>= 3.2, < 6.1) + dumb_delegator (0.8.1) encryptor (3.0.0) equalizer (0.0.11) erb_lint (0.0.30) @@ -117,25 +116,25 @@ GEM rainbow rubocop (~> 0.51) smart_properties - erubi (1.8.0) - excon (0.71.0) + erubi (1.9.0) + excon (0.73.0) execjs (2.7.0) - factory_bot (4.11.1) - activesupport (>= 3.0.0) - factory_bot_rails (4.11.1) - factory_bot (~> 4.11.1) - railties (>= 3.0.0) + factory_bot (5.1.1) + activesupport (>= 4.2.0) + factory_bot_rails (5.1.1) + factory_bot (~> 5.1.0) + railties (>= 4.2.0) faraday (0.15.4) multipart-post (>= 1.2, < 3) - ffi (1.10.0) - fog-aws (3.3.0) + ffi (1.12.2) + fog-aws (3.6.2) fog-core (~> 2.1) fog-json (~> 1.1) fog-xml (~> 0.1) ipaddress (~> 0.8) - fog-core (2.1.2) + fog-core (2.2.0) builder - excon (~> 0.58) + excon (~> 0.71) formatador (~> 0.2) mime-types fog-json (1.2.0) @@ -147,7 +146,7 @@ GEM formatador (0.2.5) globalid (0.4.2) activesupport (>= 4.2.0) - guard (2.15.0) + guard (2.16.1) formatador (>= 0.2.4) listen (>= 2.7, < 4.0) lumberjack (>= 1.0.12, < 2.0) @@ -161,28 +160,27 @@ GEM guard (~> 2.1) guard-compat (~> 1.1) rspec (>= 2.99.0, < 4.0) - hashdiff (0.3.8) - hashie (3.6.0) + hashdiff (1.0.1) + hashie (4.1.0) html_tokenizer (0.0.7) htmlentities (4.3.4) http-cookie (1.0.3) domain_name (~> 0.5) - httparty (0.16.3) + httparty (0.18.0) mime-types (~> 3.0) multi_xml (>= 0.5.2) - i18n (1.5.2) + i18n (1.8.2) concurrent-ruby (~> 1.0) ice_nine (0.11.2) ipaddress (0.8.3) - jaro_winkler (1.5.2) - json (2.1.0) + jaro_winkler (1.5.4) jwt (2.1.0) kwalify (0.7.2) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) - lograge (0.10.0) + lograge (0.11.2) actionpack (>= 4) activesupport (>= 4) railties (>= 4) @@ -190,80 +188,79 @@ GEM loofah (2.4.0) crass (~> 1.0.2) nokogiri (>= 1.5.9) - lumberjack (1.0.13) + lumberjack (1.2.4) mail (2.7.1) mini_mime (>= 0.1.1) marcel (0.3.3) mimemagic (~> 0.3.2) memcachier (0.0.2) - method_source (0.9.2) - mime-types (3.2.2) + method_source (1.0.0) + mime-types (3.3.1) mime-types-data (~> 3.2015) - mime-types-data (3.2018.0812) - mimemagic (0.3.3) - mini_mime (1.0.1) + mime-types-data (3.2019.1009) + mimemagic (0.3.4) + mini_mime (1.0.2) mini_portile2 (2.4.0) - minitest (5.11.3) - msgpack (1.2.6) - multi_json (1.13.1) + minitest (5.14.0) + msgpack (1.3.3) + multi_json (1.14.1) multi_xml (0.6.0) multipart-post (2.1.1) nenv (0.3.0) netrc (0.11.0) - nio4r (2.3.1) - nokogiri (1.10.8) + nio4r (2.5.2) + nokogiri (1.10.9) mini_portile2 (~> 2.4.0) - notiffany (0.1.1) + notiffany (0.1.3) nenv (~> 0.1) shellany (~> 0.0) - oauth2 (1.4.1) - faraday (>= 0.8, < 0.16.0) + oauth2 (1.4.4) + faraday (>= 0.8, < 2.0) jwt (>= 1.0, < 3.0) multi_json (~> 1.3) multi_xml (~> 0.5) rack (>= 1.2, < 3) - omniauth (1.9.0) - hashie (>= 3.4.6, < 3.7.0) + omniauth (1.9.1) + hashie (>= 3.4.6) rack (>= 1.6.2, < 3) - omniauth-oauth2 (1.5.0) + omniauth-oauth2 (1.6.0) oauth2 (~> 1.1) - omniauth (~> 1.2) + omniauth (~> 1.9) omniauth-rails_csrf_protection (0.1.2) actionpack (>= 4.2) omniauth (>= 1.3.1) - opentracing (0.4.3) - parallel (1.12.1) - parser (2.5.3.0) + opentracing (0.5.0) + parallel (1.19.1) + parser (2.7.0.5) ast (~> 2.4.0) - pg (1.1.4) - powerpack (0.1.2) - pry (0.12.2) - coderay (~> 1.1.0) - method_source (~> 0.9.0) + pg (1.2.3) + pry (0.13.0) + coderay (~> 1.1) + method_source (~> 1.0) psych (3.1.0) - public_suffix (3.0.3) + public_suffix (4.0.3) puma (3.12.4) - rack (2.0.8) + rack (2.0.9) rack-attack (5.4.2) rack (>= 1.0, < 3) - rack-cors (1.0.5) - rack (>= 1.6.0) - rack-protection (2.0.5) + rack-cors (1.1.1) + rack (>= 2.0.0) + rack-protection (2.0.8.1) rack rack-test (1.1.0) rack (>= 1.0, < 3) - rails (5.2.2) - actioncable (= 5.2.2) - actionmailer (= 5.2.2) - actionpack (= 5.2.2) - actionview (= 5.2.2) - activejob (= 5.2.2) - activemodel (= 5.2.2) - activerecord (= 5.2.2) - activestorage (= 5.2.2) - activesupport (= 5.2.2) + rails (5.2.4.2) + actioncable (= 5.2.4.2) + actionmailer (= 5.2.4.2) + actionpack (= 5.2.4.2) + actionview (= 5.2.4.2) + activejob (= 5.2.4.2) + activemodel (= 5.2.4.2) + activerecord (= 5.2.4.2) + activestorage (= 5.2.4.2) + activesupport (= 5.2.4.2) bundler (>= 1.3.0) - railties (= 5.2.2) + railties (= 5.2.4.2) sprockets-rails (>= 2.0.0) rails-controller-testing (1.0.4) actionpack (>= 5.0.1.x) @@ -274,116 +271,115 @@ GEM nokogiri (>= 1.6) rails-html-sanitizer (1.3.0) loofah (~> 2.3) - railties (5.2.2) - actionpack (= 5.2.2) - activesupport (= 5.2.2) + railties (5.2.4.2) + actionpack (= 5.2.4.2) + activesupport (= 5.2.4.2) method_source rake (>= 0.8.7) thor (>= 0.19.0, < 2.0) rainbow (3.0.0) rake (13.0.1) rb-fsevent (0.10.3) - rb-inotify (0.10.0) + rb-inotify (0.10.1) ffi (~> 1.0) - redis (4.1.0) - redis-actionpack (5.0.2) - actionpack (>= 4.0, < 6) - redis-rack (>= 1, < 3) + redis (4.1.3) + redis-actionpack (5.2.0) + actionpack (>= 5, < 7) + redis-rack (>= 2.1.0, < 3) redis-store (>= 1.1.0, < 2) - redis-activesupport (5.0.7) - activesupport (>= 3, < 6) + redis-activesupport (5.2.0) + activesupport (>= 3, < 7) redis-store (>= 1.3, < 2) - redis-rack (2.0.5) - rack (>= 1.5, < 3) + redis-rack (2.1.2) + rack (>= 2.0.8, < 3) redis-store (>= 1.2, < 2) redis-rails (5.0.2) redis-actionpack (>= 5.0, < 6) redis-activesupport (>= 5.0, < 6) redis-store (>= 1.2, < 2) - redis-store (1.6.0) - redis (>= 2.2, < 5) - reek (5.4.0) + redis-store (1.8.2) + redis (>= 4, < 5) + reek (5.6.0) codeclimate-engine-rb (~> 0.4.0) kwalify (~> 0.7.0) - parser (>= 2.5.0.0, < 2.7, != 2.5.1.1) + parser (>= 2.5.0.0, < 2.8, != 2.5.1.1) psych (~> 3.1.0) rainbow (>= 2.0, < 4.0) - regexp_parser (1.3.0) - request_store (1.4.1) + regexp_parser (1.7.0) + request_store (1.5.0) rack (>= 1.4) rest-client (2.0.2) http-cookie (>= 1.0.2, < 2.0) mime-types (>= 1.16, < 4.0) netrc (~> 0.8) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.2) + rexml (3.2.4) + rspec (3.9.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-core (3.9.1) + rspec-support (~> 3.9.1) + rspec-expectations (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-mocks (3.8.0) + rspec-support (~> 3.9.0) + rspec-mocks (3.9.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-rails (3.8.1) + rspec-support (~> 3.9.0) + rspec-rails (3.9.1) actionpack (>= 3.0) activesupport (>= 3.0) railties (>= 3.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.0) - rubocop (0.62.0) + rspec-core (~> 3.9.0) + rspec-expectations (~> 3.9.0) + rspec-mocks (~> 3.9.0) + rspec-support (~> 3.9.0) + rspec-support (3.9.2) + rubocop (0.80.1) jaro_winkler (~> 1.5.1) parallel (~> 1.10) - parser (>= 2.5, != 2.5.1.1) - powerpack (~> 0.1) + parser (>= 2.7.0.1) rainbow (>= 2.2.2, < 4.0) + rexml ruby-progressbar (~> 1.7) - unicode-display_width (~> 1.4.0) - rubocop-rspec (1.31.0) - rubocop (>= 0.60.0) - ruby-progressbar (1.10.0) + unicode-display_width (>= 1.4.0, < 1.7) + rubocop-rspec (1.38.1) + rubocop (>= 0.68.1) + ruby-progressbar (1.10.1) ruby_dep (1.5.0) - rubyzip (1.3.0) - safe_yaml (1.0.4) - sass (3.7.3) + rubyzip (2.3.0) + safe_yaml (1.0.5) + sass (3.7.4) sass-listen (~> 4.0.0) sass-listen (4.0.0) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) - sass-rails (5.0.7) - railties (>= 4.0.0, < 6) + sass-rails (5.1.0) + railties (>= 5.2.0) sass (~> 3.1) sprockets (>= 2.8, < 4.0) sprockets-rails (>= 2.0, < 4.0) tilt (>= 1.1, < 3) - selenium-webdriver (3.141.0) - childprocess (~> 0.5) - rubyzip (~> 1.2, >= 1.2.2) + selenium-webdriver (3.142.7) + childprocess (>= 0.5, < 4.0) + rubyzip (>= 1.2.2) sentry-raven (2.13.0) faraday (>= 0.7.6, < 1.0) shellany (0.0.1) - shoulda-matchers (3.1.2) + shoulda-matchers (3.1.3) activesupport (>= 4.0.0) - sidekiq (5.2.5) + sidekiq (5.2.8) connection_pool (~> 2.2, >= 2.2.2) - rack (>= 1.5.0) + rack (< 2.1.0) rack-protection (>= 1.5.0) redis (>= 3.3.5, < 5) - simplecov (0.16.1) + simplecov (0.18.5) docile (~> 1.1) - json (>= 1.8, < 3) - simplecov-html (~> 0.10.0) - simplecov-html (0.10.2) + simplecov-html (~> 0.11) + simplecov-html (0.12.2) sitemap_generator (6.0.2) builder (~> 3.0) smart_properties (1.15.0) - spring (2.0.2) - activesupport (>= 4.2) + spring (2.1.0) spring-watcher-listen (2.0.1) listen (>= 2.7, < 4.0) spring (>= 1.2, < 3.0) @@ -394,18 +390,18 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - statesman (4.1.0) - thor (0.20.3) + statesman (4.1.4) + thor (1.0.1) thread_safe (0.3.6) - tilt (2.0.9) - tzinfo (1.2.5) + tilt (2.0.10) + tzinfo (1.2.6) thread_safe (~> 0.1) - uglifier (4.1.20) + uglifier (4.2.0) execjs (>= 0.3.0, < 3) unf (0.1.4) unf_ext - unf_ext (0.0.7.5) - unicode-display_width (1.4.1) + unf_ext (0.0.7.6) + unicode-display_width (1.6.1) virtus (1.0.5) axiom-types (~> 0.1) coercible (~> 1.0) @@ -416,17 +412,17 @@ GEM activemodel (>= 5.0) bindex (>= 0.4.0) railties (>= 5.0) - webdrivers (4.1.0) + webdrivers (4.2.0) nokogiri (~> 1.6) - rubyzip (~> 1.0) + rubyzip (>= 1.3.0) selenium-webdriver (>= 3.0, < 4.0) - webmock (3.5.1) + webmock (3.8.3) addressable (>= 2.3.6) crack (>= 0.3.2) - hashdiff - websocket-driver (0.7.0) + hashdiff (>= 0.4.0, < 2.0.0) + websocket-driver (0.7.1) websocket-extensions (>= 0.1.0) - websocket-extensions (0.1.3) + websocket-extensions (0.1.4) wicked (1.3.4) railties (>= 3.0.7) xpath (3.2.0) @@ -461,7 +457,7 @@ DEPENDENCIES nokogiri (~> 1.10.8) oauth2 (~> 1.4.1) omniauth (~> 1.9.0) - omniauth-oauth2 + omniauth-oauth2 (~> 1.6.0) omniauth-rails_csrf_protection (~> 0.1.2) pg (~> 1.1) puma (~> 3.12) diff --git a/config/initializers/omniauth.rb b/config/initializers/omniauth.rb index dd4e0d7da3..bb46b0ac92 100644 --- a/config/initializers/omniauth.rb +++ b/config/initializers/omniauth.rb @@ -19,7 +19,7 @@ class Stem < OmniAuth::Strategies::OAuth2 achiever_contact_no: 'achieverContactNo', achiever_organisation_no: 'achieverOrganisationNo' }.each_pair do |key, stem_key| - our_info[key] = user_info['attributes'][stem_key][0] if user_info['attributes'].has_key?(stem_key) + our_info[key] = user_info['attributes'][stem_key][0] if user_info['attributes'].key?(stem_key) end our_info end @@ -34,7 +34,7 @@ def user_info def callback_url return super if ENV['BYPASS_OAUTH'].present? - ENV.fetch('STEM_OAUTH_CALLBACK_URL') + full_host + script_name + callback_path end def raven_context(response) @@ -51,6 +51,7 @@ def raven_context(response) end OmniAuth.config.on_failure = AuthController.action(:failure) +OmniAuth.config.logger = Rails.logger if Rails.env.development? if ActiveModel::Type::Boolean.new.cast(ENV.fetch('BYPASS_OAUTH', false)) puts 'Faking OAuth login for review apps'