Merge pull request #1191 from scott/2.4.0rc2

Version 2.4.0

CHANGELOG.md

@@ -0,0 +1,104 @@
+## VERSION 2.4
+
+Version 2.4 is packed with some great new stuff to make your Helpy experience better than ever.  It also includes some important security updates
+to the underlying software running Helpy and its recommended your update as soon as possible.
+
+Security Updates:
+
+- Rails has been updated to 4.2.11.1
+- Devise has been updated to 4.6.1
+- Many other dependencies have been updated
+
+New features, improvements and fixes:
+- New: tag manager for controlling tags through the admin settings.
+- New: Tag picker on the agent ticket view
+- New: Quick KB search when creating or responding to tickets to add links to articles
+- New: Autosave for ticket replies and knowledgebase article editor
+- New: A number of new settings have been added to customize how Helpy works.
+- Fixed: support email addresses are now removed from the CC field automatically
+- Fixed: Flash wrapper width reduced @cr0vy
+- Fixed: Widget mixed content issue with Google Fonts @karser
+- Optimizations: A number of optimizations have been made to improve performance
+- Update: Email parsing has been improved, particularly for non English email
+- Update: Onboarding has been moved to the unlogged-in state.  This only affects new installs
+- Docker: Uploads folder made writable @sarke
+
+## VERSION 2.3
+
+This release includes a new theme contributed by the team at Seravo called "Nordic" (thanks @ottok, @elguitar, @simoke, @tlxo and anyone else I missed), along with a number of dependency updates, bug fixes, and improvements to the docker container.  In addition ENV vars were added for remote file storage and database as a service (docker only) that should make it easier to work with Elastic Beanstalk/Kubernetes.
+
+Full list of improvements and fixes:
+- Dependency updates
+- Fix a bug which disabled validations for associated fields
+- Prevent a 500 when a topic is missing a user_id (direct result of missing validation above)
+- Resolved a lot of intermittent tests
+- New theme: Nordic
+- Enable clicking outside keyboard shortcuts modal to close
+- Conditional support for S3 compatible remote filestore using fog gem
+- Updates to Docker container from @ypcs and adds 
+
+
+## VERSION 2.2
+
+This release includes fixes to several serious vulnerabilities including:
+
+[CVE-2018-18886](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18886).  This fixes a serious XSS vulnerability (Reported by @joanbono). This was fixed in the master branch several weeks ago, but if you are running a prior version, including 1.x releases, you should upgrade to `2.2.0` as soon as possible.
+
+Upgrades Rails to 4.2.11.  This includes a fix to a significant security vulnerability in ActiveJob.
+
+Other improvements in this release include:
+
+- Bring dependencies up to date
+- Improved support for forwarded emails
+- Accept emails from users who use a number in the first part of their email or configured email name
+- Correctly handle emails with no subject
+- Add support for IMAP email
+- Prevent agents from accessing API
+- Harden agents ability to edit administrators
+- Rename Login to Sign in
+- Allow new users when admin creating an internal note
+
+
+## VERSION 2.1
+
+This release builds on the awesomeness of version 2 by adding several new enhancements-
+
+- Editable header and footer for html ticket email to customers.
+- support for merge tokens (%customer_name% and %customer_email%) with more coming soon. 
+- Ability to create a ticket with a note as the first post (useful for calls, walk ins, etc)
+- Refactor of settings backend and addition of ability to test smtp settings
+- Restrict API access from agents
+
+Upgrading:
+
+Make sure you run `bundle exec rake db:migrate` and also `bundle exec rake update:enable_templates` to turn on the templates feature.
+
+## VERSION 2.0
+
+Version 2 includes a number of awesome improvements, listed below. This should be a fairly straightforward update for most people, make sure you:
+
+`bundle install`
+`bundle exec rake db:migrate`
+
+We have a live demo at https://demo.helpy.io/  The admin username is "admin@test.com" and admin password is "12345678"
+
+Updated/New Features:
+
+- Refreshed Admin UI
+- New Helpcenter theme: Singular
+- HTML support when responding to tickets
+- Nicer HTML alert emails
+- Nicer HTML responses to customers
+- HTML emails now include the full ticket history
+- UI for replying to tickets re-imagined
+- Inline customer editing
+- Channel and source reporting
+- New support for emoji's in ticket replies
+- Customize the colors of the admin UI
+- Ability to email customers from the create ticket dialogue
+- New internal ticket type
+- Set all ticket params from admin create ticket UI
+- Font Awesome 5 iconography
+- Improved support for CC and BCC recipients
+- Import/Export data in CSV
+- Comply with GDPR by deleting or anonymizing users

Gemfile

@@ -120,6 +120,7 @@ gem 'config', '~> 1.1.0'
 gem 'daemons'
 gem 'mailman'#, require: false
 gem 'mail_extract'
+gem 'email_reply_trimmer'
 
 gem 'griddler'
 gem 'griddler-mandrill'
@@ -148,14 +149,14 @@ gem 'rails-timeago'
 gem 'faker'
 
 gem 'timecop' #used to populate
-
+gem "hashid-rails", "~> 1.0"
 gem 'themes_on_rails'
 gem "recaptcha", '< 3', require: "recaptcha/rails" # TODO: Update
 
 gem 'best_in_place', '~> 3.1'
 
 # Add onboarding component
-gem 'helpy_onboarding', path: 'vendor/helpy_onboarding'
+gem 'helpy_onboarding', git: 'https://github.com/helpyio/helpy_onboarding', branch: 'master'
 gem 'helpy_imap', git: 'https://github.com/helpyio/helpy_imap', branch: 'master'
 
 group :development, :test do
@@ -180,7 +181,8 @@ group :development do
   gem "better_errors"
 
   # Check Eager Loading / N+1 query problems
-  gem 'bullet'
+  # gem 'bullet'
+  gem 'scout_apm'
 
   # Access an IRB console on exception pages or by using <%= console %> in views
   gem 'web-console', '~> 3.3'

Gemfile.lock

@@ -9,10 +9,12 @@ GIT
       mailman
       rails (~> 4.2.10)
 
-PATH
-  remote: vendor/helpy_onboarding
+GIT
+  remote: https://github.com/helpyio/helpy_onboarding
+  revision: cc742c8e48476003757ceda17c825c80e36ca694
+  branch: master
   specs:
-    helpy_onboarding (1.0)
+    helpy_onboarding (2.0)
       deface
       rails (~> 4.2.7)
 
@@ -96,9 +98,6 @@ GEM
     builder (3.2.3)
     bulk_insert (1.7.0)
       activerecord (>= 3.2.0)
-    bullet (5.9.0)
-      activesupport (>= 3.0.0)
-      uniform_notifier (~> 1.11)
     bundler-audit (0.6.0)
       bundler (~> 1.2)
       thor (~> 0.18)
@@ -179,6 +178,7 @@ GEM
     docile (1.3.1)
     domain_name (0.5.20180417)
       unf (>= 0.0.5, < 1.0.0)
+    email_reply_trimmer (0.1.12)
     equalizer (0.0.11)
     erubi (1.8.0)
     erubis (2.7.0)
@@ -267,7 +267,11 @@ GEM
       mail
     groupdate (4.1.0)
       activesupport (>= 4.2)
-    hashie (3.5.7)
+    hashid-rails (1.2.2)
+      activerecord (>= 4.0)
+      hashids (~> 1.0)
+    hashids (1.0.5)
+    hashie (3.6.0)
     hitimes (1.3.0)
     htmlentities (4.3.4)
     http-cookie (1.0.3)
@@ -381,8 +385,8 @@ GEM
       multi_json (~> 1.3)
       multi_xml (~> 0.5)
       rack (>= 1.2, < 3)
-    omniauth (1.8.1)
-      hashie (>= 3.4.6, < 3.6.0)
+    omniauth (1.9.0)
+      hashie (>= 3.4.6, < 3.7.0)
       rack (>= 1.6.2, < 3)
     omniauth-facebook (5.0.0)
       omniauth-oauth2 (~> 1.2)
@@ -519,6 +523,7 @@ GEM
     sassc (2.0.1)
       ffi (~> 1.9)
       rake
+    scout_apm (2.4.21)
     scss-lint (0.38.0)
       rainbow (~> 2.0)
       sass (~> 3.4.1)
@@ -585,7 +590,6 @@ GEM
     unicorn (5.5.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
-    uniform_notifier (1.12.1)
     virtus (1.0.5)
       axiom-types (~> 0.1)
       coercible (~> 1.0)
@@ -617,7 +621,6 @@ DEPENDENCIES
   bootstrap_form
   brakeman
   bulk_insert
-  bullet
   bundler-audit
   byebug
   capybara (< 3.0)
@@ -635,6 +638,7 @@ DEPENDENCIES
   devise-bootstrap-views
   devise-i18n
   devise_invitable
+  email_reply_trimmer
   factory_bot_rails
   faker
   fog-aws
@@ -658,6 +662,7 @@ DEPENDENCIES
   griddler-sendgrid
   griddler-sparkpost
   groupdate
+  hashid-rails (~> 1.0)
   helpy_imap!
   helpy_onboarding!
   http_accept_language
@@ -704,6 +709,7 @@ DEPENDENCIES
   route_translator
   rubocop
   sass-rails (~> 5.0.7)
+  scout_apm
   scss-lint
   sdoc (~> 1.0.0)
   selectize-rails

app/assets/javascripts/agent_assistant.js

@@ -0,0 +1,36 @@
+$(document).ready(function () {
+
+    $(".agent-assist").autocomplete({
+        source: function (request, response) {
+            jQuery.get("/admin/agent_assistant.json", {
+                query: request.term
+            }, function (data) {
+                response(data);
+            });
+        },
+        minLength: 3,
+        appendTo: $('assist-results'),
+        focus: function (event, ui) {
+            event.preventDefault();
+            $(this).val(ui.item.name);
+        },
+        select: function (event, ui) {
+            event.preventDefault();
+            // set value of summernote with existing value + common reply
+            var link = "<a href='" + ui.item.link + "' target='blank'>" + ui.item.name + "</a>";
+            $('#post_body').summernote('code', $('#post_body').summernote('code') + link);
+            $('#topic_post_body').summernote('code', $('#topic_post_body').summernote('code') + link);
+            $('.assist-results').html('').fadeOut();
+            $(".agent-assist").val('');
+            return false;
+        },
+        messages: {
+            noResults: '',
+            results: function () { }
+        }
+
+    });
+
+
+
+});

app/assets/javascripts/app.js

@@ -459,6 +459,9 @@ Helpy.didthisHelp = function(yesno){
 Helpy.showGroup = function() {
   if ($('#topic_private_true').is(':checked')) {
     $('#topic_team_list').parent().removeClass('hidden');
+    $("#topic_forum_id").parent().hide();
+    $('#new_topic').append("<input type='hidden' id='new_topic_forum_id' name='topic[forum_id]' value='1'/>");
+    $('#topic_team_list').removeClass('hidden');
   } else if ($('#topic_private_false').is(':checked')) {
     $('#topic_team_list').parent().addClass('hidden');
   } else {

app/assets/javascripts/application.js

@@ -44,6 +44,7 @@
 //= require bootstrap/dropdown
 //= require Chart.bundle
 //= require chartkick
+//= require sisyphus.min.js
 
 // Jtruncate plugin, http://www.jeremymartin.name/projects.php?project=jTruncate
 // modified by Scott Miller- remove animation, newline for more link

app/assets/stylesheets/admin.scss

@@ -237,6 +237,11 @@ ul.settings-menu {
     margin-top: 20px;
 }
 
+.label-light,
+.btn-light {
+  background-color: #aaaaaa;
+}
+
 #user-info-horizontal {
     padding-top: 30px;
 }

app/controllers/admin/agent_assistant_controller.rb

@@ -0,0 +1,36 @@
+class Admin::AgentAssistantController < Admin::BaseController
+
+  def index
+    depth = params[:depth].present? ? params[:depth] : 10
+    @results = Doc.active.publicly.agent_assist(params[:query]).first(depth)
+    respond_to do |format|
+      format.json { 
+        render json: serialize_autocomplete_result(@results).to_json.html_safe 
+      }
+    end
+  end
+
+  private
+
+  def serialize_autocomplete_result(results)
+    serialized_result = []
+    results.each do |result|
+      serialized_result << {
+        name: CGI::escapeHTML(result.title),
+        content: result.meta_description.present? ? meta_content(result) : sanitized_content(result),
+        link: category_doc_url(result.category_id, Doc.find(result.id))
+      }
+    end
+    serialized_result
+  end
+
+  def sanitized_content(result)
+    return nil if result.body.nil?
+    ActionView::Base.full_sanitizer.sanitize(result.body).truncate_words(20)
+  end
+
+  def meta_content(result)
+    result.meta_description
+  end
+
+end

app/controllers/admin/base_controller.rb

@@ -86,7 +86,9 @@ def get_tickets_by_status
     else
       topics_raw = params[:team].present? ? Topic.all.tagged_with(params[:team], any: true) : Topic
     end
-    topics_raw = topics_raw.includes(user: :avatar_files).chronologic
+
+    # Only include cloudinary files if enabled
+    topics_raw = cloudinary_enabled? ? topics_raw.includes(user: :avatar_files).chronologic : topics_raw.includes(:user).chronologic
 
     get_all_teams
 
@@ -125,9 +127,9 @@ def fetch_counts
   end
 
   def set_categories_and_non_featured
-    @public_categories = Category.publicly.featured.ordered
-    @public_nonfeatured_categories = Category.publicly.unfeatured.alpha
-    @internal_categories = Category.only_internally.ordered
+    @public_categories = Category.publicly.featured.ordered.includes(:docs)
+    @public_nonfeatured_categories = Category.publicly.unfeatured.alpha.includes(:docs)
+    @internal_categories = Category.only_internally.ordered.includes(:docs)
   end
 
 end

app/controllers/admin/groups_controller.rb

@@ -49,7 +49,7 @@ def create
 
   def destroy
     @team = ActsAsTaggableOn::Tag.find(params[:id])
-    @team.taggings.destroy_all if @team.taggings.present?
+    @team.taggings.destroy_all if @team.taggings.exists?
     @team.destroy
     redirect_to admin_groups_path
   end