Merge pull request #1583 from scott/dev/2.8/prepare-2.8.0

Dev/2.8/prepare 2.8.0

CHANGELOG.md

@@ -1,6 +1,40 @@
+## VERSION 2.8.0
+
+Version 2.8 contains important security updates and the following new featuers:
+
+- NEW It is now possible create users one at a time, with or without inviting them.
+- NEW When creating tickets by API, you can now specify the CC and BCC for the new ticket.
+- NEW A new API for viewing and editing taggings has been added (thanks @schmidt)
+- NEW A honeypot (anti spam) feature was added to the new ticket form (thanks @schmidt)
+- CHANGE Assigning an agent no longer automatically marks the ticket as "pending".
+- CHANGE The whitelist of allowable file attachments has been significantly changed and made more flexible (see upgrade notes below).
+- FIX A bug was fixed that displays the proper error message when a non supported file attachment is made in the web UI
+- FIX #1576 The right menu no longer gets stuck open when turbolinks is enabled
+- FIX #1581 Radio buttons are now properly aligned in the mobile responsive view of the Singular theme
+
+IMPORTANT UPGRADE NOTES:
+
+This release of Helpy includes a change to the way file attachments are handled.  Previous
+versions used a default "whitelist" of file types where were allowed and was generally limited to
+the most common image and doc foramts.
+
+This version adds configuration settings which can be modified by API that allow you to set your own
+whitelist of filetypes which should be allowed, or a blacklist of filetypes that should be rejected.  In
+addition, the default whitelist has been removed, and Helpy now ships with a short blacklist of files that could be 
+considered "risky."  Files with these extensions are blacklisted by default:
+
+```
+ade, adp, apk, appx, appxbundle, bat, cab, chm, cmd, com, cpl, dll, dmg, exe, hta, ins, isp, iso, jar, js, jse, lib, 
+lnk, mde, msc, msi, msix, msixbundle, msp, mst, nsh, pif, ps1, scr, sct, .shb, sys, vb, vbe, vbs, vxd, wsc, wsf, wsh
+```
+
+NOTE:  Do not provide values for both blacklist and whitelist, as they will conflict and it will be impossible for
+customers to attach files.
+
+
 ## VERSION 2.7.0
 
-The 2.7 release of Helpy is here, with several great new features to help you b etter provide great customer support.
+The 2.7 release of Helpy is here, with several great new features to help you better provide great customer support.
 
 New Features:
 

Gemfile

@@ -170,6 +170,8 @@ group :development, :test do
   gem 'scss-lint'
   gem 'awesome_print'
   gem 'rb-readline'
+  gem 'capybara'
+
 end
 
 gem 'bulk_insert'
@@ -194,10 +196,10 @@ group :test do
   gem 'shoulda', '3.5' # Required for minitest
   gem 'shoulda-matchers', '~> 2.0'  # Required for minitest
   gem 'factory_bot_rails'
-  gem 'capybara', '< 3.0'
+  gem 'webdrivers'
   gem 'capybara-email'
-  gem 'selenium-webdriver'
-  gem 'chromedriver-helper'
+  gem 'selenium-webdriver', '3.141.0'
+  # gem 'chromedriver-helper'
   gem 'launchy'
   gem "codeclimate-test-reporter",require: nil
   gem 'simplecov', :require => false

Gemfile.lock

@@ -65,8 +65,6 @@ GEM
       activerecord (>= 3.2, < 7.0)
       rake (>= 10.4, < 14.0)
     ansi (1.5.0)
-    archive-zip (0.12.0)
-      io-like (~> 0.3.0)
     arel (6.0.4)
     ast (2.4.0)
     attachinary (1.3.1)
@@ -100,13 +98,13 @@ GEM
       bundler (>= 1.2.0, < 3)
       thor (~> 0.18)
     byebug (10.0.2)
-    capybara (2.18.0)
+    capybara (3.9.0)
       addressable
       mini_mime (>= 0.1.3)
-      nokogiri (>= 1.3.3)
-      rack (>= 1.0.0)
-      rack-test (>= 0.5.4)
-      xpath (>= 2.0, < 4.0)
+      nokogiri (~> 1.8)
+      rack (>= 1.6.0)
+      rack-test (>= 0.6.3)
+      xpath (~> 3.1)
     capybara-email (3.0.1)
       capybara (>= 2.4, < 4.0)
       mail
@@ -117,10 +115,8 @@ GEM
     celluloid (0.16.0)
       timers (~> 4.0.0)
     chartkick (3.3.1)
-    childprocess (3.0.0)
-    chromedriver-helper (2.1.1)
-      archive-zip (~> 0.10)
-      nokogiri (~> 1.8)
+    childprocess (0.9.0)
+      ffi (~> 1.0, >= 1.0.11)
     client_side_validations (4.2.12)
       jquery-rails (>= 3.1.2, < 5.0.0)
       js_regex (~> 1.0, >= 1.0.19)
@@ -301,7 +297,6 @@ GEM
     inky-rb (1.3.7.5)
       foundation_emails (~> 2)
       nokogiri
-    io-like (0.3.1)
     ipaddress (0.8.3)
     jaro_winkler (1.5.4)
     jbuilder (2.9.1)
@@ -534,7 +529,7 @@ GEM
       unicode-display_width (>= 1.4.0, < 1.7)
     ruby-progressbar (1.10.1)
     ruby2_keywords (0.0.2)
-    rubyzip (2.2.0)
+    rubyzip (1.3.0)
     sass (3.4.25)
     sass-rails (5.0.7)
       railties (>= 4.0.0, < 6)
@@ -552,9 +547,9 @@ GEM
     sdoc (1.0.0)
       rdoc (>= 5.0)
     selectize-rails (0.12.6)
-    selenium-webdriver (3.142.7)
-      childprocess (>= 0.5, < 4.0)
-      rubyzip (>= 1.2.2)
+    selenium-webdriver (3.141.0)
+      childprocess (~> 0.5)
+      rubyzip (~> 1.2, >= 1.2.2)
     shoulda (3.5.0)
       shoulda-context (~> 1.0, >= 1.0.1)
       shoulda-matchers (>= 1.4.1, < 3.0)
@@ -617,6 +612,10 @@ GEM
       activemodel (>= 4.2)
       debug_inspector
       railties (>= 4.2)
+    webdrivers (4.2.0)
+      nokogiri (~> 1.6)
+      rubyzip (>= 1.3.0)
+      selenium-webdriver (>= 3.0, < 4.0)
     xpath (3.2.0)
       nokogiri (~> 1.8)
 
@@ -640,11 +639,10 @@ DEPENDENCIES
   bulk_insert
   bundler-audit
   byebug
-  capybara (< 3.0)
+  capybara
   capybara-email
   carrierwave (~> 1.3.1)
   chartkick
-  chromedriver-helper
   client_side_validations
   client_side_validations-simple_form
   cloudinary (= 1.1.7)
@@ -731,7 +729,7 @@ DEPENDENCIES
   scss-lint
   sdoc (~> 1.0.0)
   selectize-rails
-  selenium-webdriver
+  selenium-webdriver (= 3.141.0)
   shoulda (= 3.5)
   shoulda-matchers (~> 2.0)
   simple_form
@@ -749,6 +747,7 @@ DEPENDENCIES
   uglifier (>= 1.3.0)
   unicorn
   web-console (~> 3.3)
+  webdrivers
 
 RUBY VERSION
    ruby 2.4.1p111

app/models/topic.rb

@@ -152,13 +152,14 @@ def self.bulk_trash(post_attributes)
   def assign(user_id=2, assigned_to)
     self.posts.create(body: I18n.t(:assigned_message, assigned_to: User.find(assigned_to).name), kind: 'note', user_id: user_id)
     self.assigned_user_id = assigned_to
-    self.current_status = 'pending'
+    # self.current_status = 'pending'
     self.save
   end
 
   def self.bulk_agent_assign(post_attributes, assigned_to)
     Post.bulk_insert values: post_attributes
-    self.update_all(assigned_user_id: assigned_to, current_status: 'pending')
+    #self.update_all(assigned_user_id: assigned_to, current_status: 'pending')
+    self.update_all(assigned_user_id: assigned_to)
   end
 
   def self.bulk_group_assign(post_attributes, assigned_group)

app/themes/flat/views/layouts/flat.html.erb

@@ -119,6 +119,11 @@ $('#right-menu').sidr({
 $('ul.nav').off().on('click', function(){
  $.sidr('close', 'nav');
 });
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+  $.sidr('close', 'nav');
+});
 </script>
 <%= "<script src='/assets/widget.v1.js'></script>".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
 <%= "#{AppSettings['design.footer_js']}".html_safe %>

app/themes/light/views/layouts/light.html.erb

@@ -115,6 +115,11 @@ $('#right-menu').sidr({
   }
 });
 
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+  $.sidr('close', 'nav');
+});
+
 // Close menu on click
 $('ul.nav').off().on('click', function(){
  $.sidr('close', 'nav');

app/themes/nordic/views/layouts/nordic.html.erb

@@ -132,6 +132,11 @@ $('#right-menu').sidr({
 $('ul.nav').off().on('click', function(){
  $.sidr('close', 'nav');
 });
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+  $.sidr('close', 'nav');
+});
 </script>
 <%= "<script src='/assets/widget.v1.js'></script>".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
 <%= "#{AppSettings['design.footer_js']}".html_safe %>

app/themes/singular/assets/stylesheets/singular/singular.scss

@@ -25,7 +25,7 @@ main {
   background-color: $body-bg;
 }
 
-input,
+input:not([type=radio]),
 select {
   min-height: 60px;
 }
@@ -109,9 +109,6 @@ i.circle-icon {
 		font-size: 150%;
 	}
 
-  .article-block {
-  }
-
   i.circle-icon {
     display: inline-block;
     border-radius: 60px;
@@ -128,6 +125,11 @@ i.circle-icon {
   .article-icon {
     margin-bottom: 20px;
   }
+
+  select,
+  input:not([type=radio]) {
+    min-height: 20px;
+  }
 }
 
 @media(min-width:768px){
@@ -758,9 +760,6 @@ header {
   padding-bottom: 0;
 }
 
-.navbar-form .input-group .form-control {
-}
-
 .navbar-right {
 	margin-right: -45px;
 }

app/themes/singular/views/layouts/singular.html.erb

@@ -175,6 +175,11 @@ $('#right-menu').sidr({
 $('ul.nav').off().on('click', function(){
  $.sidr('close', 'nav');
 });
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+  $.sidr('close', 'nav');
+});
 </script>
 <%= "<script src='/assets/widget.v1.js'></script>".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
 <%= "#{AppSettings['design.footer_js']}".html_safe %>

config/environment.rb

@@ -5,6 +5,6 @@
 Rails.application.initialize!
 
 # Get the current tag version
-VERSION = '2.7.0'
+VERSION = '2.8.0'
 REVISION = `git log --pretty=format:'%h' -n 1`
 APP_VERSION = "#{VERSION}:#{REVISION}"

test/controllers/admin/topics_controller_test.rb

@@ -541,7 +541,7 @@ class Admin::TopicsControllerTest < ActionController::TestCase
     spam_topics = Topic.where(current_status: 'spam').all
     sign_in users(:agent)
     xhr :get, :unassign_agent, { q: 'spam', affect: 'all' }
-    assert_equal 0, Topic.admin_search('spam').where(assigned_user_id: nil).size
+    assert_equal 2, Topic.admin_search('spam').where(assigned_user_id: nil).size
     assert_response :success
   end
 

test/models/topic_test.rb

@@ -124,7 +124,7 @@ class TopicTest < ActiveSupport::TestCase
     assert_equal t_posts_count + 1, topic.posts.count
   end
 
-  test "#assign_agent should set the current_status of the topic to pending, assigned_user_id to specified user_id, and should create a closed_message post belonging to that topic" do
+  test "#assign_agent should set assigned_user_id to specified user_id, and should create a closed_message post belonging to that topic" do
     topic = create :topic
     bulk_post_attributes = []
     t_posts_count = topic.posts.count
@@ -133,7 +133,6 @@ class TopicTest < ActiveSupport::TestCase
     topics.bulk_agent_assign(bulk_post_attributes, 1)
 
     topic = Topic.find(topic.id)
-    assert_equal 'pending', topic.current_status
     assert_equal 1, topic.assigned_user_id
     assert_equal t_posts_count + 1, topic.posts.count
   end