Commit Graph

78 Commits (ec4c49082edb5f4941bd4e129900628c6b30101e)

Author SHA1 Message Date
Matt Jankowski 19849eb91d
Skip paperclip spoof detector unless opted into attachment processing specs (#31454) 5 months ago
Matt Jankowski 69dbc23038
Only enable chewy in search-tagged specs (#30583) 5 months ago
Matt Jankowski 928390c2ba
Convert `admin/settings` controller specs to system specs (#31548) 5 months ago
Matt Jankowski ef4920c6c9
Pull out https/hostname setup for request specs to shared config (#31622) 5 months ago
David Roetzel 388d5473e1
Refactor (ruby) redis configuration (#31694) 5 months ago
Matt Jankowski bcc4b1078c
Fix `Rails/RootPathnameMethods` cop (#31582) 5 months ago
Matt Jankowski 848b59c8ae
Reduce factory creation in `MediaAttachment` model spec (#31058) 6 months ago
Matt Jankowski f1300ad284
Rename jobs/attachments rspec tag names (#29762) 7 months ago
Matt Jankowski 6beead3867
Move `simplecov` config into `rails_helper` (#30302) 8 months ago
Matt Jankowski 0d397db5dd
Consolidate system specs into single directory, use rspec tags for configuration (#30206) 9 months ago
Matt Jankowski 3eaac3af73
Use `before_all` block to setup `requests/cache_spec` data (#29437) 10 months ago
Matt Jankowski 64f9939e39
Use `capture_emails` helper to improve email assertions in specs (#29245) 11 months ago
Matt Jankowski 95da28d201
Add common `ThreadingHelper` module for specs (#29116) 12 months ago
Matt Jankowski 577520b637
Replace deprecated `Sidekiq::Testing` block style (#29097) 12 months ago
Matt Jankowski 4e08a4892f
Move streaming `around` config into manager class (#28684) 1 year ago
Matt Jankowski 8422b8ded0
Extract capybara config and improve headless_chrome driver config (#28681) 1 year ago
Matt Jankowski 00341c70ff
Use Sidekiq `fake!` instead of `inline!` in specs (#25369) 1 year ago
Claire 6ad0fb5a77
Fix NULL MX handling and tighten DNS resolving specs (#28607) 1 year ago
Matt Jankowski e6e217fedd
Clean up `tagged_with_*` Status specs, fix `RSpec/LetSetup` cop (#28462) 1 year ago
Matt Jankowski 8a3d8c6c14
Remove the `stub_stdout` wrapper around CLI specs (#28340) 1 year ago
Matt Jankowski ad34d33bfd
Formalize some patterns in cli specs (#28255) 1 year ago
Matt Jankowski 973597c6f1
Consolidate configuration of `Sidekiq::Testing.fake!` setup (#28046) 1 year ago
Matt Jankowski 67fd3187b3
Update rspec fixture path config to silence deprecation warning (#28018) 1 year ago
Matt Jankowski e892efbc40
Configure elastic search integration with rspec tag (#27882) 1 year ago
Matt Jankowski 549e8e7baf
Add `email_spec` and speedup/cleanup to `spec/mailers` (#27902) 1 year ago
Matt Jankowski b05575e242
Move RSpec config for streaming/search managers to be near classes (#27761) 1 year ago
Matt Jankowski b06284c572
Fix `RSpec/HookArgument` cop (#27747) 1 year ago
Matt Jankowski f8afa0f614
Remove unused stub json ld context (#25454) 1 year ago
Matt Jankowski 00e92b4038
Add coverage for `CLI::Statuses` command (#25321) 1 year ago
Matt Jankowski abf0e1fa39
Move `SignedReqestHelpers` rspec config to separate file (#25453) 1 year ago
jsgoldstein 4d9186a48c
Add search tests (#26703) 1 year ago
Matt Jankowski 7581b1ff96
Profiling tools configuration improvement (#25383) 2 years ago
Renaud Chaput 4d1b67f664
Add end-to-end (system) tests (#25461) 2 years ago
Matt Jankowski 07933db788
Add coverage for `CLI::Cache` command (#25238) 2 years ago
Matt Jankowski c94bb9ba9a
Disable paperclip processing in specs (#25359) 2 years ago
Matt Jankowski b0104e4c33
Silence output to stdout during cli specs (#25211) 2 years ago
Nick Schonning 1fe04f740a
Enable Rubocop Rails/FilePath (#23854) 2 years ago
Claire 1eb51bd749
Add request specs for caching behavior (#24592) 2 years ago
Matt Jankowski 91a8cd21d8
React component helper specs (#24072) 2 years ago
Claire f45961aa98
Add feature test for OAuth access grant (#24624) 2 years ago
Matt Jankowski 1ed12d5e2f
Add basic search specs for chewy indexes (#24065) 2 years ago
Nick Schonning 8fd3fc404d
Autofix Rubocop Rails/RootPathnameMethods (#23760) 2 years ago
Nick Schonning 84cc805cae
Enable Style/FrozenStringLiteralComment for specs (#23790) 2 years ago
Nick Schonning 81ad6c2e39
Autofix Rubocop Style/StringLiterals (#23695) 2 years ago
Nick Schonning d65b2c1924
Apply Rubocop Style/RedundantConstantBase (#23463) 2 years ago
Nick Schonning 1487fcde93
Apply Rubocop Style/ExpandPathArguments (#23450) 2 years ago
Eugen Rochko 3917353645
Fix single Redis connection being used across all threads (#18135)
* Fix single Redis connection being used across all Sidekiq threads

* Fix tests
3 years ago
Eugen Rochko ddbe906c25
Fix not updating a status when newer version is fetched manually (#17745) 3 years ago
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466)
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
4 years ago
dependabot-preview[bot] 56531d646e
Bump sidekiq from 5.2.7 to 6.0.4 (#11727)
* Bump sidekiq from 5.2.7 to 6.0.0

Bumps [sidekiq](https://github.com/mperham/sidekiq) from 5.2.7 to 6.0.0.
- [Release notes](https://github.com/mperham/sidekiq/releases)
- [Changelog](https://github.com/mperham/sidekiq/blob/master/Changes.md)
- [Commits](https://github.com/mperham/sidekiq/compare/v5.2.7...v6.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

* Sidekiq::Logger.logger -> Sidekiq.logger

* Drop support Ruby 2.4

* update

Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Co-authored-by: Yamagishi Kazutoshi <ykzts@desire.sh>
5 years ago