Merge branch 'release/0.1.13'

.github/workflows/validations.yml

@@ -33,6 +33,10 @@ jobs:
         run: |
           bundle config path vendor/bundle
           bundle install --jobs 4 --retry 3
+      - name: Audit gems
+        run: |
+          bundle exec bundle-audit --update
+          bundle exec ruby-audit check
       - name: Setup Node
         uses: actions/setup-node@v1
         with:

Gemfile

@@ -6,7 +6,7 @@ git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 ruby "3.1.2"
 
 # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main"
-gem "rails", "~> 7.0.1"
+gem "rails", "~> 7.0.3"
 
 # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]
 # gem "sprockets-rails", ">= 3.4.1"
@@ -93,6 +93,47 @@ gem "discard", "~> 1.2"
 # Use newrelic for monitoring
 gem "newrelic_rpm", "~> 8.4"
 
+# Role management library with resource scoping
+gem "rolify", "~> 6.0"
+
+# OAuth Gems
+gem "omniauth-google-oauth2", "~> 1.0"
+gem "omniauth-rails_csrf_protection", "~> 1.0"
+
+# Pundit gem for user authorization
+gem "pundit", "~> 2.2"
+
+# Data migration gem to migrate data alongside schema changes
+gem "data_migrate", "~> 8.0.0.rc2"
+
+# pagy for Pagination
+gem "pagy", "~> 5.10"
+
+# Manage application specific business logic. https://github.com/AaronLasseigne/active_interaction
+gem "active_interaction"
+
+# For stripe payments
+gem "stripe"
+
+# Background job processing adapter
+gem "sidekiq"
+
+# searchkick for elasticsearch
+gem "elasticsearch", "< 7.14" # select one
+gem "searchkick"
+
+# PDF generator
+gem "grover"
+
+gem "activerecord-import"
+
+# Honeybadger for error reporting
+gem "honeybadger"
+
+# For finding the vulnerabilities in the gems
+gem "bundler-audit", require: false
+gem "ruby_audit", require: false
+
 group :development, :test do
   # See https://edgeguides.rubyonrails.org/debugging_rails_applications.html#debugging-with-the-debug-gem
   gem "debug", ">= 1.0.0", platforms: %i[mri mingw x64_mingw]
@@ -152,36 +193,3 @@ group :test do
   # Strategies for cleaning databases in Ruby.
   gem "database_cleaner", "~> 2.0"
 end
-
-# Role management library with resource scoping
-gem "rolify", "~> 6.0"
-
-# OAuth Gems
-gem "omniauth-google-oauth2", "~> 1.0"
-gem "omniauth-rails_csrf_protection", "~> 1.0"
-
-# Pundit gem for user authorization
-gem "pundit", "~> 2.2"
-
-# Data migration gem to migrate data alongside schema changes
-gem "data_migrate", "~> 8.0.0.rc2"
-
-# pagy for Pagination
-gem "pagy", "~> 5.10"
-
-# Manage application specific business logic. https://github.com/AaronLasseigne/active_interaction
-gem "active_interaction"
-
-gem "stripe"
-
-# Background job processing adapter
-gem "sidekiq"
-
-# searchkick for elasticsearch
-gem "elasticsearch", "< 7.14" # select one
-gem "searchkick"
-
-# PDF generator
-gem "grover"
-
-gem "activerecord-import"

Gemfile.lock

@@ -90,7 +90,7 @@ GEM
       rake (>= 10.4, < 14.0)
     ast (2.4.2)
     aws-eventstream (1.2.0)
-    aws-partitions (1.589.0)
+    aws-partitions (1.594.0)
     aws-sdk-core (3.131.1)
       aws-eventstream (~> 1, >= 1.0.2)
       aws-partitions (~> 1, >= 1.525.0)
@@ -117,6 +117,9 @@ GEM
     bullet (7.0.1)
       activesupport (>= 3.0.0)
       uniform_notifier (~> 1.11)
+    bundler-audit (0.9.0.1)
+      bundler (>= 1.2.0, < 3)
+      thor (~> 1.0)
     capybara (3.37.1)
       addressable
       matrix
@@ -208,6 +211,7 @@ GEM
       combine_pdf (~> 1.0)
       nokogiri (~> 1.0)
     hashie (5.0.0)
+    honeybadger (4.12.1)
     i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     i18n_data (0.16.0)
@@ -245,7 +249,7 @@ GEM
     minitest (5.15.0)
     money (6.16.0)
       i18n (>= 0.6.4, <= 2)
-    msgpack (1.5.1)
+    msgpack (1.5.2)
     multi_json (1.15.0)
     multi_xml (0.6.0)
     multipart-post (2.1.1)
@@ -305,7 +309,7 @@ GEM
     pundit (2.2.0)
       activesupport (>= 3.0.0)
     racc (1.6.0)
-    rack (2.2.3)
+    rack (2.2.3.1)
     rack-mini-profiler (3.0.0)
       rack (>= 1.2.0)
     rack-protection (2.2.0)
@@ -346,7 +350,7 @@ GEM
       zeitwerk (~> 2.5)
     rainbow (3.1.1)
     rake (13.0.6)
-    ransack (3.2.0)
+    ransack (3.2.1)
       activerecord (>= 6.1.5)
       activesupport (>= 6.1.5)
       i18n
@@ -357,7 +361,7 @@ GEM
       railties (>= 3.2)
       tilt
     redis (4.6.0)
-    regexp_parser (2.4.0)
+    regexp_parser (2.5.0)
     reline (0.3.1)
       io-console (~> 0.5)
     responders (3.0.1)
@@ -382,20 +386,20 @@ GEM
       rspec-mocks (~> 3.10)
       rspec-support (~> 3.10)
     rspec-support (3.11.0)
-    rubocop (1.29.1)
+    rubocop (1.30.0)
       parallel (~> 1.10)
       parser (>= 3.1.0.0)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 1.8, < 3.0)
       rexml (>= 3.2.5, < 4.0)
-      rubocop-ast (>= 1.17.0, < 2.0)
+      rubocop-ast (>= 1.18.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 3.0)
     rubocop-ast (1.18.0)
       parser (>= 3.1.1.0)
     rubocop-packaging (0.5.1)
       rubocop (>= 0.89, < 2.0)
-    rubocop-performance (1.13.3)
+    rubocop-performance (1.14.0)
       rubocop (>= 1.7.0, < 2.0)
       rubocop-ast (>= 0.4.0)
     rubocop-rails (2.14.2)
@@ -409,6 +413,8 @@ GEM
     ruby-vips (2.1.4)
       ffi (~> 1.12)
     ruby2_keywords (0.0.5)
+    ruby_audit (2.1.0)
+      bundler-audit (~> 0.9.0)
     rubyzip (2.3.2)
     sass-rails (6.0.0)
       sassc-rails (~> 2.1, >= 2.1.1)
@@ -423,10 +429,11 @@ GEM
     searchkick (5.0.3)
       activemodel (>= 5.2)
       hashie
-    selenium-webdriver (4.1.0)
+    selenium-webdriver (4.2.0)
       childprocess (>= 0.5, < 5.0)
       rexml (~> 3.2, >= 3.2.5)
-      rubyzip (>= 1.2.2)
+      rubyzip (>= 1.2.2, < 3.0)
+      websocket (~> 1.0)
     semantic_range (3.0.0)
     shoulda-callback-matchers (1.1.4)
       activesupport (>= 3)
@@ -452,11 +459,11 @@ GEM
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    stripe (6.1.0)
+    stripe (6.2.0)
     strscan (3.0.3)
     thor (1.2.1)
     tilt (2.0.10)
-    timeout (0.2.0)
+    timeout (0.3.0)
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.1.0)
@@ -477,6 +484,7 @@ GEM
       rack-proxy (>= 0.6.1)
       railties (>= 5.2)
       semantic_range (>= 2.3.0)
+    websocket (1.2.9)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
@@ -497,6 +505,7 @@ DEPENDENCIES
   aws-sdk-s3
   bootsnap (>= 1.4.4)
   bullet
+  bundler-audit
   capybara (>= 3.26)
   countries
   data_migrate (~> 8.0.0.rc2)
@@ -511,6 +520,7 @@ DEPENDENCIES
   faker
   foreman
   grover
+  honeybadger
   image_processing (>= 1.2)
   jbuilder (~> 2.11)
   letter_opener
@@ -524,7 +534,7 @@ DEPENDENCIES
   puma (~> 5.0)
   pundit (~> 2.2)
   rack-mini-profiler (>= 2.3.3)
-  rails (~> 7.0.1)
+  rails (~> 7.0.3)
   rails-controller-testing (~> 1.0, >= 1.0.5)
   ransack
   react-rails
@@ -536,6 +546,7 @@ DEPENDENCIES
   rubocop-performance
   rubocop-rails
   rubocop-rspec (~> 2.8)
+  ruby_audit
   sass-rails
   searchkick
   selenium-webdriver (>= 4.0.0)

app/controllers/internal_api/v1/companies/purge_logo_controller.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+class InternalApi::V1::Companies::PurgeLogoController < InternalApi::V1::ApplicationController
+  def destroy
+    authorize current_company, :purge_logo?
+    current_company.logo.destroy
+    render json: { notice: I18n.t("companies.purge_logo.destroy.success") }, status: :ok
+  end
+end

app/controllers/internal_api/v1/companies_controller.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+class InternalApi::V1::CompaniesController < InternalApi::V1::ApplicationController
+  def index
+    authorize current_company
+    render json: { company: current_company }
+  end
+
+  def create
+    authorize Company
+    company = Company.new(company_params)
+    if company.save!
+      current_user.companies << company
+      current_user.current_workspace_id = company.id
+      current_user.add_role(:owner, company)
+      current_user.save!
+      render json: { notice: I18n.t("companies.create.success") }
+    end
+  end
+
+  def update
+    authorize current_company
+    if current_company.update!(company_params)
+      render json: { notice: I18n.t("companies.update.success") }
+    end
+  end
+
+  private
+
+    def company_params
+      params.require(:company).permit(
+        :name, :address, :business_phone, :country, :timezone, :base_currency,
+        :standard_price, :fiscal_year_end, :date_format
+      )
+    end
+end

app/controllers/internal_api/v1/payment_settings_controller.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 class InternalApi::V1::PaymentSettingsController < InternalApi::V1::ApplicationController
+  after_action :save_stripe_settings, only: :index
+
   def index
     authorize :index, policy_class: PaymentSettingsPolicy
 
@@ -20,4 +22,14 @@ def connect_stripe
     def stripe_connected_account
       current_company.stripe_connected_account
     end
+
+    def save_stripe_settings
+      current_company.payments_providers.create(
+        {
+          name: "stripe",
+          connected: true,
+          enabled: true,
+          accepted_payment_methods: [ "card" ]
+        }) if stripe_connected_account.present? && stripe_connected_account.details_submitted
+    end
 end