Gemfile

@@ -34,7 +34,7 @@ gem 'prawn-table',         '~> 0.2'    # PDF generation
 gem 'puma',                '~> 6.4'    # Ruby Rack server
 gem 'rack',                '~> 2.2'
 gem 'rack-attack',         '>= 6.6'    # Rack middleware to rate limit sensetive routes, such as those used for auth
-gem 'rails',               '6.1.7.9'
+gem 'rails',               '6.1.7.10'
 gem 'rake',                '~> 13.0'
 gem 'rbnacl',              '>= 7.1.1'  # Libsodium Ruby binding. Used for encrypting export file passwords.
 gem 'rubyzip',             '~> 2.3',   # Zip and encrypt exported files
@@ -55,6 +55,7 @@ gem 'will_paginate',       '~> 4.0'    # Paginates ActiveRecord models  TODO: Th
 gem 'write_xlsx',          '~> 1.11'   # Exports XLSX
 
 group :development, :test do
+  gem 'brakeman', require: false
   gem 'bundler-audit',              '~> 0.9'
   gem 'ci_reporter',                '~> 2.0'
   gem 'factory_bot',                '~> 5.0'

Gemfile.lock

@@ -1,62 +1,62 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actioncable (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      activejob (= 6.1.7.9)
-      activerecord (= 6.1.7.9)
-      activestorage (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actionmailbox (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      activejob (= 6.1.7.10)
+      activerecord (= 6.1.7.10)
+      activestorage (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       mail (>= 2.7.1)
-    actionmailer (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      actionview (= 6.1.7.9)
-      activejob (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actionmailer (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      actionview (= 6.1.7.10)
+      activejob (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       mail (~> 2.5, >= 2.5.4)
       rails-dom-testing (~> 2.0)
-    actionpack (6.1.7.9)
-      actionview (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actionpack (6.1.7.10)
+      actionview (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      activerecord (= 6.1.7.9)
-      activestorage (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actiontext (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      activerecord (= 6.1.7.10)
+      activestorage (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       nokogiri (>= 1.8.5)
-    actionview (6.1.7.9)
-      activesupport (= 6.1.7.9)
+    actionview (6.1.7.10)
+      activesupport (= 6.1.7.10)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (6.1.7.9)
-      activesupport (= 6.1.7.9)
+    activejob (6.1.7.10)
+      activesupport (= 6.1.7.10)
       globalid (>= 0.3.6)
-    activemodel (6.1.7.9)
-      activesupport (= 6.1.7.9)
-    activerecord (6.1.7.9)
-      activemodel (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    activemodel (6.1.7.10)
+      activesupport (= 6.1.7.10)
+    activerecord (6.1.7.10)
+      activemodel (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
     activerecord-nulldb-adapter (0.9.0)
       activerecord (>= 5.2.0, < 7.1)
-    activestorage (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      activejob (= 6.1.7.9)
-      activerecord (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    activestorage (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      activejob (= 6.1.7.10)
+      activerecord (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (6.1.7.9)
+    activesupport (6.1.7.10)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -94,6 +94,8 @@ GEM
       nokogiri (~> 1.6, >= 1.6.8)
     base64 (0.1.1)
     bcrypt (3.1.20)
+    brakeman (7.0.0)
+      racc
     builder (3.2.4)
     bundler-audit (0.9.1)
       bundler (>= 1.2.0, < 3)
@@ -209,14 +211,14 @@ GEM
     multipart-post (2.3.0)
     net-http-persistent (4.0.2)
       connection_pool (~> 2.2)
-    net-imap (0.5.1)
+    net-imap (0.5.6)
       date
       net-protocol
     net-pop (0.1.2)
       net-protocol
     net-protocol (0.2.2)
       timeout
-    net-smtp (0.5.0)
+    net-smtp (0.5.1)
       net-protocol
     nio4r (2.7.4)
     nokogiri (1.16.8)
@@ -257,20 +259,20 @@ GEM
     rack_session_access (0.2.0)
       builder (>= 2.0.0)
       rack (>= 1.0.0)
-    rails (6.1.7.9)
-      actioncable (= 6.1.7.9)
-      actionmailbox (= 6.1.7.9)
-      actionmailer (= 6.1.7.9)
-      actionpack (= 6.1.7.9)
-      actiontext (= 6.1.7.9)
-      actionview (= 6.1.7.9)
-      activejob (= 6.1.7.9)
-      activemodel (= 6.1.7.9)
-      activerecord (= 6.1.7.9)
-      activestorage (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    rails (6.1.7.10)
+      actioncable (= 6.1.7.10)
+      actionmailbox (= 6.1.7.10)
+      actionmailer (= 6.1.7.10)
+      actionpack (= 6.1.7.10)
+      actiontext (= 6.1.7.10)
+      actionview (= 6.1.7.10)
+      activejob (= 6.1.7.10)
+      activemodel (= 6.1.7.10)
+      activerecord (= 6.1.7.10)
+      activestorage (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       bundler (>= 1.15.0)
-      railties (= 6.1.7.9)
+      railties (= 6.1.7.10)
       sprockets-rails (>= 2.0.0)
     rails-controller-testing (1.0.5)
       actionpack (>= 5.0.1.rc1)
@@ -286,9 +288,9 @@ GEM
     rails-i18n (7.0.8)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
-    railties (6.1.7.9)
-      actionpack (= 6.1.7.9)
-      activesupport (= 6.1.7.9)
+    railties (6.1.7.10)
+      actionpack (= 6.1.7.10)
+      activesupport (= 6.1.7.10)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
@@ -401,7 +403,7 @@ GEM
       unicode-display_width (>= 1.1.1, < 3)
     text (1.3.1)
     thor (1.3.1)
-    timeout (0.4.2)
+    timeout (0.4.3)
     ttfunk (1.7.0)
     twitter_cldr (4.4.5)
       camertron-eprun
@@ -422,7 +424,8 @@ GEM
       hkdf (~> 1.0)
       jwt (~> 2.0)
       openssl (~> 3.0)
-    websocket-driver (0.7.6)
+    websocket-driver (0.7.7)
+      base64
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     will_paginate (4.0.0)
@@ -437,6 +440,7 @@ DEPENDENCIES
   activerecord-nulldb-adapter
   aws-sdk-s3 (~> 1.130)
   azure-storage-blob (~> 1.1)
+  brakeman
   bundler-audit (~> 0.9)
   cancancan (~> 3.5)
   ci_reporter (~> 2.0)
@@ -474,7 +478,7 @@ DEPENDENCIES
   rack-mini-profiler (>= 1.0.0)
   rack-test (~> 1.1)
   rack_session_access (~> 0.2)
-  rails (= 6.1.7.9)
+  rails (= 6.1.7.10)
   rails-controller-testing (~> 1.0)
   rake (~> 13.0)
   rbnacl (>= 7.1.1)

README.md

@@ -1,7 +1,7 @@
 <!-- Copyright (c) 2014 - 2023 UNICEF. All rights reserved. -->
-
 Primero
 ========
+[![DPG Badge](https://img.shields.io/badge/Verified-DPG-3333AB?logo=data:image/svg%2bxml;base64,PHN2ZyB3aWR0aD0iMzEiIGhlaWdodD0iMzMiIHZpZXdCb3g9IjAgMCAzMSAzMyIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTE0LjIwMDggMjEuMzY3OEwxMC4xNzM2IDE4LjAxMjRMMTEuNTIxOSAxNi40MDAzTDEzLjk5MjggMTguNDU5TDE5LjYyNjkgMTIuMjExMUwyMS4xOTA5IDEzLjYxNkwxNC4yMDA4IDIxLjM2NzhaTTI0LjYyNDEgOS4zNTEyN0wyNC44MDcxIDMuMDcyOTdMMTguODgxIDUuMTg2NjJMMTUuMzMxNCAtMi4zMzA4MmUtMDVMMTEuNzgyMSA1LjE4NjYyTDUuODU2MDEgMy4wNzI5N0w2LjAzOTA2IDkuMzUxMjdMMCAxMS4xMTc3TDMuODQ1MjEgMTYuMDg5NUwwIDIxLjA2MTJMNi4wMzkwNiAyMi44Mjc3TDUuODU2MDEgMjkuMTA2TDExLjc4MjEgMjYuOTkyM0wxNS4zMzE0IDMyLjE3OUwxOC44ODEgMjYuOTkyM0wyNC44MDcxIDI5LjEwNkwyNC42MjQxIDIyLjgyNzdMMzAuNjYzMSAyMS4wNjEyTDI2LjgxNzYgMTYuMDg5NUwzMC42NjMxIDExLjExNzdMMjQuNjI0MSA5LjM1MTI3WiIgZmlsbD0id2hpdGUiLz4KPC9zdmc+Cg==)](https://www.digitalpublicgoods.net/r/primero)
 [![Build Status](https://github.com/primeroIMS/primero/actions/workflows/app.yml/badge.svg?branch=main)](https://github.com/primeroIMS/primero/actions)
 
 

app/controllers/api/v2/tokens_controller.rb

@@ -23,6 +23,9 @@ def respond_to_on_destroy
   end
 
   def create
+    # TODO: This may no longer be needed once we change to store session in the database will need to test
+    warden.logout(resource_name) if !current_user_match_params? && user_name_param.present?
+
     if Rails.configuration.x.idp.use_identity_provider
       create_idp
     else
@@ -40,6 +43,12 @@ def create_idp
     end
   end
 
+  # TODO: This will no longer be needed once we change to store session in the database
+  def destroy
+    session[:expires_at] = 30.minutes.ago
+    super
+  end
+
   def fail_to_authorize!(opts)
     throw(:warden, opts)
   end
@@ -68,4 +77,12 @@ def destroy_action_message
   def current_token
     IdpTokenStrategy.token_from_header(request.headers)
   end
+
+  def user_name_param
+    sign_in_params[resource_class.authentication_keys.first]
+  end
+
+  def current_user_match_params?
+    current_user&.user_name == user_name_param
+  end
 end

app/javascript/components/connectivity/selectors.js

@@ -30,3 +30,5 @@ export const getQueueData = state => state.getIn([NAMESPACE, "queueData"], fromJ
 export const hasQueueData = state => !getQueueData(state).isEmpty();
 
 export const selectUserToggleOffline = state => state.getIn([NAMESPACE, "fieldMode"], false);
+
+export const selectPendingUserLogin = state => state.getIn([NAMESPACE, "pendingUserLogin"], false);

app/javascript/components/connectivity/use-connectivity-status.js

@@ -18,7 +18,8 @@ import {
   selectNetworkStatus,
   selectServerStatusRetries,
   selectQueueStatus,
-  selectUserToggleOffline
+  selectUserToggleOffline,
+  selectPendingUserLogin
 } from "./selectors";
 import { checkServerStatus, setQueueData, setQueueStatus } from "./action-creators";
 import { CHECK_SERVER_INTERVAL, CHECK_SERVER_RETRY_INTERVAL } from "./constants";
@@ -34,6 +35,7 @@ const useConnectivityStatus = () => {
   const currentDialog = useMemoizedSelector(state => selectDialog(state));
   const serverStatusRetries = useMemoizedSelector(state => selectServerStatusRetries(state));
   const browserStatus = useMemoizedSelector(state => selectBrowserStatus(state));
+  const pendingUserLogin = useMemoizedSelector(state => selectPendingUserLogin(state));
 
   const fetchQueue = async () => {
     const queueData = await DB.getAll(DB_STORES.OFFLINE_REQUESTS);
@@ -105,7 +107,7 @@ const useConnectivityStatus = () => {
   }, [online, queueStatus]);
 
   useEffect(() => {
-    const ready = online && authenticated && queueStatus === QUEUE_READY;
+    const ready = online && authenticated && queueStatus === QUEUE_READY && !pendingUserLogin;
 
     const startQueue = async () => {
       Queue.ready = ready;
@@ -121,7 +123,7 @@ const useConnectivityStatus = () => {
     };
 
     startQueue();
-  }, [online, authenticated, queueStatus]);
+  }, [online, authenticated, queueStatus, pendingUserLogin]);
 
   useEffect(() => {
     setConnectionListeners();

app/javascript/components/pages/admin/code-of-conduct/action-creators.js

@@ -11,7 +11,8 @@ export const fetchCodeOfConduct = () => ({
   type: actions.FETCH_CODE_OF_CONDUCT,
   api: {
     path: RECORD_PATH.codes_of_conduct,
-    method: "GET"
+    method: "GET",
+    failureCallback: []
   }
 });
 

app/javascript/components/pages/admin/code-of-conduct/component.jsx

@@ -16,10 +16,11 @@ import { ROUTES } from "../../../../config";
 import LoadingIndicator from "../../../loading-indicator";
 import Permission, { MANAGE, RESOURCES } from "../../../permissions";
 import { useMemoizedSelector } from "../../../../libs";
+import { enqueueSnackbar, SNACKBAR_VARIANTS } from "../../../notifier";
 
 import { NAME, FORM_ID } from "./constants";
 import { form, validations } from "./form";
-import { getCodeOfConduct, getLoadingCodeOfConduct } from "./selectors";
+import { getCodeOfConduct, getFetchErrorsCodeOfConduct, getLoadingCodeOfConduct } from "./selectors";
 import { fetchCodeOfConduct, saveCodeOfConduct } from "./action-creators";
 
 function Component({ mode }) {
@@ -29,6 +30,7 @@ function Component({ mode }) {
   const { pathname } = useLocation();
   const dispatch = useDispatch();
 
+  const fetchErrors = useMemoizedSelector(state => getFetchErrorsCodeOfConduct(state));
   const codeOfConduct = useMemoizedSelector(state => getCodeOfConduct(state));
   const loadingCodeOfConduct = useMemoizedSelector(state => getLoadingCodeOfConduct(state));
 
@@ -75,6 +77,20 @@ function Component({ mode }) {
     dispatch(fetchCodeOfConduct());
   }, []);
 
+  useEffect(() => {
+    const messages = fetchErrors.reduce((acc, error) => {
+      if (error.get("status") === 404) {
+        return acc;
+      }
+
+      return acc.concat(error.get("message"));
+    }, []);
+
+    if (messages.length) {
+      dispatch(enqueueSnackbar(messages.join(", "), { variant: SNACKBAR_VARIANTS.error }));
+    }
+  }, [fetchErrors]);
+
   return (
     <Permission resources={RESOURCES.codes_of_conduct} actions={MANAGE} redirect>
       <LoadingIndicator hasData={!codeOfConduct.isEmpty()} type={NAME}>

app/javascript/components/pages/admin/code-of-conduct/reducer.js

@@ -10,10 +10,22 @@ export default (state = DEFAULT_STATE, { type, payload }) => {
   switch (type) {
     case actions.FETCH_CODE_OF_CONDUCT_STARTED:
     case actions.SAVE_CODE_OF_CONDUCT_STARTED:
-      return state.set("loading", true);
+      return state.set("loading", true).set("errors", false).set("fetchErrors", fromJS([]));
     case actions.FETCH_CODE_OF_CONDUCT_SUCCESS:
     case actions.SAVE_CODE_OF_CONDUCT_SUCCESS:
       return state.set("data", fromJS(payload.data));
+    case actions.SAVE_CODE_OF_CONDUCT_FAILURE: {
+      return state.set("loading", false).set("errors", true);
+    }
+    case actions.FETCH_CODE_OF_CONDUCT_FAILURE: {
+      const failureState = state.set("loading", false).set("errors", true);
+
+      if (payload.errors) {
+        return failureState.set("fetchErrors", fromJS(payload.errors));
+      }
+
+      return failureState;
+    }
     case actions.FETCH_CODE_OF_CONDUCT_FINISHED:
     case actions.SAVE_CODE_OF_CONDUCT_FINISHED:
       return state.set("loading", false);