Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: primeroIMS/primero
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.11.1
Choose a base ref
...
head repository: primeroIMS/primero
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: main
Choose a head ref

Commits on Dec 11, 2024

  1. Copy the full SHA
    743cb09 View commit details

Commits on Dec 18, 2024

  1. Copy the full SHA
    52a82f5 View commit details

Commits on Jan 7, 2025

  1. Bump version v2.11.1.1

    pnabutovsky committed Jan 7, 2025
    Copy the full SHA
    b18ad17 View commit details
  2. Merged in r2-3151-azdo-docker-build (pull request #7024)

    R2-3151 Parametrizing AzDO build agent pool
    pnabutovsky committed Jan 7, 2025
    Copy the full SHA
    b25d219 View commit details
  3. Copy the full SHA
    b0b86a2 View commit details

Commits on Jan 30, 2025

  1. Copy the full SHA
    912c7da View commit details
  2. Copy the full SHA
    3b4274f View commit details

Commits on Jan 31, 2025

  1. Update README.md

    Adding the DPGA badge
    RobertMacTavish authored Jan 31, 2025
    Copy the full SHA
    75b7944 View commit details
  2. Setting expiration on session in destroy action, cancelling following…

    … request if logging out, clearing session if username is different when login
    jtoliver-quoin committed Jan 31, 2025
    Copy the full SHA
    d77ded9 View commit details

Commits on Feb 6, 2025

  1. Fixing unit test, lint issues, and fixing issue where method in token…

    …s_controller is not checking if current_user is present
    jtoliver-quoin committed Feb 6, 2025
    Copy the full SHA
    de5ef2b View commit details
  2. Copy the full SHA
    730cf37 View commit details

Commits on Feb 11, 2025

  1. Copy the full SHA
    71d999f View commit details
  2. Copy the full SHA
    2a0a9d9 View commit details

Commits on Feb 12, 2025

  1. Copy the full SHA
    68fd247 View commit details
  2. Merged in r2-3199-security (pull request #7053)

    R2-3199: Updating openssl in postgres dockerfile
    jtoliver-quoin authored and pnabutovsky committed Feb 12, 2025
    Copy the full SHA
    9502bf2 View commit details
  3. Merged in r2-3197-performance-usergroup-n+1 (pull request #7051)

    R2-3197 Performance: N+1 for User Groups API
    aespinoza-quoin authored and pnabutovsky committed Feb 12, 2025
    Copy the full SHA
    3d21719 View commit details
  4. Copy the full SHA
    06e9892 View commit details
  5. Merged in r2-3148-gh-bb (pull request #7055)

    R2-3148: Reconciling Github with Bitbucket 02.12.25
    jtoliver-quoin committed Feb 12, 2025
    Copy the full SHA
    71dd94e View commit details
  6. Copy the full SHA
    6e95284 View commit details
  7. Merged in r2-3148-gh-bb (pull request #7056)

    R2-3148: Fixing link/placement of readme badge
    jtoliver-quoin committed Feb 12, 2025
    Copy the full SHA
    9ba2ce4 View commit details

Commits on Feb 13, 2025

  1. Merged in r2-3147-add-it-locale (pull request #7015)

    R2-3147 - Add Italian locale
    aespinoza-quoin authored and pnabutovsky committed Feb 13, 2025
    Copy the full SHA
    6a7bbd0 View commit details

Commits on Feb 14, 2025

  1. Merged in r2-3184-auth-bug (pull request #7047)

    R2-3184 Logout not refreshing session
    jtoliver-quoin authored and pnabutovsky committed Feb 14, 2025
    Copy the full SHA
    2d2b07b View commit details
  2. R2-3199: Updating rails to version 6.1.7.10, addressing cve vulnerabi…

    …lities in nginx docker image
    jtoliver-quoin committed Feb 14, 2025
    Copy the full SHA
    7a42203 View commit details
  3. Copy the full SHA
    a50d188 View commit details
  4. Merged in r2-3199-security (pull request #7058)

    R2-3199: Updating rails to version 6.1.7.10, addressing cve vulnerabilities in nginx docker image
    jtoliver-quoin authored and pnabutovsky committed Feb 14, 2025
    Copy the full SHA
    ab94461 View commit details

Commits on Feb 17, 2025

  1. Copy the full SHA
    c7f7b96 View commit details

Commits on Feb 18, 2025

  1. Merged in r2-3192-create-code-of-conduct (pull request #7059)

    R2-3192 - UAT - Admins can create code of conduct if none exists
    
    Approved-by: Joshua Toliver
    dhernandez-quoin authored and jtoliver-quoin committed Feb 18, 2025
    Copy the full SHA
    b5fe984 View commit details
  2. R2-3072 - Clicking back to "cases to assign" list gives error

    URLSearchParams encodes the plus sign (+) as a space, which incorrectly encodes
    date ranges with positive time zones (e.g., +00:00). This caused the
    DestringifyService to parse them as a range of strings, resulting in an
    invalid filter error. To ensure proper encoding of dates,
    we now use encodeURIComponent.
    dhernandez-quoin committed Feb 18, 2025
    Copy the full SHA
    366242d View commit details
  3. Merged in r2-3072-click-back-error (pull request #7060)

    R2-3072 - Clicking back to "cases to assign" list gives error
    
    Approved-by: Joshua Toliver
    dhernandez-quoin authored and jtoliver-quoin committed Feb 18, 2025
    Copy the full SHA
    dc10f25 View commit details
  4. Copy the full SHA
    144b152 View commit details
  5. Merged in r2-3206-release-2.11.1.2-main (pull request #7061)

    R2-3206 release 2.11.1.2 main
    aespinoza-quoin committed Feb 18, 2025
    Copy the full SHA
    59e8f55 View commit details
  6. Copy the full SHA
    3c84841 View commit details
  7. Copy the full SHA
    014f2ab View commit details

Commits on Feb 24, 2025

  1. Merged in r2-3215-release-2.11.2-main (pull request #7073)

    R2-3215: Merge release-2.11.2 to main 02.24.25
    jtoliver-quoin committed Feb 24, 2025
    Copy the full SHA
    620c7d2 View commit details
3 changes: 2 additions & 1 deletion Gemfile
Original file line number Diff line number Diff line change
@@ -34,7 +34,7 @@ gem 'prawn-table', '~> 0.2' # PDF generation
gem 'puma', '~> 6.4' # Ruby Rack server
gem 'rack', '~> 2.2'
gem 'rack-attack', '>= 6.6' # Rack middleware to rate limit sensetive routes, such as those used for auth
gem 'rails', '6.1.7.9'
gem 'rails', '6.1.7.10'
gem 'rake', '~> 13.0'
gem 'rbnacl', '>= 7.1.1' # Libsodium Ruby binding. Used for encrypting export file passwords.
gem 'rubyzip', '~> 2.3', # Zip and encrypt exported files
@@ -55,6 +55,7 @@ gem 'will_paginate', '~> 4.0' # Paginates ActiveRecord models TODO: Th
gem 'write_xlsx', '~> 1.11' # Exports XLSX

group :development, :test do
gem 'brakeman', require: false
gem 'bundler-audit', '~> 0.9'
gem 'ci_reporter', '~> 2.0'
gem 'factory_bot', '~> 5.0'
120 changes: 62 additions & 58 deletions Gemfile.lock
Original file line number Diff line number Diff line change
@@ -1,62 +1,62 @@
GEM
remote: https://rubygems.org/
specs:
actioncable (6.1.7.9)
actionpack (= 6.1.7.9)
activesupport (= 6.1.7.9)
actioncable (6.1.7.10)
actionpack (= 6.1.7.10)
activesupport (= 6.1.7.10)
nio4r (~> 2.0)
websocket-driver (>= 0.6.1)
actionmailbox (6.1.7.9)
actionpack (= 6.1.7.9)
activejob (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
actionmailbox (6.1.7.10)
actionpack (= 6.1.7.10)
activejob (= 6.1.7.10)
activerecord (= 6.1.7.10)
activestorage (= 6.1.7.10)
activesupport (= 6.1.7.10)
mail (>= 2.7.1)
actionmailer (6.1.7.9)
actionpack (= 6.1.7.9)
actionview (= 6.1.7.9)
activejob (= 6.1.7.9)
activesupport (= 6.1.7.9)
actionmailer (6.1.7.10)
actionpack (= 6.1.7.10)
actionview (= 6.1.7.10)
activejob (= 6.1.7.10)
activesupport (= 6.1.7.10)
mail (~> 2.5, >= 2.5.4)
rails-dom-testing (~> 2.0)
actionpack (6.1.7.9)
actionview (= 6.1.7.9)
activesupport (= 6.1.7.9)
actionpack (6.1.7.10)
actionview (= 6.1.7.10)
activesupport (= 6.1.7.10)
rack (~> 2.0, >= 2.0.9)
rack-test (>= 0.6.3)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.0, >= 1.2.0)
actiontext (6.1.7.9)
actionpack (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
actiontext (6.1.7.10)
actionpack (= 6.1.7.10)
activerecord (= 6.1.7.10)
activestorage (= 6.1.7.10)
activesupport (= 6.1.7.10)
nokogiri (>= 1.8.5)
actionview (6.1.7.9)
activesupport (= 6.1.7.9)
actionview (6.1.7.10)
activesupport (= 6.1.7.10)
builder (~> 3.1)
erubi (~> 1.4)
rails-dom-testing (~> 2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
activejob (6.1.7.9)
activesupport (= 6.1.7.9)
activejob (6.1.7.10)
activesupport (= 6.1.7.10)
globalid (>= 0.3.6)
activemodel (6.1.7.9)
activesupport (= 6.1.7.9)
activerecord (6.1.7.9)
activemodel (= 6.1.7.9)
activesupport (= 6.1.7.9)
activemodel (6.1.7.10)
activesupport (= 6.1.7.10)
activerecord (6.1.7.10)
activemodel (= 6.1.7.10)
activesupport (= 6.1.7.10)
activerecord-nulldb-adapter (0.9.0)
activerecord (>= 5.2.0, < 7.1)
activestorage (6.1.7.9)
actionpack (= 6.1.7.9)
activejob (= 6.1.7.9)
activerecord (= 6.1.7.9)
activesupport (= 6.1.7.9)
activestorage (6.1.7.10)
actionpack (= 6.1.7.10)
activejob (= 6.1.7.10)
activerecord (= 6.1.7.10)
activesupport (= 6.1.7.10)
marcel (~> 1.0)
mini_mime (>= 1.1.0)
activesupport (6.1.7.9)
activesupport (6.1.7.10)
concurrent-ruby (~> 1.0, >= 1.0.2)
i18n (>= 1.6, < 2)
minitest (>= 5.1)
@@ -94,6 +94,8 @@ GEM
nokogiri (~> 1.6, >= 1.6.8)
base64 (0.1.1)
bcrypt (3.1.20)
brakeman (7.0.0)
racc
builder (3.2.4)
bundler-audit (0.9.1)
bundler (>= 1.2.0, < 3)
@@ -209,14 +211,14 @@ GEM
multipart-post (2.3.0)
net-http-persistent (4.0.2)
connection_pool (~> 2.2)
net-imap (0.5.1)
net-imap (0.5.6)
date
net-protocol
net-pop (0.1.2)
net-protocol
net-protocol (0.2.2)
timeout
net-smtp (0.5.0)
net-smtp (0.5.1)
net-protocol
nio4r (2.7.4)
nokogiri (1.16.8)
@@ -257,20 +259,20 @@ GEM
rack_session_access (0.2.0)
builder (>= 2.0.0)
rack (>= 1.0.0)
rails (6.1.7.9)
actioncable (= 6.1.7.9)
actionmailbox (= 6.1.7.9)
actionmailer (= 6.1.7.9)
actionpack (= 6.1.7.9)
actiontext (= 6.1.7.9)
actionview (= 6.1.7.9)
activejob (= 6.1.7.9)
activemodel (= 6.1.7.9)
activerecord (= 6.1.7.9)
activestorage (= 6.1.7.9)
activesupport (= 6.1.7.9)
rails (6.1.7.10)
actioncable (= 6.1.7.10)
actionmailbox (= 6.1.7.10)
actionmailer (= 6.1.7.10)
actionpack (= 6.1.7.10)
actiontext (= 6.1.7.10)
actionview (= 6.1.7.10)
activejob (= 6.1.7.10)
activemodel (= 6.1.7.10)
activerecord (= 6.1.7.10)
activestorage (= 6.1.7.10)
activesupport (= 6.1.7.10)
bundler (>= 1.15.0)
railties (= 6.1.7.9)
railties (= 6.1.7.10)
sprockets-rails (>= 2.0.0)
rails-controller-testing (1.0.5)
actionpack (>= 5.0.1.rc1)
@@ -286,9 +288,9 @@ GEM
rails-i18n (7.0.8)
i18n (>= 0.7, < 2)
railties (>= 6.0.0, < 8)
railties (6.1.7.9)
actionpack (= 6.1.7.9)
activesupport (= 6.1.7.9)
railties (6.1.7.10)
actionpack (= 6.1.7.10)
activesupport (= 6.1.7.10)
method_source
rake (>= 12.2)
thor (~> 1.0)
@@ -401,7 +403,7 @@ GEM
unicode-display_width (>= 1.1.1, < 3)
text (1.3.1)
thor (1.3.1)
timeout (0.4.2)
timeout (0.4.3)
ttfunk (1.7.0)
twitter_cldr (4.4.5)
camertron-eprun
@@ -422,7 +424,8 @@ GEM
hkdf (~> 1.0)
jwt (~> 2.0)
openssl (~> 3.0)
websocket-driver (0.7.6)
websocket-driver (0.7.7)
base64
websocket-extensions (>= 0.1.0)
websocket-extensions (0.1.5)
will_paginate (4.0.0)
@@ -437,6 +440,7 @@ DEPENDENCIES
activerecord-nulldb-adapter
aws-sdk-s3 (~> 1.130)
azure-storage-blob (~> 1.1)
brakeman
bundler-audit (~> 0.9)
cancancan (~> 3.5)
ci_reporter (~> 2.0)
@@ -474,7 +478,7 @@ DEPENDENCIES
rack-mini-profiler (>= 1.0.0)
rack-test (~> 1.1)
rack_session_access (~> 0.2)
rails (= 6.1.7.9)
rails (= 6.1.7.10)
rails-controller-testing (~> 1.0)
rake (~> 13.0)
rbnacl (>= 7.1.1)
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!-- Copyright (c) 2014 - 2023 UNICEF. All rights reserved. -->

Primero
========
[![DPG Badge](https://img.shields.io/badge/Verified-DPG-3333AB?logo=data:image/svg%2bxml;base64,PHN2ZyB3aWR0aD0iMzEiIGhlaWdodD0iMzMiIHZpZXdCb3g9IjAgMCAzMSAzMyIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTE0LjIwMDggMjEuMzY3OEwxMC4xNzM2IDE4LjAxMjRMMTEuNTIxOSAxNi40MDAzTDEzLjk5MjggMTguNDU5TDE5LjYyNjkgMTIuMjExMUwyMS4xOTA5IDEzLjYxNkwxNC4yMDA4IDIxLjM2NzhaTTI0LjYyNDEgOS4zNTEyN0wyNC44MDcxIDMuMDcyOTdMMTguODgxIDUuMTg2NjJMMTUuMzMxNCAtMi4zMzA4MmUtMDVMMTEuNzgyMSA1LjE4NjYyTDUuODU2MDEgMy4wNzI5N0w2LjAzOTA2IDkuMzUxMjdMMCAxMS4xMTc3TDMuODQ1MjEgMTYuMDg5NUwwIDIxLjA2MTJMNi4wMzkwNiAyMi44Mjc3TDUuODU2MDEgMjkuMTA2TDExLjc4MjEgMjYuOTkyM0wxNS4zMzE0IDMyLjE3OUwxOC44ODEgMjYuOTkyM0wyNC44MDcxIDI5LjEwNkwyNC42MjQxIDIyLjgyNzdMMzAuNjYzMSAyMS4wNjEyTDI2LjgxNzYgMTYuMDg5NUwzMC42NjMxIDExLjExNzdMMjQuNjI0MSA5LjM1MTI3WiIgZmlsbD0id2hpdGUiLz4KPC9zdmc+Cg==)](https://www.digitalpublicgoods.net/r/primero)
[![Build Status](https://github.com/primeroIMS/primero/actions/workflows/app.yml/badge.svg?branch=main)](https://github.com/primeroIMS/primero/actions)


17 changes: 17 additions & 0 deletions app/controllers/api/v2/tokens_controller.rb
Original file line number Diff line number Diff line change
@@ -23,6 +23,9 @@ def respond_to_on_destroy
end

def create
# TODO: This may no longer be needed once we change to store session in the database will need to test
warden.logout(resource_name) if !current_user_match_params? && user_name_param.present?

if Rails.configuration.x.idp.use_identity_provider
create_idp
else
@@ -40,6 +43,12 @@ def create_idp
end
end

# TODO: This will no longer be needed once we change to store session in the database
def destroy
session[:expires_at] = 30.minutes.ago
super
end

def fail_to_authorize!(opts)
throw(:warden, opts)
end
@@ -68,4 +77,12 @@ def destroy_action_message
def current_token
IdpTokenStrategy.token_from_header(request.headers)
end

def user_name_param
sign_in_params[resource_class.authentication_keys.first]
end

def current_user_match_params?
current_user&.user_name == user_name_param
end
end
2 changes: 2 additions & 0 deletions app/javascript/components/connectivity/selectors.js
Original file line number Diff line number Diff line change
@@ -30,3 +30,5 @@ export const getQueueData = state => state.getIn([NAMESPACE, "queueData"], fromJ
export const hasQueueData = state => !getQueueData(state).isEmpty();

export const selectUserToggleOffline = state => state.getIn([NAMESPACE, "fieldMode"], false);

export const selectPendingUserLogin = state => state.getIn([NAMESPACE, "pendingUserLogin"], false);
Original file line number Diff line number Diff line change
@@ -18,7 +18,8 @@ import {
selectNetworkStatus,
selectServerStatusRetries,
selectQueueStatus,
selectUserToggleOffline
selectUserToggleOffline,
selectPendingUserLogin
} from "./selectors";
import { checkServerStatus, setQueueData, setQueueStatus } from "./action-creators";
import { CHECK_SERVER_INTERVAL, CHECK_SERVER_RETRY_INTERVAL } from "./constants";
@@ -34,6 +35,7 @@ const useConnectivityStatus = () => {
const currentDialog = useMemoizedSelector(state => selectDialog(state));
const serverStatusRetries = useMemoizedSelector(state => selectServerStatusRetries(state));
const browserStatus = useMemoizedSelector(state => selectBrowserStatus(state));
const pendingUserLogin = useMemoizedSelector(state => selectPendingUserLogin(state));

const fetchQueue = async () => {
const queueData = await DB.getAll(DB_STORES.OFFLINE_REQUESTS);
@@ -105,7 +107,7 @@ const useConnectivityStatus = () => {
}, [online, queueStatus]);

useEffect(() => {
const ready = online && authenticated && queueStatus === QUEUE_READY;
const ready = online && authenticated && queueStatus === QUEUE_READY && !pendingUserLogin;

const startQueue = async () => {
Queue.ready = ready;
@@ -121,7 +123,7 @@ const useConnectivityStatus = () => {
};

startQueue();
}, [online, authenticated, queueStatus]);
}, [online, authenticated, queueStatus, pendingUserLogin]);

useEffect(() => {
setConnectionListeners();
Original file line number Diff line number Diff line change
@@ -11,7 +11,8 @@ export const fetchCodeOfConduct = () => ({
type: actions.FETCH_CODE_OF_CONDUCT,
api: {
path: RECORD_PATH.codes_of_conduct,
method: "GET"
method: "GET",
failureCallback: []
}
});

Original file line number Diff line number Diff line change
@@ -16,10 +16,11 @@ import { ROUTES } from "../../../../config";
import LoadingIndicator from "../../../loading-indicator";
import Permission, { MANAGE, RESOURCES } from "../../../permissions";
import { useMemoizedSelector } from "../../../../libs";
import { enqueueSnackbar, SNACKBAR_VARIANTS } from "../../../notifier";

import { NAME, FORM_ID } from "./constants";
import { form, validations } from "./form";
import { getCodeOfConduct, getLoadingCodeOfConduct } from "./selectors";
import { getCodeOfConduct, getFetchErrorsCodeOfConduct, getLoadingCodeOfConduct } from "./selectors";
import { fetchCodeOfConduct, saveCodeOfConduct } from "./action-creators";

function Component({ mode }) {
@@ -29,6 +30,7 @@ function Component({ mode }) {
const { pathname } = useLocation();
const dispatch = useDispatch();

const fetchErrors = useMemoizedSelector(state => getFetchErrorsCodeOfConduct(state));
const codeOfConduct = useMemoizedSelector(state => getCodeOfConduct(state));
const loadingCodeOfConduct = useMemoizedSelector(state => getLoadingCodeOfConduct(state));

@@ -75,6 +77,20 @@ function Component({ mode }) {
dispatch(fetchCodeOfConduct());
}, []);

useEffect(() => {
const messages = fetchErrors.reduce((acc, error) => {
if (error.get("status") === 404) {
return acc;
}

return acc.concat(error.get("message"));
}, []);

if (messages.length) {
dispatch(enqueueSnackbar(messages.join(", "), { variant: SNACKBAR_VARIANTS.error }));
}
}, [fetchErrors]);

return (
<Permission resources={RESOURCES.codes_of_conduct} actions={MANAGE} redirect>
<LoadingIndicator hasData={!codeOfConduct.isEmpty()} type={NAME}>
14 changes: 13 additions & 1 deletion app/javascript/components/pages/admin/code-of-conduct/reducer.js
Original file line number Diff line number Diff line change
@@ -10,10 +10,22 @@ export default (state = DEFAULT_STATE, { type, payload }) => {
switch (type) {
case actions.FETCH_CODE_OF_CONDUCT_STARTED:
case actions.SAVE_CODE_OF_CONDUCT_STARTED:
return state.set("loading", true);
return state.set("loading", true).set("errors", false).set("fetchErrors", fromJS([]));
case actions.FETCH_CODE_OF_CONDUCT_SUCCESS:
case actions.SAVE_CODE_OF_CONDUCT_SUCCESS:
return state.set("data", fromJS(payload.data));
case actions.SAVE_CODE_OF_CONDUCT_FAILURE: {
return state.set("loading", false).set("errors", true);
}
case actions.FETCH_CODE_OF_CONDUCT_FAILURE: {
const failureState = state.set("loading", false).set("errors", true);

if (payload.errors) {
return failureState.set("fetchErrors", fromJS(payload.errors));
}

return failureState;
}
case actions.FETCH_CODE_OF_CONDUCT_FINISHED:
case actions.SAVE_CODE_OF_CONDUCT_FINISHED:
return state.set("loading", false);
Loading