Merge branch 'dev' for release 4.2.0

.dockerignore

@@ -5,29 +5,50 @@ vendor/cache
 config/database.yml
 config/application.yml
 
-# Ignore the default SQLite database.
+# Ignore database files.
 db/*.sqlite3
 db/*.sqlite3-journal
+postgresql
+elasticsearch
+redis
 
-# Ignore all logfiles and tempfiles.
-log
-tmp
 
+# Ignore public assets
 public/uploads
 public/assets
 
+# Ignore all logfiles and tempfiles.
+log
+*.log
+tmp
+
+# Ignore platform dependent files
 *.DS_Store
 .idea
 
 # PDF invoices
 invoices
 
+# Excel exports
+exports
+
+# CSV imports
+imports
+
 .DS_Store
 
+# Development files
 .vagrant
 Vagrantfile
-
+provision
 .git*
-
 Dockerfile
 docker-compose*
+test
+
+# Docs
+*.md
+doc
+
+# Modules
+node_modules

.gitignore

@@ -34,6 +34,9 @@
 # XLSX exports
 /exports/*
 
+# CSV imports
+/imports/*
+
 # Archives of cLosed accounting periods
 /accounting/*
 

.rubocop.yml

@@ -1,9 +1,9 @@
 Metrics/LineLength:
   Max: 140
 Metrics/MethodLength:
-  Max: 30
+  Max: 35
 Metrics/CyclomaticComplexity:
-  Max: 9
+  Max: 13
 Metrics/PerceivedComplexity:
   Max: 9
 Metrics/AbcSize:
@@ -16,6 +16,8 @@ Metrics/BlockLength:
     - 'lib/tasks/**/*.rake'
     - 'config/routes.rb'
     - 'app/pdfs/pdf/*.rb'
+Metrics/ParameterLists:
+  CountKeywordArgs: false
 Style/BracesAroundHashParameters:
   EnforcedStyle: context_dependent
 Style/RegexpLiteral:

CHANGELOG.md

@@ -1,10 +1,49 @@
 # Changelog Fab Manager
 
-## v4.1.1 2019 september 20
-
-- fix a bug: api/reservations#index was using user_id instead of statistic_profile_id
-- fix a bug: event_service#date_range method, test on all_day was never truthy
-- fix a bug: sidekiq 5 does not have delay_for method anymore, uses perform_in instead
+## v4.2.0 2019 October 21
+
+- Upgraded PostgreSQL from 9.4 to 9.6
+- Optional reCaptcha checkbox in sign-up form
+- Ability to configure and export the accounting data to the ACD accounting software
+- Compute the VAT per item in each invoices, instead of globally
+- Use Alpine Linux to build the Docker image (#147)
+- Updated omniauth & omniauth-oauth2 gems
+- Ability to set project's CAO attachement maximum upload size
+- Ability to bulk-import members from a CSV file
+- Ability to disable invoices generation and interfaces
+- Added a known issue to the README (#152)
+- Ability to fully rebuild the projets index in ElasticSearch with rake fablab:es:build_projects_index
+- Ability to configure SMTP connection to use SMTP/TLS
+- Updated user's manual for v4.2 (fr)
+- Fix a bug: invoices with total = 0, are marked as paid on site even if paid by card
+- Fix a bug: after disabling a group, its associated plans are hidden from the interface
+- Fix a bug: in case of unexpected server error during stripe payment process, the confirm button is not unlocked
+- Fix a bug: create a plan does not set its name
+- Fix a bug: unable to dissociate the last machine from a formation
+- Fix a bug: in profile_complete form, the user's group is not selected by default
+- Fix a bug: missing asterisks on some required fields in profile_complete form 
+- Fix a bug: public calendar won't show anything if the current date range include a reserved space availability (#151)
+- Fix a bug: invoices list is not shown by default in "manage invoices" section
+- Fix a bug: unable to run rake fablab:es:* tasks due to an issue with gem faraday 0.16.x (was updated to 0.17)
+- Fix a bug: unauthorized user can see the edit project form
+- Fix a bug: do not display each days in invoices for multiple days event reservation 
+- Fix a security issue: fixed [CVE-2015-9284](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9284)
+- [TODO DEPLOY] **IMPORTANT** Please read [postgres_upgrade.md](doc/postgres_upgrade.md) for instructions on upgrading PostgreSQL. 
+- [TODO DEPLOY] `rake db:migrate`
+- [TODO DEPLOY] -> (only dev) `yarn install` and `bundle install`
+- [TODO DEPLOY] -> (only dev) configure `DEFAULT_HOST: 'localhost:5000'` and `DEFAULT_PROTOCOL: http` in [application.yml](config/application.yml.default)
+- [TODO DEPLOY] add the `RECAPTCHA_SITE_KEY` and `RECAPTCHA_SECRET_KEY` environment variables (see [doc/environment.md](doc/environment.md) for configuration details)
+- [TODO DEPLOY] add the `MAX_CAO_SIZE` environment variable (see [doc/environment.md](doc/environment.md) for configuration details)
+- [TODO DEPLOY] add the `MAX_IMPORT_SIZE` environment variable (see [doc/environment.md](doc/environment.md) for configuration details)
+- [TODO DEPLOY] add `- ${PWD}/imports:/usr/src/app/imports` in the volumes list of your fabmanager service in [docker-compose.yml](docker/docker-compose.yml)
+- [TODO DEPLOY] add the `FABLAB_WITHOUT_INVOICES` environment variable (see [doc/environment.md](doc/environment.md) for configuration details)
+- [TODO DEPLOY] add the following environment variables: `SMTP_TLS`
+
+## v4.1.1 2019 September 20
+
+- Fix a bug: api/reservations#index was using user_id instead of statistic_profile_id
+- Fix a bug: event_service#date_range method, test on all_day was never truthy
+- Fix a bug: sidekiq 5 does not have delay_for method anymore, uses perform_in instead
 
 ## v4.1.0 2019 September 12
 

Dockerfile

@@ -1,79 +1,86 @@
-FROM ruby:2.3
+FROM ruby:2.3.8-alpine
 MAINTAINER [email protected]
 
-# First we need to be able to fetch from https repositories
-RUN apt-get update && \
-    apt-get install -y apt-transport-https \
-      ca-certificates apt-utils
-
-
-# Add sources for external tools to APT
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
-    curl -sSL https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add - && \
-    echo "deb https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list && \
-    echo "deb https://deb.nodesource.com/node_10.x jessie main" > /etc/apt/sources.list.d/nodesource.list && \
-    echo "deb-src https://deb.nodesource.com/node_10.x jessie main" >> /etc/apt/sources.list.d/nodesource.list
-
-# Install apt based dependencies required to run Rails as
-# well as RubyGems. As the Ruby image itself is based on a
-# Debian image, we use apt-get to install those.
-RUN apt-get update && \
-    apt-get install -y \
+# Install upgrade system packages
+RUN apk update && apk upgrade && \
+# Install runtime apk dependencies
+    apk add --update \
+      bash \
+      curl \
       nodejs \
+      yarn \
+      imagemagick \
       supervisor \
-      yarn
-
-# throw errors if Gemfile has been modified since Gemfile.lock
+      tzdata \
+      libc-dev \
+      ruby-dev \
+      zlib-dev \
+      xz-dev \
+      postgresql-dev \
+      libxml2-dev \
+      libxslt-dev \
+      libidn-dev && \
+# Install buildtime apk dependencies
+    apk add --update --no-cache --virtual .build-deps \
+      alpine-sdk \
+      build-base \
+      linux-headers \
+      git \
+      patch
+
+# Throw error if Gemfile has been modified since Gemfile.lock
 RUN bundle config --global frozen 1
 
-# Run Bundle in a cache efficient way
+# Install gems in a cache efficient way
 WORKDIR /tmp
 COPY Gemfile /tmp/
 COPY Gemfile.lock /tmp/
-RUN bundle install --binstubs
+RUN bundle install --binstubs --without development test doc
 
+# Install Javascript packages
+WORKDIR /usr/src/app
+COPY package.json /usr/src/app/package.json
+COPY yarn.lock /usr/src/app/yarn.lock
+RUN yarn install
 
-# Clean up APT when done.
-#RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+# Clean up build deps, cached packages and temp files
+RUN apk del .build-deps && \
+    yarn cache clean && \
+    rm -rf /tmp/* \
+           /var/tmp/* \
+           /var/cache/apk/* \
+           /usr/lib/ruby/gems/*/cache/*
 
 # Web app
 RUN mkdir -p /usr/src/app && \
     mkdir -p /usr/src/app/config && \
     mkdir -p /usr/src/app/invoices && \
     mkdir -p /usr/src/app/exports && \
+    mkdir -p /usr/src/app/imports && \
     mkdir -p /usr/src/app/log && \
     mkdir -p /usr/src/app/public/uploads && \
     mkdir -p /usr/src/app/public/assets && \
     mkdir -p /usr/src/app/accounting && \
     mkdir -p /usr/src/app/tmp/sockets && \
     mkdir -p /usr/src/app/tmp/pids
 
-WORKDIR /usr/src/app
-
 COPY docker/database.yml /usr/src/app/config/database.yml
-COPY package.json /usr/src/app/package.json
-COPY yarn.lock /usr/src/app/yarn.lock
-
-# Run Yarn
-RUN yarn install
-
 COPY . /usr/src/app
 
 # Volumes
 VOLUME /usr/src/app/invoices
 VOLUME /usr/src/app/exports
+VOLUME /usr/src/app/imports
 VOLUME /usr/src/app/public
 VOLUME /usr/src/app/public/uploads
 VOLUME /usr/src/app/public/assets
 VOLUME /usr/src/app/accounting
 VOLUME /var/log/supervisor
 
-# Expose port 3000 to the Docker host, so we can access it
-# from the outside.
+# Expose port 3000 to the Docker host, so we can access it from the outside
 EXPOSE 3000
 
-# The main command to run when the container starts. Also
-# tell the Rails dev server to bind to all interfaces by
-# default.
+# The main command to run when the container starts. Also tell the Rails server
+# to bind to all interfaces by default.
 COPY docker/supervisor.conf /etc/supervisor/conf.d/fablab.conf
-CMD ["/usr/bin/supervisord"]
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/fablab.conf"]

Gemfile

@@ -3,6 +3,8 @@ source 'https://rubygems.org'
 gem 'compass-rails', '2.0.4'
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '4.2.11.1'
+# Use Puma as web server
+gem 'puma', '3.10.0'
 # Use SCSS for stylesheets
 gem 'sass-rails', '5.0.1'
 
@@ -45,7 +47,6 @@ group :development do
   gem 'foreman'
   # Preview mail in the browser
   gem 'mailcatcher'
-  gem 'puma'
   gem 'rb-readline'
 end
 
@@ -68,10 +69,11 @@ gem 'seed_dump'
 
 gem 'pg'
 
-gem 'devise', ">= 4.6.0"
+gem 'devise', '>= 4.6.0'
 
-gem 'omniauth', '~> 1.6.0'
+gem 'omniauth', '~> 1.9.0'
 gem 'omniauth-oauth2'
+gem 'omniauth-rails_csrf_protection', '~> 0.1'
 
 gem 'rolify'
 
@@ -97,8 +99,8 @@ gem 'friendly_id', '~> 5.1.0'
 gem 'aasm'
 
 # Background job processing
-gem 'sidekiq', '>= 3.4.2'
 gem 'redis-namespace'
+gem 'sidekiq', '>= 3.4.2'
 gem 'sinatra', require: false
 # Recurring jobs for Sidekiq
 gem 'sidekiq-cron'
@@ -148,3 +150,5 @@ gem 'rack-protection', '1.5.5'
 gem 'sys-filesystem'
 
 gem 'sha3'
+
+gem 'repost'