Merge branch 'dev' into 52127-truncate-long-text-fields-and-disable-e…

…xpand-action
opf · Feb 21, 2024 · 67877a4 · 67877a4
2 parents 6e095ad + 1f7d376
commit 67877a4
Show file tree

Hide file tree

Showing 217 changed files with 1,533 additions and 1,096 deletions.
diff --git a/.github/workflows/brakeman-scan-core.yml b/.github/workflows/brakeman-scan-core.yml
@@ -29,11 +29,6 @@ jobs:
 
       - name: Setup Ruby
         uses: ruby/setup-ruby@v1
-        with:
-          # FIXME: remove the ruby version once '3.2.2' is released.
-          # This is set to head to fix ruby segfaulting when brakeman is
-          # used. See https://bugs.ruby-lang.org/issues/19433
-          ruby-version: 'head'
 
       - name: Setup Brakeman
         run: |

diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml
@@ -19,9 +19,8 @@ jobs:
           TOKEN: ${{ secrets.OPENPROJECT_CI_TOKEN }}
           REPOSITORY: opf/openproject-flavours
           WORKFLOW_ID: ci.yml
-          CORE_REF: ${{ github.ref_name }}
         run: |
           curl -i --fail-with-body -H"authorization: Bearer $TOKEN" \
             -XPOST -H"Accept: application/vnd.github.v3+json" \
             https://api.github.com/repos/$REPOSITORY/actions/workflows/$WORKFLOW_ID/dispatches \
-            -d '{"ref": "dev", "inputs": { "ref" : "'$CORE_REF'" }}'
+            -d '{"ref": "dev", "inputs": { "ref" : "${{ github.ref_name }}" }}'
diff --git a/Gemfile b/Gemfile
@@ -156,7 +156,7 @@ gem 'structured_warnings', '~> 0.4.0'
 # don't require by default, instead load on-demand when actually configured
 gem 'airbrake', '~> 13.0.0', require: false
 
-gem 'md_to_pdf', git: 'https://github.com/opf/md-to-pdf', ref: '04d22bfa73fbeb549fb1f215a6b9a81cfe820814'
+gem 'md_to_pdf', git: 'https://github.com/opf/md-to-pdf', ref: '82c2b5cc25a28fbd62cb05b17d9ba0f68d701109'
 gem 'prawn', '~> 2.4'
 # prawn implicitly depends on matrix gem no longer in ruby core with 3.1
 gem 'matrix', '~> 0.4.2'
@@ -213,7 +213,7 @@ gem 'appsignal', '~> 3.0', require: false
 
 gem 'view_component'
 # Lookbook
-gem 'lookbook', github: 'ViewComponent/lookbook', ref: '473f86d7e343cd78b74cc293a4de06b9b5e7a3e2'
+gem 'lookbook', '~> 2.2.1'
 
 # Require factory_bot for usage with openproject plugins testing
 gem 'factory_bot', '~> 6.4.0', require: false
@@ -263,7 +263,7 @@ group :test do
   gem 'capybara-screenshot', '~> 1.0.17'
   gem 'cuprite', '~> 0.15.0'
   gem 'selenium-devtools'
-  gem 'selenium-webdriver', '~> 4.17.0'
+  gem 'selenium-webdriver', '~> 4.18.0'
 
   gem 'fuubar', '~> 2.5.0'
   gem 'timecop', '~> 0.9.0'
@@ -382,4 +382,4 @@ end
 
 gem 'openproject-octicons', '~>19.8.0'
 gem 'openproject-octicons_helper', '~>19.8.0'
-gem 'openproject-primer_view_components', '~>0.20.0'
+gem 'openproject-primer_view_components', '~>0.22.2'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,21 +1,3 @@
-GIT
-  remote: https://github.com/ViewComponent/lookbook.git
-  revision: 473f86d7e343cd78b74cc293a4de06b9b5e7a3e2
-  ref: 473f86d7e343cd78b74cc293a4de06b9b5e7a3e2
-  specs:
-    lookbook (2.2.0)
-      activemodel
-      css_parser
-      htmlbeautifier (~> 1.3)
-      htmlentities (~> 4.3.4)
-      marcel (~> 1.0)
-      railties (>= 5.0)
-      redcarpet (~> 3.5)
-      rouge (>= 3.26, < 5.0)
-      view_component (>= 2.0)
-      yard (~> 0.9.25)
-      zeitwerk (~> 2.5)
-
 GIT
   remote: https://github.com/citizensadvice/capybara_accessible_selectors
   revision: 621e394ff9bafb420fb15792c3a3e3334a618687
@@ -36,16 +18,16 @@ GIT
 
 GIT
   remote: https://github.com/opf/md-to-pdf
-  revision: 04d22bfa73fbeb549fb1f215a6b9a81cfe820814
-  ref: 04d22bfa73fbeb549fb1f215a6b9a81cfe820814
+  revision: 82c2b5cc25a28fbd62cb05b17d9ba0f68d701109
+  ref: 82c2b5cc25a28fbd62cb05b17d9ba0f68d701109
   specs:
-    md_to_pdf (0.0.24)
+    md_to_pdf (0.0.25)
       color_conversion (~> 0.1)
       front_matter_parser (~> 1.0)
       json-schema (~> 4.1)
-      markly (~> 0.7)
+      markly (~> 0.10)
       matrix (~> 0.4)
-      nokogiri (~> 1.1)
+      nokogiri (~> 1.16)
       prawn (~> 2.4)
       prawn-table (~> 0.2)
       text-hyphen (~> 1.5)
@@ -219,7 +201,7 @@ PATH
   remote: modules/two_factor_authentication
   specs:
     openproject-two_factor_authentication (1.0.0)
-      aws-sdk-sns (~> 1.71.0)
+      aws-sdk-sns (~> 1.72.0)
       messagebird-rest (~> 1.4.2)
       rotp (~> 6.1)
 
@@ -351,11 +333,12 @@ GEM
     awesome_nested_set (3.6.0)
       activerecord (>= 4.0.0, < 7.2)
     aws-eventstream (1.3.0)
-    aws-partitions (1.888.0)
-    aws-sdk-core (3.191.1)
+    aws-partitions (1.894.0)
+    aws-sdk-core (3.191.2)
       aws-eventstream (~> 1, >= 1.3.0)
       aws-partitions (~> 1, >= 1.651.0)
       aws-sigv4 (~> 1.8)
+      base64
       jmespath (~> 1, >= 1.6.1)
     aws-sdk-kms (1.77.0)
       aws-sdk-core (~> 3, >= 3.191.0)
@@ -364,7 +347,7 @@ GEM
       aws-sdk-core (~> 3, >= 3.191.0)
       aws-sdk-kms (~> 1)
       aws-sigv4 (~> 1.8)
-    aws-sdk-sns (1.71.0)
+    aws-sdk-sns (1.72.0)
       aws-sdk-core (~> 3, >= 3.191.0)
       aws-sigv4 (~> 1.1)
     aws-sigv4 (1.8.0)
@@ -390,7 +373,7 @@ GEM
       parser (>= 2.4)
       smart_properties
     bigdecimal (3.1.6)
-    bindata (2.4.15)
+    bindata (2.5.0)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
     brakeman (6.1.2)
@@ -435,7 +418,7 @@ GEM
     concurrent-ruby (1.2.3)
     connection_pool (2.4.1)
     cookiejar (0.3.4)
-    crack (0.4.6)
+    crack (1.0.0)
       bigdecimal
       rexml
     crass (1.0.6)
@@ -445,8 +428,7 @@ GEM
       capybara (~> 3.0)
       ferrum (~> 0.14.0)
     daemons (1.4.1)
-    dalli (3.2.7)
-      base64
+    dalli (3.2.8)
     date (3.3.4)
     date_validator (0.12.0)
       activemodel (>= 3)
@@ -470,12 +452,12 @@ GEM
     disposable (0.6.3)
       declarative (>= 0.0.9, < 1.0.0)
       representable (>= 3.1.1, < 4)
-    doorkeeper (5.6.8)
+    doorkeeper (5.6.9)
       railties (>= 5)
-    dotenv (2.8.1)
-    dotenv-rails (2.8.1)
-      dotenv (= 2.8.1)
-      railties (>= 3.2)
+    dotenv (3.0.2)
+    dotenv-rails (3.0.2)
+      dotenv (= 3.0.2)
+      railties (>= 6.1)
     drb (2.2.0)
       ruby2_keywords
     dry-container (0.11.0)
@@ -589,7 +571,7 @@ GEM
       google-apis-core (>= 0.12.0, < 2.a)
     google-cloud-env (2.1.1)
       faraday (>= 1.0, < 3.a)
-    googleauth (1.10.0)
+    googleauth (1.11.0)
       faraday (>= 1.0, < 3.a)
       google-cloud-env (~> 2.1)
       jwt (>= 1.4, < 3.0)
@@ -615,7 +597,7 @@ GEM
     html-pipeline (2.14.3)
       activesupport (>= 2)
       nokogiri (>= 1.4)
-    htmlbeautifier (1.4.2)
+    htmlbeautifier (1.4.3)
     htmldiff (0.0.1)
     htmlentities (4.3.4)
     http-2-next (1.0.3)
@@ -667,14 +649,15 @@ GEM
     json_spec (1.1.5)
       multi_json (~> 1.0)
       rspec (>= 2.0, < 4.0)
-    jwt (2.7.1)
+    jwt (2.8.0)
+      base64
     ladle (1.0.1)
       open4 (~> 1.0)
     language_server-protocol (3.17.0.3)
     launchy (2.5.2)
       addressable (~> 2.8)
     lefthook (1.6.1)
-    letter_opener (1.8.1)
+    letter_opener (1.9.0)
       launchy (>= 2.2, < 3)
     listen (3.8.0)
       rb-fsevent (~> 0.10, >= 0.10.3)
@@ -691,6 +674,18 @@ GEM
     loofah (2.22.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
+    lookbook (2.2.1)
+      activemodel
+      css_parser
+      htmlbeautifier (~> 1.3)
+      htmlentities (~> 4.3.4)
+      marcel (~> 1.0)
+      railties (>= 5.0)
+      redcarpet (~> 3.5)
+      rouge (>= 3.26, < 5.0)
+      view_component (>= 2.0)
+      yard (~> 0.9.25)
+      zeitwerk (~> 2.5)
     mail (2.8.1)
       mini_mime (>= 0.1.1)
       net-imap
@@ -757,7 +752,7 @@ GEM
       actionview
       openproject-octicons (= 19.8.0)
       railties
-    openproject-primer_view_components (0.20.0)
+    openproject-primer_view_components (0.22.2)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
       openproject-octicons (>= 19.8.0)
@@ -770,7 +765,7 @@ GEM
       activerecord (>= 6.1)
       request_store (~> 1.4)
     parallel (1.24.0)
-    parallel_tests (4.5.0)
+    parallel_tests (4.5.1)
       parallel
     parser (3.3.0.5)
       ast (~> 2.4.1)
@@ -784,7 +779,7 @@ GEM
       hashery (~> 2.0)
       ruby-rc4
       ttfunk
-    pg (1.5.4)
+    pg (1.5.5)
     plaintext (0.3.4)
       activesupport (> 2.2.1)
       nokogiri (~> 1.10, >= 1.10.4)
@@ -832,7 +827,7 @@ GEM
       rack (>= 1.0, < 4)
     rack-cors (2.0.1)
       rack (>= 2.0.0)
-    rack-mini-profiler (3.3.0)
+    rack-mini-profiler (3.3.1)
       rack (>= 1.2.0)
     rack-oauth2 (2.2.1)
       activesupport
@@ -896,15 +891,15 @@ GEM
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    rb_sys (0.9.87)
+    rb_sys (0.9.88)
     rbtree3 (0.7.1)
     rdoc (6.6.2)
       psych (>= 4.0.0)
     recaptcha (5.16.0)
     redcarpet (3.6.0)
     redis (5.1.0)
       redis-client (>= 0.17.0)
-    redis-client (0.19.1)
+    redis-client (0.20.0)
       connection_pool
     regexp_parser (2.9.0)
     reline (0.4.2)
@@ -1000,9 +995,9 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.12.0)
     secure_headers (6.5.0)
-    selenium-devtools (0.121.0)
+    selenium-devtools (0.122.0)
       selenium-webdriver (~> 4.2)
-    selenium-webdriver (4.17.0)
+    selenium-webdriver (4.18.1)
       base64 (~> 0.2)
       rexml (~> 3.2, >= 3.2.5)
       rubyzip (>= 1.2.2, < 3.0)
@@ -1011,7 +1006,7 @@ GEM
     shoulda-context (2.0.0)
     shoulda-matchers (6.1.0)
       activesupport (>= 5.2.0)
-    signet (0.18.0)
+    signet (0.19.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
@@ -1060,7 +1055,7 @@ GEM
     timeout (0.4.1)
     trailblazer-option (0.1.2)
     ttfunk (1.7.0)
-    turbo-rails (2.0.2)
+    turbo-rails (2.0.3)
       actionpack (>= 6.0.0)
       activejob (>= 6.0.0)
       railties (>= 6.0.0)
@@ -1099,7 +1094,7 @@ GEM
       activesupport
       faraday (~> 2.0)
       faraday-follow_redirects
-    webmock (3.20.0)
+    webmock (3.21.2)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -1196,7 +1191,7 @@ DEPENDENCIES
   letter_opener
   listen (~> 3.8.0)
   lograge (~> 0.14.0)
-  lookbook!
+  lookbook (~> 2.2.1)
   mail (= 2.8.1)
   matrix (~> 0.4.2)
   md_to_pdf!
@@ -1228,7 +1223,7 @@ DEPENDENCIES
   openproject-octicons (~> 19.8.0)
   openproject-octicons_helper (~> 19.8.0)
   openproject-openid_connect!
-  openproject-primer_view_components (~> 0.20.0)
+  openproject-primer_view_components (~> 0.22.2)
   openproject-recaptcha!
   openproject-reporting!
   openproject-storages!
@@ -1285,7 +1280,7 @@ DEPENDENCIES
   sanitize (~> 6.1.0)
   secure_headers (~> 6.5.0)
   selenium-devtools
-  selenium-webdriver (~> 4.17.0)
+  selenium-webdriver (~> 4.18.0)
   semantic (~> 1.6.1)
   shoulda-context (~> 2.0)
   shoulda-matchers (~> 6.0)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -220,7 +220,15 @@ def reset_i18n_fallbacks
   end
 
   def set_localization
-    SetLocalizationService.new(User.current, request.env['HTTP_ACCEPT_LANGUAGE']).call
+    # 1. Use completely autheticated user
+    # 2. Use user with some authenticated stages not compelted.
+    #    In this case user is not considered logged in, but identified.
+    #    It covers localization for extra authentication stages(like :consent, for example)
+    # 3. Use anonymous instance.
+    user = RequestStore[:current_user] ||
+           (session[:authenticated_user_id].present? && User.find_by(id: session[:authenticated_user_id])) ||
+           User.anonymous
+    SetLocalizationService.new(user, request.env['HTTP_ACCEPT_LANGUAGE']).call
   end
 
   def deny_access(not_found: false)