Since no ENV["SECRET_KEY_BASE"] this sets a fallback.
Every server restart will lead to a new SECRET_KEY_BASE being used.
This will effectively log out everyone from the staging server.
We will need to set ENV["SECRET_KEY_BASE"] eventually and then revert this change.
update some gems, replace before_filter / after_filter by before_action / after_action
and some more config changes (mostly commented out) and scripts generated by rails app:update task
first make everything work locally with rails 5.0
test do not pass on CI yet because the test task has to be rewritten
- update dependecies
- run rails app:update task: update config, generate intitializers etc.
- the method hide_action is not available in rails anymore
- ActionController::Parameters have to be converted to a hash
- protect_from_forgery now defaults to prepend:false
We have seen a lot of spam comments on public pages recently.
They insert links - probably to increase search engine ranking of the linked sites.
In order to prevent this we disallow comments with links on public pages
for users who have no other access to the page than it being public.
We were responding with 500 and an error popup
when a request was approved for an action that had already been performed.
For example when approving the removal of a former member
that had already left the group on their own
we responded with a 500.
This changes the response to 409 - conflict:
` This response is sent when a request conflicts with the current state of the server.`
I was also considering 404 - especially for requests
to remove a non-member.
However a 404 for an update on a request
would seem more like the request itself could not be found.
This commit introduces the Request::PointlessAction exception.
It will be raised by requests whos action has already been performed.
It allows us to unify error handling on the controller level
and detect the different errors in each request class
and reraise them with a common more semantic error class.
The traces of ActionController::RoutingErrors do not add any info.
Plus they do not include anything in the clean backtrace.
- which makes rails resort to the dirty backtrace for some reason.
So here we strip of the entire backtrace
to prevent them from cluttering the logs.
If one of the directories configured was a broken symlink
we would attempt to create a directory in its place.
Now we resolve the symlink and create a directory where it points.
- now we just show the 5 most recent notices on the dashboard
- there is a separate page which displays all notices (paged)
- we have a separate controller for the dashboard
switch to utf8mb4 which can store all unicode code points including
emoticons (utf8 which we used before is an alias for utf8mb3 which only
stores a maximum of three bytes).
the rake task cg:convert_to_unicode converts the database into utf8mb4.
it also sets a binary collation for our tags table, because we
want to distinguish between olé and ole. there is no test for this
feature (because it would fail).
the schema_migrations table has to be excluded, because it has
indexes which are to long
the emoji tests work without database conversion, because database
connection uses utf8mb4.