From cc52cae9fc44b3905d3f91df9eaa63eec7f36edf Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Mon, 24 Feb 2025 14:19:48 +0200 Subject: [PATCH 01/12] fix not found page --- app/controllers/submissions_preview_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/submissions_preview_controller.rb b/app/controllers/submissions_preview_controller.rb index 1df14e21..7986e799 100644 --- a/app/controllers/submissions_preview_controller.rb +++ b/app/controllers/submissions_preview_controller.rb @@ -20,7 +20,7 @@ class SubmissionsPreviewController < ApplicationController @submission ||= Submission.find_by!(slug: params[:slug]) - raise ActionController::RoutingError if @submission.account.archived_at? + raise ActionController::RoutingError, I18n.t('not_found') if @submission.account.archived_at? if !@submission.submitters.all?(&:completed_at?) && !signature_valid && (!current_user || !current_ability.can?(:read, @submission)) From 4636849118d809dfc260238d670bc4a47bea7079 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Mon, 24 Feb 2025 23:59:30 +0200 Subject: [PATCH 02/12] fix permitted params --- app/controllers/account_configs_controller.rb | 2 +- app/controllers/notifications_settings_controller.rb | 2 +- app/controllers/personalization_settings_controller.rb | 2 +- app/controllers/user_configs_controller.rb | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controllers/account_configs_controller.rb b/app/controllers/account_configs_controller.rb index 02aee521..21c380a2 100644 --- a/app/controllers/account_configs_controller.rb +++ b/app/controllers/account_configs_controller.rb @@ -39,7 +39,7 @@ class AccountConfigsController < ApplicationController end def account_config_params - params.required(:account_config).permit!.tap do |attrs| + params.required(:account_config).permit(:key, :value, { value: {} }, { value: [] }).tap do |attrs| attrs[:value] = attrs[:value] == '1' if attrs[:value].in?(%w[1 0]) end end diff --git a/app/controllers/notifications_settings_controller.rb b/app/controllers/notifications_settings_controller.rb index 57b030fc..f03f09c8 100644 --- a/app/controllers/notifications_settings_controller.rb +++ b/app/controllers/notifications_settings_controller.rb @@ -39,7 +39,7 @@ class NotificationsSettingsController < ApplicationController end def email_config_params - params.require(:account_config).permit!.tap do |attrs| + params.require(:account_config).permit(:key, :value, { value: {} }, { value: [] }).tap do |attrs| attrs[:key] = nil unless attrs[:key].in?([AccountConfig::BCC_EMAILS, AccountConfig::SUBMITTER_REMINDERS]) end end diff --git a/app/controllers/personalization_settings_controller.rb b/app/controllers/personalization_settings_controller.rb index 76d3f886..9812aaee 100644 --- a/app/controllers/personalization_settings_controller.rb +++ b/app/controllers/personalization_settings_controller.rb @@ -50,7 +50,7 @@ class PersonalizationSettingsController < ApplicationController end def account_config_params - attrs = params.require(:account_config).permit! + attrs = params.require(:account_config).permit(:key, :value, { value: {} }, { value: [] }) return attrs if attrs[:value].is_a?(String) diff --git a/app/controllers/user_configs_controller.rb b/app/controllers/user_configs_controller.rb index 834cc1d9..09b7e6c5 100644 --- a/app/controllers/user_configs_controller.rb +++ b/app/controllers/user_configs_controller.rb @@ -26,7 +26,7 @@ class UserConfigsController < ApplicationController end def user_config_params - params.required(:user_config).permit!.tap do |attrs| + params.required(:user_config).permit(:key, :value, { value: {} }, { value: [] }).tap do |attrs| attrs[:value] = attrs[:value] == '1' if attrs[:value].in?(%w[1 0]) end end From 8a507339afc3fa4f21680b3ac34fe1930e9211f8 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Tue, 25 Feb 2025 00:54:05 +0200 Subject: [PATCH 03/12] add brakeman --- Gemfile | 2 ++ Gemfile.lock | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/Gemfile b/Gemfile index 39cf1bea..fe60fff0 100644 --- a/Gemfile +++ b/Gemfile @@ -63,6 +63,8 @@ group :development, :test do end group :development do + gem 'brakeman', require: false + gem 'foreman', require: false gem 'letter_opener_web' gem 'web-console' end diff --git a/Gemfile.lock b/Gemfile.lock index d223af2a..2a5839aa 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -120,6 +120,8 @@ GEM bindex (0.8.1) bootsnap (1.18.4) msgpack (~> 1.2) + brakeman (7.0.0) + racc builder (3.3.0) bullet (8.0.0) activesupport (>= 3.0.0) @@ -229,6 +231,7 @@ GEM ffi (1.17.1-arm64-darwin) ffi (1.17.1-x86_64-linux-gnu) ffi (1.17.1-x86_64-linux-musl) + foreman (0.88.1) geom2d (0.4.1) globalid (1.2.1) activesupport (>= 6.1) @@ -595,6 +598,7 @@ DEPENDENCIES azure-storage-blob better_html bootsnap + brakeman bullet cancancan capybara @@ -610,6 +614,7 @@ DEPENDENCIES faker faraday faraday-follow_redirects + foreman google-cloud-storage hexapdf image_processing From 85824faa2b8f25ca7a81755fba6e4a6ea9a668aa Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Tue, 25 Feb 2025 10:31:39 +0200 Subject: [PATCH 04/12] https webhooks --- lib/send_webhook_request.rb | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/send_webhook_request.rb b/lib/send_webhook_request.rb index d2e6ebf4..c4632c0a 100644 --- a/lib/send_webhook_request.rb +++ b/lib/send_webhook_request.rb @@ -3,10 +3,26 @@ module SendWebhookRequest USER_AGENT = 'DocuSeal.com Webhook' + LOCALHOSTS = %w[0.0.0.0 127.0.0.1 localhost].freeze + + HttpsError = Class.new(StandardError) + LocalhostError = Class.new(StandardError) + module_function def call(webhook_url, event_type:, data:) - Faraday.post(webhook_url.url) do |req| + uri = begin + URI(webhook_url.url) + rescue URI::Error + Addressable::URI.parse(webhook_url.url).normalize + end + + if Docuseal.multitenant? + raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' + raise LocalhostError, "Can't send to localhost." if uri.host.in?(LOCALHOSTS) + end + + Faraday.post(uri) do |req| req.headers['Content-Type'] = 'application/json' req.headers['User-Agent'] = USER_AGENT req.headers.merge!(webhook_url.secret.to_h) if webhook_url.secret.present? From b0d8e47a75d15c042ed1eef0962f57dd90e6c59c Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Tue, 25 Feb 2025 13:10:33 +0200 Subject: [PATCH 05/12] fix annotate model --- .annotaterb.yml | 58 +++++++++++++++++++++++++++++ Gemfile | 2 +- Gemfile.lock | 6 +-- db/schema.rb | 2 +- lib/tasks/annotate_rb.rake | 8 ++++ lib/tasks/auto_annotate_models.rake | 57 ---------------------------- 6 files changed, 70 insertions(+), 63 deletions(-) create mode 100644 .annotaterb.yml create mode 100644 lib/tasks/annotate_rb.rake delete mode 100644 lib/tasks/auto_annotate_models.rake diff --git a/.annotaterb.yml b/.annotaterb.yml new file mode 100644 index 00000000..3b53dce0 --- /dev/null +++ b/.annotaterb.yml @@ -0,0 +1,58 @@ +--- +:position: before +:position_in_additional_file_patterns: before +:position_in_class: before +:position_in_factory: before +:position_in_fixture: before +:position_in_routes: before +:position_in_serializer: before +:position_in_test: before +:classified_sort: true +:exclude_controllers: true +:exclude_factories: true +:exclude_fixtures: false +:exclude_helpers: true +:exclude_scaffolds: true +:exclude_serializers: false +:exclude_sti_subclasses: false +:exclude_tests: false +:force: false +:format_markdown: false +:format_rdoc: false +:format_yard: false +:frozen: false +:ignore_model_sub_dir: false +:ignore_unknown_models: false +:include_version: false +:show_check_constraints: false +:show_complete_foreign_keys: false +:show_foreign_keys: true +:show_indexes: true +:simple_indexes: false +:sort: false +:timestamp: false +:trace: false +:with_comment: true +:with_column_comments: true +:with_table_comments: true +:active_admin: false +:command: +:debug: false +:hide_default_column_types: '' +:hide_limit_column_types: '' +:ignore_columns: +:ignore_routes: +:models: true +:routes: false +:skip_on_db_migrate: false +:target_action: :do_annotations +:wrapper: +:wrapper_close: +:wrapper_open: +:classes_default_to_s: [] +:additional_file_patterns: [] +:model_dir: +- app/models +:require: [] +:root_dir: +- '' diff --git a/Gemfile b/Gemfile index fe60fff0..6961ac80 100644 --- a/Gemfile +++ b/Gemfile @@ -46,7 +46,6 @@ gem 'twitter_cldr', require: false gem 'tzinfo-data' group :development, :test do - gem 'annotate' gem 'better_html' gem 'bullet' gem 'debug' @@ -63,6 +62,7 @@ group :development, :test do end group :development do + gem 'annotaterb' gem 'brakeman', require: false gem 'foreman', require: false gem 'letter_opener_web' diff --git a/Gemfile.lock b/Gemfile.lock index 2a5839aa..984b23c4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -74,9 +74,7 @@ GEM uri (>= 0.13.1) addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) - annotate (2.6.5) - activerecord (>= 2.3.0) - rake (>= 0.8.7) + annotaterb (4.14.0) arabic-letter-connector (0.1.1) ast (2.4.2) aws-eventstream (1.3.0) @@ -591,7 +589,7 @@ PLATFORMS x86_64-linux-musl DEPENDENCIES - annotate + annotaterb arabic-letter-connector aws-sdk-s3 aws-sdk-secretsmanager diff --git a/db/schema.rb b/db/schema.rb index 89cf0fae..ecbbc24e 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.2].define(version: 2024_12_07_172237) do +ActiveRecord::Schema[8.0].define(version: 2024_12_07_172237) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/lib/tasks/annotate_rb.rake b/lib/tasks/annotate_rb.rake new file mode 100644 index 00000000..1ad0ec39 --- /dev/null +++ b/lib/tasks/annotate_rb.rake @@ -0,0 +1,8 @@ +# This rake task was added by annotate_rb gem. + +# Can set `ANNOTATERB_SKIP_ON_DB_TASKS` to be anything to skip this +if Rails.env.development? && ENV["ANNOTATERB_SKIP_ON_DB_TASKS"].nil? + require "annotate_rb" + + AnnotateRb::Core.load_rake_tasks +end diff --git a/lib/tasks/auto_annotate_models.rake b/lib/tasks/auto_annotate_models.rake deleted file mode 100644 index d4cb5881..00000000 --- a/lib/tasks/auto_annotate_models.rake +++ /dev/null @@ -1,57 +0,0 @@ -# frozen_string_literal: true - -if Rails.env.development? - require 'annotate' - - task set_annotation_options: :environment do - Annotate.set_defaults( - 'active_admin' => 'false', - 'additional_file_patterns' => [], - 'routes' => 'false', - 'models' => 'true', - 'position_in_routes' => 'before', - 'position_in_class' => 'before', - 'position_in_test' => 'before', - 'position_in_fixture' => 'before', - 'position_in_factory' => 'before', - 'position_in_serializer' => 'before', - 'show_foreign_keys' => 'true', - 'show_complete_foreign_keys' => 'false', - 'show_indexes' => 'true', - 'simple_indexes' => 'false', - 'model_dir' => 'app/models', - 'root_dir' => '', - 'include_version' => 'false', - 'require' => '', - 'exclude_tests' => 'true', - 'exclude_fixtures' => 'true', - 'exclude_factories' => 'true', - 'exclude_serializers' => 'false', - 'exclude_scaffolds' => 'true', - 'exclude_controllers' => 'true', - 'exclude_helpers' => 'true', - 'exclude_sti_subclasses' => 'false', - 'ignore_model_sub_dir' => 'false', - 'ignore_columns' => nil, - 'ignore_routes' => nil, - 'ignore_unknown_models' => 'false', - 'hide_limit_column_types' => 'integer,bigint,boolean', - 'hide_default_column_types' => 'json,jsonb,hstore', - 'skip_on_db_migrate' => 'false', - 'format_bare' => 'true', - 'format_rdoc' => 'false', - 'format_yard' => 'false', - 'format_markdown' => 'false', - 'sort' => 'false', - 'force' => 'false', - 'frozen' => 'false', - 'classified_sort' => 'true', - 'trace' => 'false', - 'wrapper_open' => nil, - 'wrapper_close' => nil, - 'with_comment' => 'true' - ) - end - - Annotate.load_tasks -end From 8b72c91951c1bcaea89e4705142da676487739f1 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Tue, 25 Feb 2025 13:16:11 +0200 Subject: [PATCH 06/12] add console audit tables --- ...5_create_console1984_tables.console1984.rb | 37 +++++++++++++++++++ db/schema.rb | 36 +++++++++++++++++- 2 files changed, 72 insertions(+), 1 deletion(-) create mode 100644 db/migrate/20250225111255_create_console1984_tables.console1984.rb diff --git a/db/migrate/20250225111255_create_console1984_tables.console1984.rb b/db/migrate/20250225111255_create_console1984_tables.console1984.rb new file mode 100644 index 00000000..fe6a454a --- /dev/null +++ b/db/migrate/20250225111255_create_console1984_tables.console1984.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: true + +class CreateConsole1984Tables < ActiveRecord::Migration[7.0] + def change + create_table :console1984_sessions do |t| + t.text :reason + t.references :user, null: false, index: false + t.timestamps + + t.index :created_at + t.index %i[user_id created_at] + end + + create_table :console1984_users do |t| + t.string :username, null: false + t.timestamps + + t.index [:username] + end + + create_table :console1984_commands do |t| + t.text :statements + t.references :sensitive_access + t.references :session, null: false, index: false + t.timestamps + + t.index %i[session_id created_at sensitive_access_id], name: 'on_session_and_sensitive_chronologically' + end + + create_table :console1984_sensitive_accesses do |t| + t.text :justification + t.references :session, null: false + + t.timestamps + end + end +end diff --git a/db/schema.rb b/db/schema.rb index ecbbc24e..34aaa8bf 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[8.0].define(version: 2024_12_07_172237) do +ActiveRecord::Schema[8.0].define(version: 2025_02_25_111255) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -112,6 +112,40 @@ ActiveRecord::Schema[8.0].define(version: 2024_12_07_172237) do t.index ["submitter_id"], name: "index_completed_submitters_on_submitter_id", unique: true end + create_table "console1984_commands", force: :cascade do |t| + t.text "statements" + t.bigint "sensitive_access_id" + t.bigint "session_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["sensitive_access_id"], name: "index_console1984_commands_on_sensitive_access_id" + t.index ["session_id", "created_at", "sensitive_access_id"], name: "on_session_and_sensitive_chronologically" + end + + create_table "console1984_sensitive_accesses", force: :cascade do |t| + t.text "justification" + t.bigint "session_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["session_id"], name: "index_console1984_sensitive_accesses_on_session_id" + end + + create_table "console1984_sessions", force: :cascade do |t| + t.text "reason" + t.bigint "user_id", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["created_at"], name: "index_console1984_sessions_on_created_at" + t.index ["user_id", "created_at"], name: "index_console1984_sessions_on_user_id_and_created_at" + end + + create_table "console1984_users", force: :cascade do |t| + t.string "username", null: false + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["username"], name: "index_console1984_users_on_username" + end + create_table "document_generation_events", force: :cascade do |t| t.bigint "submitter_id", null: false t.string "event_name", null: false From cce20d923093923da2952448d6e1f2a40af5085f Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Tue, 25 Feb 2025 14:39:11 +0200 Subject: [PATCH 07/12] fix rubocop --- lib/tasks/annotate_rb.rake | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/tasks/annotate_rb.rake b/lib/tasks/annotate_rb.rake index 1ad0ec39..e8368b2e 100644 --- a/lib/tasks/annotate_rb.rake +++ b/lib/tasks/annotate_rb.rake @@ -1,8 +1,10 @@ +# frozen_string_literal: true + # This rake task was added by annotate_rb gem. # Can set `ANNOTATERB_SKIP_ON_DB_TASKS` to be anything to skip this -if Rails.env.development? && ENV["ANNOTATERB_SKIP_ON_DB_TASKS"].nil? - require "annotate_rb" +if Rails.env.development? && ENV['ANNOTATERB_SKIP_ON_DB_TASKS'].nil? + require 'annotate_rb' AnnotateRb::Core.load_rake_tasks end From 3a73398a1ef3c0c720187b45fbc36fed2cf57ebc Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Thu, 27 Feb 2025 10:01:33 +0200 Subject: [PATCH 08/12] fix email --- lib/submissions.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/submissions.rb b/lib/submissions.rb index 8a89aaa6..9843fd0f 100644 --- a/lib/submissions.rb +++ b/lib/submissions.rb @@ -107,6 +107,7 @@ module Submissions def normalize_email(email) return if email.blank? + return if email.is_a?(Numeric) return email.downcase if email.to_s.include?(',') || email.to_s.match?(/\.(?:gob|om|mm|cm|et|mo|nz|za|ie)\z/) || From 7a72e2cbb773f0985f404002050d06078fa6a522 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Thu, 27 Feb 2025 10:59:32 +0200 Subject: [PATCH 09/12] allow http --- lib/send_webhook_request.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/send_webhook_request.rb b/lib/send_webhook_request.rb index c4632c0a..96442441 100644 --- a/lib/send_webhook_request.rb +++ b/lib/send_webhook_request.rb @@ -18,7 +18,9 @@ module SendWebhookRequest end if Docuseal.multitenant? - raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' + raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' && + !AccountConfig.exists?(key: :allow_http, + account_id: webhook_url.account_id) raise LocalhostError, "Can't send to localhost." if uri.host.in?(LOCALHOSTS) end From b65bca213f663daa33ae78c25a45c50538136a77 Mon Sep 17 00:00:00 2001 From: Alex Turchyn Date: Wed, 26 Feb 2025 21:45:22 +0200 Subject: [PATCH 10/12] add brakeman to CI --- .github/workflows/ci.yml | 27 +++++++++++++++++++++++++++ app/controllers/users_controller.rb | 12 +++++++----- config/brakeman.ignore | 8 ++++++++ 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100644 config/brakeman.ignore diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1a28aa8e..ae1b667c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -77,6 +77,33 @@ jobs: run: | ./node_modules/eslint/bin/eslint.js "app/javascript/**/*.js" + brakeman: + name: Brakeman + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.4.1 + - name: Cache gems + uses: actions/cache@v4 + with: + path: vendor/bundle + key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }} + restore-keys: | + ${{ runner.os }}-gem- + - name: Install gems + run: | + gem install bundler + bundle config path vendor/bundle + bundle install --jobs 4 --retry 4 + yarn install + sudo apt-get update + sudo apt-get install libvips + - name: Run Brakeman + run: bundle exec brakeman -q --exit-on-warn + rspec: name: RSpec runs-on: ubuntu-latest diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 4a195104..47a88e05 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -45,17 +45,16 @@ class UsersController < ApplicationController return redirect_to settings_users_path, notice: I18n.t('unable_to_update_user') if Docuseal.demo? attrs = user_params.compact_blank.merge(user_params.slice(:archived_at)) - attrs.delete(:role) if !role_valid?(attrs[:role]) || current_user == @user if params.dig(:user, :account_id).present? - account = Account.accessible_by(current_ability).find(params[:user][:account_id]) + account = Account.accessible_by(current_ability).find(params.dig(:user, :account_id)) authorize!(:manage, account) @user.account = account end - if @user.update(attrs) + if @user.update(attrs.except(current_user == @user ? :role : nil)) redirect_back fallback_location: settings_users_path, notice: I18n.t('user_has_been_updated') else render turbo_stream: turbo_stream.replace(:modal, template: 'users/edit'), status: :unprocessable_entity @@ -84,8 +83,11 @@ class UsersController < ApplicationController def user_params if params.key?(:user) - params.require(:user).permit(:email, :first_name, :last_name, :password, - :role, :archived_at, :account_id) + permitted_params = %i[email first_name last_name password archived_at] + + permitted_params << :role if role_valid?(params.dig(:user, :role)) + + params.require(:user).permit(permitted_params) else {} end diff --git a/config/brakeman.ignore b/config/brakeman.ignore new file mode 100644 index 00000000..0b0632ab --- /dev/null +++ b/config/brakeman.ignore @@ -0,0 +1,8 @@ +{ + "ignored_warnings": [ + { + "fingerprint": "25f4ce5fee1e1180fa1919dc4ee78db3ab3457a956e4679503aa745771a43836", + "note": "Permitted parameters are necessary for creating submitters via API" + } + ] +} From b2b2856ac0a1ab2798ae5658cc915b47af6db621 Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Thu, 27 Feb 2025 21:37:32 +0200 Subject: [PATCH 11/12] handle required pdf fields --- lib/templates/find_acro_fields.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/templates/find_acro_fields.rb b/lib/templates/find_acro_fields.rb index 69bc462a..11c319c7 100644 --- a/lib/templates/find_acro_fields.rb +++ b/lib/templates/find_acro_fields.rb @@ -101,7 +101,7 @@ module Templates { uuid: SecureRandom.uuid, - required: false, + required: field.flags.include?(:required), preferences: {}, areas:, **field_properties From 4116746be37a100c06a41b989be52f546e67b5fa Mon Sep 17 00:00:00 2001 From: Pete Matsyburka Date: Fri, 28 Feb 2025 12:08:30 +0200 Subject: [PATCH 12/12] destroy email events --- app/models/submitter.rb | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/models/submitter.rb b/app/models/submitter.rb index 97a93773..45e38292 100644 --- a/app/models/submitter.rb +++ b/app/models/submitter.rb @@ -55,6 +55,7 @@ class Submitter < ApplicationRecord has_many_attached :attachments has_many_attached :preview_documents has_many :template_accesses, through: :template + has_many :email_events, as: :emailable, dependent: (Docuseal.multitenant? ? nil : :destroy) has_many :document_generation_events, dependent: :destroy has_many :submission_events, dependent: :destroy @@ -63,6 +64,8 @@ class Submitter < ApplicationRecord scope :completed, -> { where.not(completed_at: nil) } + after_destroy :anonymize_email_events, if: -> { Docuseal.multitenant? } + def status if declined_at? 'declined' @@ -108,4 +111,12 @@ class Submitter < ApplicationRecord fields.any? { |f| f['submitter_uuid'] == uuid && signature_field_types.include?(f['type']) } end end + + private + + def anonymize_email_events + email_events.each do |event| + event.update!(email: Digest::MD5.base64digest(event.email)) + end + end end