docuseal

Commit Graph

Author	SHA1	Message	Date
Wabo	8dbf5b6cab	Fix CI lint + flaky dashboard test on first fork-Actions run Previously CI had never run on the wabolabs/wabosign fork (Actions gated until owner consent). Now that the gate is lifted, run rubocop / erblint / brakeman / rspec against current master uncovered backlog: - rubocop: 97 auto-corrected across the WaboSign-fork files (account logo, SMS, SSO, ability specs, role auth specs, omniauth callbacks). Remaining 8 fixed by hand: * lib/wabosign.rb chained map collapsed to filter_map; `hd` param renamed to `hosted_domain` (Naming/MethodParameterName) * app/models/user.rb default_sso_account split for line length + SafeNavigation * spec/rails_helper.rb abort calls marked `# rubocop:disable Rails/Exit` (upstream pattern, intentional) * spec/requests/users/omniauth_callbacks_spec.rb let! used for side-effect-only setup -> moved into before blocks - erblint: 21 auto-corrected (mostly Style/StringLiterals from a sed substitution that picked double quotes) + a missing autocomplete attribute added to the SMS test-message input. - brakeman: clean. Removed one obsolete ignore entry (was for the deleted enquiries controller) and added one new ignore for the MCP-settings token preview (HighlightCode returns escaped HTML). - rspec: dashboard "shows the list of templates" was flaky because other_template's Faker::Book.title could randomly collide with one of the 5 in-account templates. Pin the name to a unique suffix. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago
Wabo	a9a61c7979	Custom account logo with SVG sanitization Replaces the disabled "logo upload not bundled in OSS" placeholder with a real upload flow. Logos attach to the Account via ActiveStorage (`has_one_attached :logo`) and replace the default WaboSign mark at every render site that previously rendered `shared/_logo`. Accepted formats: PNG, JPEG, and SVG. SVGs go through `AccountLogo.sanitize_upload` before storage: - `<script>` and `<foreignObject>` elements removed - every `on*` attribute stripped (onclick, onload, onerror, …) - `href` / `xlink:href` dropped unless the value starts with `#` (in-doc fragment) or `data:` (inert in <img> context) Raster uploads pass through unchanged. 2 MB upload cap on all formats. Dispatch is a new `shared/_account_logo.html.erb` partial — takes an optional `account:` local and emits either `<img>` (logo attached) or falls back to the existing inline `shared/_logo.html.erb` SVG. All swapped render sites pass the right account expression: - shared/_title.html.erb → current_account - start_form/_brand_logo.html.erb → @template.account - submit_form/_brand_logo.html.erb → @submitter.submission.account - templates_uploads/show.html.erb → current_account - submissions/_logo.html.erb → @submission \|\| @submitter accounts - templates_share_link_qr/_logo.html.erb → @template.account The landing page stays on the default mark (no account context). Static favicon/PWA manifest/preview.png stay on the default brand. Audit-trail PDF (`lib/submissions/generate_audit_trail.rb#add_logo`) now calls `PdfIcons.account_logo_io(submission.account)`. SVG logos are rasterized to PNG via ActiveStorage variants (libvips + librsvg, both present in the production image via the `vips` Alpine pkg). On any failure path the helper logs and falls back to `PdfIcons.logo_io` so audit-trail generation never crashes on a bad logo. Routes: `resource :account_logo, only: %i[create destroy]` nested under `/settings`. AccountLogoController authorizes via `authorize!(:manage, current_account)` and routes the form back to `/settings/personalization` on success or failure. Specs (11/11 pass in the Ruby 4.0.1 + Postgres-14 container): - spec/lib/account_logo_spec.rb — 6 sanitizer unit cases - spec/requests/account_logo_controller_spec.rb — 5 request cases Smoke-tested end-to-end in the built image: - PNG round-trips through attach/download. - Malicious SVG (`<script>` + onload + alert) saves with all three payloads scrubbed from the stored bytes. - SVG → PNG rasterization for the PDF path produces a 18 KB PNG with valid PNG magic — confirms libvips/librsvg is actually wired in the production Alpine image. - After purge, `PdfIcons.account_logo_io` is byte-identical to `PdfIcons.logo_io` (clean fallback). - /settings/personalization renders the new form with all expected fields. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	1 month ago

Author

SHA1

Message

Date

Wabo

8dbf5b6cab

Fix CI lint + flaky dashboard test on first fork-Actions run

Previously CI had never run on the wabolabs/wabosign fork (Actions
gated until owner consent). Now that the gate is lifted, run rubocop /
erblint / brakeman / rspec against current master uncovered backlog:

- rubocop: 97 auto-corrected across the WaboSign-fork files (account
  logo, SMS, SSO, ability specs, role auth specs, omniauth callbacks).
  Remaining 8 fixed by hand:
  * lib/wabosign.rb chained map collapsed to filter_map; `hd` param
    renamed to `hosted_domain` (Naming/MethodParameterName)
  * app/models/user.rb default_sso_account split for line length +
    SafeNavigation
  * spec/rails_helper.rb abort calls marked `# rubocop:disable
    Rails/Exit` (upstream pattern, intentional)
  * spec/requests/users/omniauth_callbacks_spec.rb let! used for
    side-effect-only setup -> moved into before blocks
- erblint: 21 auto-corrected (mostly Style/StringLiterals from a
  sed substitution that picked double quotes) + a missing
  autocomplete attribute added to the SMS test-message input.
- brakeman: clean. Removed one obsolete ignore entry (was for the
  deleted enquiries controller) and added one new ignore for the
  MCP-settings token preview (HighlightCode returns escaped HTML).
- rspec: dashboard "shows the list of templates" was flaky because
  other_template's Faker::Book.title could randomly collide with one
  of the 5 in-account templates. Pin the name to a unique suffix.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

Wabo

a9a61c7979

Custom account logo with SVG sanitization

Replaces the disabled "logo upload not bundled in OSS" placeholder
with a real upload flow. Logos attach to the Account via ActiveStorage
(`has_one_attached :logo`) and replace the default WaboSign mark at
every render site that previously rendered `shared/_logo`.

Accepted formats: PNG, JPEG, and SVG. SVGs go through
`AccountLogo.sanitize_upload` before storage:
  - `<script>` and `<foreignObject>` elements removed
  - every `on*` attribute stripped (onclick, onload, onerror, …)
  - `href` / `xlink:href` dropped unless the value starts with `#`
    (in-doc fragment) or `data:` (inert in <img> context)
Raster uploads pass through unchanged. 2 MB upload cap on all formats.

Dispatch is a new `shared/_account_logo.html.erb` partial — takes an
optional `account:` local and emits either `<img>` (logo attached) or
falls back to the existing inline `shared/_logo.html.erb` SVG. All
swapped render sites pass the right account expression:

  - shared/_title.html.erb              → current_account
  - start_form/_brand_logo.html.erb     → @template.account
  - submit_form/_brand_logo.html.erb    → @submitter.submission.account
  - templates_uploads/show.html.erb     → current_account
  - submissions/_logo.html.erb          → @submission || @submitter accounts
  - templates_share_link_qr/_logo.html.erb → @template.account

The landing page stays on the default mark (no account context).
Static favicon/PWA manifest/preview.png stay on the default brand.

Audit-trail PDF (`lib/submissions/generate_audit_trail.rb#add_logo`)
now calls `PdfIcons.account_logo_io(submission.account)`. SVG logos
are rasterized to PNG via ActiveStorage variants (libvips + librsvg,
both present in the production image via the `vips` Alpine pkg). On
any failure path the helper logs and falls back to `PdfIcons.logo_io`
so audit-trail generation never crashes on a bad logo.

Routes: `resource :account_logo, only: %i[create destroy]` nested
under `/settings`. AccountLogoController authorizes via
`authorize!(:manage, current_account)` and routes the form back to
`/settings/personalization` on success or failure.

Specs (11/11 pass in the Ruby 4.0.1 + Postgres-14 container):
  - spec/lib/account_logo_spec.rb        — 6 sanitizer unit cases
  - spec/requests/account_logo_controller_spec.rb — 5 request cases

Smoke-tested end-to-end in the built image:
  - PNG round-trips through attach/download.
  - Malicious SVG (`<script>` + onload + alert) saves with all three
    payloads scrubbed from the stored bytes.
  - SVG → PNG rasterization for the PDF path produces a 18 KB PNG
    with valid PNG magic — confirms libvips/librsvg is actually
    wired in the production Alpine image.
  - After purge, `PdfIcons.account_logo_io` is byte-identical to
    `PdfIcons.logo_io` (clean fallback).
  - /settings/personalization renders the new form with all expected
    fields.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2 Commits (8dbf5b6caba2d9b7e97700034f7960bf3c5d4c18)