adminbruno
/
docuseal
mirror of https://github.com/docusealco/docuseal
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adminbruno:a389e8cc38fafabd23425603d7ffb14c52844bd1
Branches Tags
adminbruno:master
..
compare: adminbruno:33ca930055e35bc8c017bd2d1217a055a8e43a82
Branches Tags
adminbruno:master

20 Commits
a389e8cc38 ... 33ca930055

Author SHA1 Message Date
Alex Turchyn 33ca930055
Merge from docusealco/wip
1 month ago
Pete Matsyburka 3b396f8421 fix redirect
1 month ago
Pete Matsyburka aa77e3a8d3 adjust port check
1 month ago
Pete Matsyburka 75316d8d87 fix draw custom field
1 month ago
Pete Matsyburka a999109a5c add port check
1 month ago
Pete Matsyburka bdd33c7d6b fix spec
1 month ago
Pete Matsyburka 61c5ee22a0 hide form credentials
1 month ago
Pete Matsyburka 12c5b909e0 use cancan
1 month ago
Pete Matsyburka 871ef6dda6 add fetch options
1 month ago
Pete Matsyburka 40052a2d7c use query_params
1 month ago
Pete Matsyburka 347be0137d refactor 2fa
1 month ago
Pete Matsyburka fe6baba8bf fix erb lint
1 month ago
Pete Matsyburka ed8c313bd4 timestamp controller multitenant
1 month ago
Pete Matsyburka ca0acb34d6 use url for open modal
1 month ago
Pete Matsyburka 34ea639c25 escape wildcard query
1 month ago
Pete Matsyburka 680ab9dbed raise invalid param
1 month ago
Pete Matsyburka 9377766e52 fix url download
1 month ago
Pete Matsyburka 7a2c37454e update favicon
1 month ago
Pete Matsyburka 8f6f418f54 fix font size
1 month ago
Pete Matsyburka 9b7745c565 hide resend on archived
1 month ago
56 changed files with 205 additions and 83 deletions
Show Stats

30
app/controllers/submissions_download_controller.rb
Unescape View File

@ -27,20 +27,18 @@ class SubmissionsDownloadController < ApplicationController
Submissions::EnsureResultGenerated.call(last_submitter) Submissions::EnsureResultGenerated.call(last_submitter)
if last_submitter.completed_at < TTL.ago && !signature_valid && !current_user_submitter?(last_submitter) if !signature_valid && !current_user_submitter?(last_submitter)
Rollbar.info("TTL: #{last_submitter.id}") if defined?(Rollbar) return head :not_found unless Submitters::AuthorizedForForm.call(@submitter, current_user, request)
return head :not_found if last_submitter.completed_at < TTL.ago
Rollbar.info("TTL: #{last_submitter.id}") if defined?(Rollbar)
return head :not_found
end
end end
if params[:combined] == 'true' if params[:combined] == 'true'
url = build_combined_url(@submitter) respond_with_combined(last_submitter)
if url
render json: [url]
else
head :not_found
end
else else
render json: build_urls(last_submitter) render json: build_urls(last_submitter)
end end
@ -48,8 +46,18 @@ class SubmissionsDownloadController < ApplicationController
private private
def respond_with_combined(submitter)
url = build_combined_url(submitter)
if url
render json: [url]
else
head :not_found
end
end
def current_user_submitter?(submitter) def current_user_submitter?(submitter)
current_user && current_user.account.submitters.exists?(id: submitter.id) current_user && current_ability.can?(:read, submitter)
end end
def build_urls(submitter) def build_urls(submitter)

23
app/controllers/submit_form_controller.rb
Unescape View File

@ -9,15 +9,15 @@ class SubmitFormController < ApplicationController
before_action :load_submitter, only: %i[show update completed] before_action :load_submitter, only: %i[show update completed]
before_action :maybe_render_locked_page, only: :show before_action :maybe_render_locked_page, only: :show
before_action :maybe_require_link_2fa, only: %i[show update] before_action :maybe_require_link_2fa, only: %i[show]
CONFIG_KEYS = [].freeze CONFIG_KEYS = [].freeze
def show def show
submission = @submitter.submission submission = @submitter.submission
return render :email_2fa unless Submitters::AuthorizedForForm.pass_email_2fa?(@submitter, request)
return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at? return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at?
return render :email_2fa if require_email_2fa?(@submitter)
@form_configs = Submitters::FormConfigs.call(@submitter, CONFIG_KEYS) @form_configs = Submitters::FormConfigs.call(@submitter, CONFIG_KEYS)
@ -48,7 +48,7 @@ class SubmitFormController < ApplicationController
end end
def update def update
if require_email_2fa?(@submitter) unless Submitters::AuthorizedForForm.call(@submitter, current_user, request)
return render json: { error: I18n.t('verification_required_refresh_the_page_and_pass_2fa') }, return render json: { error: I18n.t('verification_required_refresh_the_page_and_pass_2fa') },
status: :unprocessable_content status: :unprocessable_content
end end
@ -84,7 +84,9 @@ class SubmitFormController < ApplicationController
def completed def completed
raise ActionController::RoutingError, I18n.t('not_found') if @submitter.account.archived_at? raise ActionController::RoutingError, I18n.t('not_found') if @submitter.account.archived_at?
redirect_to submit_form_path(params[:submit_form_slug]) if require_email_2fa?(@submitter) return if Submitters::AuthorizedForForm.call(@submitter, current_user, request)
redirect_to submit_form_path(params[:submit_form_slug])
end end
def success; end def success; end
@ -92,10 +94,7 @@ class SubmitFormController < ApplicationController
private private
def maybe_require_link_2fa def maybe_require_link_2fa
return if @submitter.submission.source != 'link' return if Submitters::AuthorizedForForm.pass_link_2fa?(@submitter, current_user, request)
return unless @submitter.submission.template&.preferences&.dig('shared_link_2fa') == true
return if cookies.encrypted[:email_2fa_slug] == @submitter.slug
return if @submitter.email == current_user&.email && current_user&.account_id == @submitter.account_id
redirect_to start_form_path(@submitter.submission.template.slug) redirect_to start_form_path(@submitter.submission.template.slug)
end end
@ -117,12 +116,4 @@ class SubmitFormController < ApplicationController
ActiveStorage::Attachment.where(record: submission.submitters, name: :attachments) ActiveStorage::Attachment.where(record: submission.submitters, name: :attachments)
.preload(:blob).index_by(&:uuid) .preload(:blob).index_by(&:uuid)
end end
def require_email_2fa?(submitter)
return false if submitter.submission.template&.preferences&.dig('require_email_2fa') != true &&
submitter.preferences['require_email_2fa'] != true
return false if cookies.encrypted[:email_2fa_slug] == submitter.slug
true
end
end end

4
app/controllers/submit_form_decline_controller.rb
Unescape View File

@ -11,7 +11,9 @@ class SubmitFormDeclineController < ApplicationController
submitter.completed_at? || submitter.completed_at? ||
submitter.submission.archived_at? || submitter.submission.archived_at? ||
submitter.submission.expired? || submitter.submission.expired? ||
submitter.submission.template&.archived_at? submitter.submission.template&.archived_at? ||
!Submitters::AuthorizedForForm.call(submitter, current_user,
request)
ApplicationRecord.transaction do ApplicationRecord.transaction do
submitter.update!(declined_at: Time.current) submitter.update!(declined_at: Time.current)

3
app/controllers/submit_form_download_controller.rb
Unescape View File

@ -17,7 +17,8 @@ class SubmitFormDownloadController < ApplicationController
@submitter.submission.template&.archived_at? || @submitter.submission.template&.archived_at? ||
AccountConfig.exists?(account_id: @submitter.account_id, AccountConfig.exists?(account_id: @submitter.account_id,
key: AccountConfig::ALLOW_TO_PARTIAL_DOWNLOAD_KEY, key: AccountConfig::ALLOW_TO_PARTIAL_DOWNLOAD_KEY,
value: false) value: false) ||
!Submitters::AuthorizedForForm.call(@submitter, current_user, request)
last_completed_submitter = @submitter.submission.submitters last_completed_submitter = @submitter.submission.submitters
.where.not(id: @submitter.id) .where.not(id: @submitter.id)

3
app/controllers/submit_form_draw_signature_controller.rb
Unescape View File

@ -12,7 +12,8 @@ class SubmitFormDrawSignatureController < ApplicationController
return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at? return redirect_to submit_form_completed_path(@submitter.slug) if @submitter.completed_at?
if @submitter.submission.template&.archived_at? || @submitter.submission.archived_at? if @submitter.submission.template&.archived_at? || @submitter.submission.archived_at? ||
!Submitters::AuthorizedForForm.call(@submitter, current_user, request)
return redirect_to submit_form_path(@submitter.slug) return redirect_to submit_form_path(@submitter.slug)
end end

3
app/controllers/submit_form_invite_controller.rb
Unescape View File

@ -45,7 +45,8 @@ class SubmitFormInviteController < ApplicationController
!submitter.completed_at? && !submitter.completed_at? &&
!submitter.submission.archived_at? && !submitter.submission.archived_at? &&
!submitter.submission.expired? && !submitter.submission.expired? &&
!submitter.submission.template&.archived_at? !submitter.submission.template&.archived_at? &&
Submitters::AuthorizedForForm.call(submitter, current_user, request)
end end
def filter_invite_submitters(submitter, key = 'invite_by_uuid') def filter_invite_submitters(submitter, key = 'invite_by_uuid')

8
app/controllers/submit_form_values_controller.rb
Unescape View File

@ -7,10 +7,12 @@ class SubmitFormValuesController < ApplicationController
def index def index
submitter = Submitter.find_by!(slug: params[:submit_form_slug]) submitter = Submitter.find_by!(slug: params[:submit_form_slug])
return render json: {} if submitter.completed_at? || submitter.declined_at? return render json: {} if submitter.completed_at? ||
return render json: {} if submitter.submission.template&.archived_at? || submitter.declined_at? ||
submitter.submission.template&.archived_at? ||
submitter.submission.archived_at? || submitter.submission.archived_at? ||
submitter.submission.expired? submitter.submission.expired? ||
!Submitters::AuthorizedForForm.call(submitter, current_user, request)
value = submitter.values[params['field_uuid']] value = submitter.values[params['field_uuid']]
attachment = submitter.attachments.where(created_at: params[:after]..).find_by(uuid: value) if value.present? attachment = submitter.attachments.where(created_at: params[:after]..).find_by(uuid: value) if value.present?

2
app/controllers/templates_uploads_controller.rb
Unescape View File

@ -56,7 +56,7 @@ class TemplatesUploadsController < ApplicationController
def create_file_params_from_url def create_file_params_from_url
tempfile = Tempfile.new tempfile = Tempfile.new
tempfile.binmode tempfile.binmode
tempfile.write(DownloadUtils.call(params[:url]).body) tempfile.write(DownloadUtils.call(params[:url], validate: true).body)
tempfile.rewind tempfile.rewind
filename = URI.decode_www_form_component(params[:filename]) if params[:filename].present? filename = URI.decode_www_form_component(params[:filename]) if params[:filename].present?

10
app/javascript/submission_form/completed.vue
Unescape View File

@ -161,6 +161,11 @@ export default {
required: false, required: false,
default: false default: false
}, },
fetchOptions: {
type: Object,
required: false,
default: () => ({})
},
completedButton: { completedButton: {
type: Object, type: Object,
required: false, required: false,
@ -214,7 +219,10 @@ export default {
download () { download () {
this.isDownloading = true this.isDownloading = true
fetch(this.baseUrl + `/submitters/${this.submitterSlug}/download`).then(async (response) => { fetch(this.baseUrl + `/submitters/${this.submitterSlug}/download`, {
method: 'GET',
...this.fetchOptions
}).then(async (response) => {
if (response.ok) { if (response.ok) {
const urls = await response.json() const urls = await response.json()
const isMobileSafariIos = 'ontouchstart' in window && navigator.maxTouchPoints > 0 && /AppleWebKit/i.test(navigator.userAgent) const isMobileSafariIos = 'ontouchstart' in window && navigator.maxTouchPoints > 0 && /AppleWebKit/i.test(navigator.userAgent)

10
app/javascript/submission_form/form.vue
Unescape View File

@ -530,6 +530,7 @@
v-else-if="isInvite" v-else-if="isInvite"
:submitters="inviteSubmitters" :submitters="inviteSubmitters"
:optional-submitters="optionalInviteSubmitters" :optional-submitters="optionalInviteSubmitters"
:fetch-options="fetchOptions"
:submitter-slug="submitterSlug" :submitter-slug="submitterSlug"
:authenticity-token="authenticityToken" :authenticity-token="authenticityToken"
:url="baseUrl + submitPath + '/invite'" :url="baseUrl + submitPath + '/invite'"
@ -543,6 +544,7 @@
:has-signature-fields="stepFields.some((fields) => fields.some((f) => ['signature', 'initials'].includes(f.type)))" :has-signature-fields="stepFields.some((fields) => fields.some((f) => ['signature', 'initials'].includes(f.type)))"
:has-multiple-documents="hasMultipleDocuments" :has-multiple-documents="hasMultipleDocuments"
:completed-button="completedRedirectUrl ? {} : completedButton" :completed-button="completedRedirectUrl ? {} : completedButton"
:fetch-options="fetchOptions"
:completed-message="completedRedirectUrl ? {} : completedMessage" :completed-message="completedRedirectUrl ? {} : completedMessage"
:with-send-copy-button="withSendCopyButton && !completedRedirectUrl" :with-send-copy-button="withSendCopyButton && !completedRedirectUrl"
:with-download-button="withDownloadButton && !completedRedirectUrl && !dryRun" :with-download-button="withDownloadButton && !completedRedirectUrl && !dryRun"
@ -678,6 +680,11 @@ export default {
required: false, required: false,
default: () => [] default: () => []
}, },
fetchOptions: {
type: Object,
required: false,
default: () => ({})
},
optionalInviteSubmitters: { optionalInviteSubmitters: {
type: Array, type: Array,
required: false, required: false,
@ -1467,7 +1474,8 @@ export default {
} else { } else {
return fetch(this.baseUrl + this.submitPath, { return fetch(this.baseUrl + this.submitPath, {
method: 'POST', method: 'POST',
body: formData || new FormData(this.$refs.form) body: formData || new FormData(this.$refs.form),
...this.fetchOptions
}).then((response) => { }).then((response) => {
if (response.status === 200) { if (response.status === 200) {
currentFieldUuids.forEach((fieldUuid) => { currentFieldUuids.forEach((fieldUuid) => {

8
app/javascript/submission_form/invite_form.vue
Unescape View File

@ -78,6 +78,11 @@ export default {
type: Array, type: Array,
required: true required: true
}, },
fetchOptions: {
type: Object,
required: false,
default: () => ({})
},
optionalSubmitters: { optionalSubmitters: {
type: Array, type: Array,
required: false, required: false,
@ -108,7 +113,8 @@ export default {
return fetch(this.url, { return fetch(this.url, {
method: 'POST', method: 'POST',
body: new FormData(this.$refs.form) body: new FormData(this.$refs.form),
...this.fetchOptions
}).then((response) => { }).then((response) => {
if (response.status === 200) { if (response.status === 200) {
this.$emit('success') this.$emit('success')

2
app/javascript/template_builder/page.vue
Unescape View File

@ -261,7 +261,7 @@ export default {
}, },
computed: { computed: {
isSelectMode () { isSelectMode () {
return this.isSelectModeRef.value && !this.drawFieldType && this.editable && !this.drawField return this.isSelectModeRef.value && !this.drawFieldType && this.editable && !this.drawField && !this.drawCustomField
}, },
pageSelectedAreas () { pageSelectedAreas () {
if (!this.selectedAreasRef.value) return [] if (!this.selectedAreasRef.value) return []

2
app/jobs/send_test_webhook_request_job.rb
Unescape View File

@ -26,7 +26,7 @@ class SendTestWebhookRequestJob
Addressable::URI.parse(webhook_url.url).normalize Addressable::URI.parse(webhook_url.url).normalize
end end
raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' || [443, nil].exclude?(uri.port)
raise LocalhostError, "Can't send to localhost." if uri.host.in?(SendWebhookRequest::LOCALHOSTS) raise LocalhostError, "Can't send to localhost." if uri.host.in?(SendWebhookRequest::LOCALHOSTS)
end end

2
app/views/email_smtp_settings/index.html.erb
Unescape View File

@ -22,7 +22,7 @@
</div> </div>
<div class="form-control"> <div class="form-control">
<%= ff.label :password, 'Password', class: 'label' %> <%= ff.label :password, 'Password', class: 'label' %>
<%= ff.password_field :password, value: value['password'], class: 'base-input' %> <%= ff.password_field :password, class: 'base-input', required: value['password'].present?, placeholder: value['password'].present? ? '*************' : '' %>
</div> </div>
</div> </div>
<div class="grid md:grid-cols-2 gap-4"> <div class="grid md:grid-cols-2 gap-4">

2
app/views/layouts/application.html.erb
Unescape View File

@ -22,7 +22,7 @@
<% if params[:modal].present? %> <% if params[:modal].present? %>
<% url_params = Rails.application.routes.recognize_path(params[:modal], method: :get) %> <% url_params = Rails.application.routes.recognize_path(params[:modal], method: :get) %>
<% if url_params[:action] == 'new' %> <% if url_params[:action] == 'new' %>
<open-modal src="<%= params[:modal] %>"></open-modal> <open-modal src="<%= url_for(url_params) %>"></open-modal>
<% end %> <% end %>
<% end %> <% end %>
<turbo-frame id="modal"></turbo-frame> <turbo-frame id="modal"></turbo-frame>

2
app/views/pwa/manifest.json.erb
Unescape View File

@ -4,7 +4,7 @@
"id": "/", "id": "/",
"icons": [ "icons": [
{ {
"src": "/logo.svg", "src": "/favicon.svg",
"type": "image/svg+xml", "type": "image/svg+xml",
"sizes": "any" "sizes": "any"
}, },

1
app/views/shared/_meta.html.erb
Unescape View File

@ -27,4 +27,5 @@
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="96x96" href="/favicon-96x96.png"> <link rel="icon" type="image/png" sizes="96x96" href="/favicon-96x96.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"> <link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
<link rel="icon" type="image/svg+xml" href="/favicon.svg">
<meta name="theme-color" content="#faf7f5"> <meta name="theme-color" content="#faf7f5">

2
app/views/shared/_search_input.html.erb
Unescape View File

@ -6,7 +6,7 @@
<% end %> <% end %>
<% if params[:q].present? %> <% if params[:q].present? %>
<div class="relative"> <div class="relative">
<a href="<%= url_for(params.to_unsafe_h.except(:q)) %>" title="<%= t('clear') %>" class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-auto text-neutral text-2xl font-extralight"> <a href="<%= url_for(params: request.query_parameters.except('q')) %>" title="<%= t('clear') %>" class="absolute inset-y-0 left-0 pl-3 flex items-center pointer-events-auto text-neutral text-2xl font-extralight">
&times; &times;
</a> </a>
</div> </div>

2
app/views/storage_settings/_aws_form.html.erb
Unescape View File

@ -8,7 +8,7 @@
</div> </div>
<div class="form-control"> <div class="form-control">
<%= fff.label :secret_access_key, class: 'label' %> <%= fff.label :secret_access_key, class: 'label' %>
<%= fff.password_field :secret_access_key, value: configs['secret_access_key'], required: true, class: 'base-input' %> <%= fff.password_field :secret_access_key, required: true, class: 'base-input', placeholder: configs['secret_access_key'].present? ? '*************' : '' %>
</div> </div>
</div> </div>
<div class="grid md:grid-cols-2 gap-4"> <div class="grid md:grid-cols-2 gap-4">

2
app/views/storage_settings/_azure_form.html.erb
Unescape View File

@ -13,7 +13,7 @@
</div> </div>
<div class="form-control"> <div class="form-control">
<%= fff.label :storage_access_key, 'Storage Access Key', class: 'label' %> <%= fff.label :storage_access_key, 'Storage Access Key', class: 'label' %>
<%= fff.password_field :storage_access_key, value: configs['storage_access_key'], required: true, class: 'base-input' %> <%= fff.password_field :storage_access_key, required: true, class: 'base-input', placeholder: configs['storage_access_key'].present? ? '*************' : '' %>
</div> </div>
<% end %> <% end %>
<% end %> <% end %>

2
app/views/storage_settings/_google_cloud_form.html.erb
Unescape View File

@ -13,7 +13,7 @@
</div> </div>
<div class="form-control"> <div class="form-control">
<%= fff.label :credentials, 'Credentials (JSON key content)', class: 'label' %> <%= fff.label :credentials, 'Credentials (JSON key content)', class: 'label' %>
<%= fff.text_area :credentials, value: configs['credentials'], required: true, class: 'base-textarea w-full font-mono', rows: 4 %> <%= fff.text_area :credentials, required: true, class: 'base-textarea w-full font-mono', rows: 4, placeholder: configs['credentials'].present? ? "{\n**REDACTED**\n}" : '' %>
</div> </div>
<% end %> <% end %>
<% end %> <% end %>

10
app/views/submissions/show.html.erb
Unescape View File

@ -68,7 +68,7 @@
<% end %> <% end %>
</div> </div>
<% end %> <% end %>
<% elsif @submission.submitters.to_a.size == 1 && !@submission.expired? && !@submission.submitters.to_a.first.declined_at? && !@submission.archived_at? %> <% elsif @submission.submitters.to_a.size == 1 && !@submission.expired? && !@submission.submitters.to_a.first.declined_at? && !@submission.archived_at? && !@submission.template&.archived_at? %>
<%= render 'shared/clipboard_copy', text: submit_form_url(slug: @submission.submitters.to_a.first.slug, host: form_link_host), class: 'base-button', icon_class: 'w-6 h-6 text-white', copy_title: t('copy_share_link'), copied_title: t('copied_to_clipboard') %> <%= render 'shared/clipboard_copy', text: submit_form_url(slug: @submission.submitters.to_a.first.slug, host: form_link_host), class: 'base-button', icon_class: 'w-6 h-6 text-white', copy_title: t('copy_share_link'), copied_title: t('copied_to_clipboard') %>
<% end %> <% end %>
</div> </div>
@ -159,7 +159,7 @@
<%= (@submission.template_submitters || @submission.template.submitters).find { |e| e['uuid'] == submitter&.uuid }&.dig('name') || "#{(index + 1).ordinalize} Submitter" %> <%= (@submission.template_submitters || @submission.template.submitters).find { |e| e['uuid'] == submitter&.uuid }&.dig('name') || "#{(index + 1).ordinalize} Submitter" %>
</span> </span>
</div> </div>
<% if signed_in? && can?(:update, @submission) && submitter && !submitter.completed_at? && !submitter.declined_at? && !@submission.archived_at? && !@submission.expired? && !submitter.start_form_submission_events.any? %> <% if signed_in? && can?(:update, @submission) && submitter && !submitter.completed_at? && !submitter.declined_at? && !@submission.archived_at? && !@submission.template&.archived_at? && !@submission.expired? && !submitter.start_form_submission_events.any? %>
<span class="tooltip tooltip-left" data-tip="<%= t('edit') %>"> <span class="tooltip tooltip-left" data-tip="<%= t('edit') %>">
<%= link_to edit_submitter_path(submitter), class: 'shrink-0 inline md:hidden md:group-hover:inline', data: { turbo_frame: 'modal' } do %> <%= link_to edit_submitter_path(submitter), class: 'shrink-0 inline md:hidden md:group-hover:inline', data: { turbo_frame: 'modal' } do %>
<%= svg_icon('pencil', class: 'w-5 h-5') %> <%= svg_icon('pencil', class: 'w-5 h-5') %>
@ -225,15 +225,15 @@
</span> </span>
</div> </div>
<% end %> <% end %>
<% if signed_in? && submitter && submitter.email && !submitter.completed_at && !@submission.archived_at? && can?(:update, @submission) && Accounts.can_send_emails?(current_account) && !@submission.expired? && !submitter.declined_at? %> <% if signed_in? && submitter && submitter.email && !submitter.completed_at && !@submission.archived_at? && !@submission.template&.archived_at? && can?(:update, @submission) && Accounts.can_send_emails?(current_account) && !@submission.expired? && !submitter.declined_at? %>
<div class="mt-2 mb-1"> <div class="mt-2 mb-1">
<%= button_to button_title(title: submitter.sent_at? ? t('re_send_email') : t('send_email'), disabled_with: t('sending')), submitter_send_email_index_path(submitter_slug: submitter.slug), class: 'btn btn-sm btn-primary w-full' %> <%= button_to button_title(title: submitter.sent_at? ? t('re_send_email') : t('send_email'), disabled_with: t('sending')), submitter_send_email_index_path(submitter_slug: submitter.slug), class: 'btn btn-sm btn-primary w-full' %>
</div> </div>
<% end %> <% end %>
<% if signed_in? && submitter && submitter.phone && !submitter.completed_at && !@submission.archived_at? && can?(:update, @submission) && !@submission.expired? && !submitter.declined_at? %> <% if signed_in? && submitter && submitter.phone && !submitter.completed_at && !@submission.archived_at? && !@submission.template&.archived_at? && can?(:update, @submission) && !@submission.expired? && !submitter.declined_at? %>
<%= render 'submissions/send_sms_button', submitter: %> <%= render 'submissions/send_sms_button', submitter: %>
<% end %> <% end %>
<% if signed_in? && submitter && !submitter.completed_at? && !@submission.archived_at? && can?(:create, @submission) && !@submission.expired? && !submitter.declined_at? %> <% if signed_in? && submitter && !submitter.completed_at? && !@submission.archived_at? && !@submission.template&.archived_at? && can?(:create, @submission) && !@submission.expired? && !submitter.declined_at? %>
<div class="mt-2 mb-1"> <div class="mt-2 mb-1">
<a class="btn btn-sm btn-primary w-full" target="_blank" href="<%= submit_form_path(slug: submitter.slug) %>"> <a class="btn btn-sm btn-primary w-full" target="_blank" href="<%= submit_form_path(slug: submitter.slug) %>">
<%= t('sign_in_person') %> <%= t('sign_in_person') %>

6
app/views/submissions_dashboard/index.html.erb
Unescape View File

@ -35,19 +35,19 @@
<% if is_show_tabs %> <% if is_show_tabs %>
<div class="flex items-center flex-col md:flex-row md:flex-wrap gap-2 mb-4"> <div class="flex items-center flex-col md:flex-row md:flex-wrap gap-2 mb-4">
<div class="flex items-center md:items-end flex-col md:flex-row gap-2 w-full md:w-fit"> <div class="flex items-center md:items-end flex-col md:flex-row gap-2 w-full md:w-fit">
<a href="<%= url_for(params.to_unsafe_h.except(:status)) %>" class="<%= params[:status].blank? ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600"> <a href="<%= url_for(params: request.query_parameters.except('status')) %>" class="<%= params[:status].blank? ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('list', class: 'w-5 h-5') %> <%= svg_icon('list', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('all') %></span> <span class="font-normal"><%= t('all') %></span>
</div> </div>
</a> </a>
<a href="<%= url_for(params.to_unsafe_h.merge(status: :pending)) %>" class="<%= params[:status] == 'pending' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600"> <a href="<%= url_for(params: request.query_parameters.merge('status' => 'pending')) %>" class="<%= params[:status] == 'pending' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('clock', class: 'w-5 h-5') %> <%= svg_icon('clock', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('pending') %></span> <span class="font-normal"><%= t('pending') %></span>
</div> </div>
</a> </a>
<a href="<%= url_for(params.to_unsafe_h.merge(status: :completed)) %>" class="<%= params[:status] == 'completed' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600"> <a href="<%= url_for(params: request.query_parameters.merge('status' => 'completed')) %>" class="<%= params[:status] == 'completed' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-600">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('circle_check', class: 'w-5 h-5') %> <%= svg_icon('circle_check', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('completed') %></span> <span class="font-normal"><%= t('completed') %></span>

10
app/views/submissions_filters/_applied_filters.html.erb
Unescape View File

@ -5,7 +5,7 @@
<%= svg_icon(icon, class: 'w-5 h-5 shrink-0') %> <%= svg_icon(icon, class: 'w-5 h-5 shrink-0') %>
<span class="font-normal truncate"><%= t(params[:status]) %></span> <span class="font-normal truncate"><%= t(params[:status]) %></span>
<% end %> <% end %>
<%= link_to url_for(params.to_unsafe_h.except(:status)), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %> <%= link_to url_for(params: request.query_parameters.except('status')), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %>
<%= svg_icon('x', class: 'w-5 h-5') %> <%= svg_icon('x', class: 'w-5 h-5') %>
<% end %> <% end %>
</div> </div>
@ -16,7 +16,7 @@
<%= svg_icon('folder', class: 'w-5 h-5 shrink-0') %> <%= svg_icon('folder', class: 'w-5 h-5 shrink-0') %>
<span class="font-normal truncate"><%= params[:folder] %></span> <span class="font-normal truncate"><%= params[:folder] %></span>
<% end %> <% end %>
<%= link_to url_for(params.to_unsafe_h.except(:folder)), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %> <%= link_to url_for(params: request.query_parameters.except('folder')), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %>
<%= svg_icon('x', class: 'w-5 h-5') %> <%= svg_icon('x', class: 'w-5 h-5') %>
<% end %> <% end %>
</div> </div>
@ -27,7 +27,7 @@
<%= svg_icon('user', class: 'w-5 h-5 shrink-0') %> <%= svg_icon('user', class: 'w-5 h-5 shrink-0') %>
<span class="font-normal truncate"><%= current_account.users.accessible_by(current_ability).where(account: current_account).find_by(email: params[:author])&.full_name || 'NA' %></span> <span class="font-normal truncate"><%= current_account.users.accessible_by(current_ability).where(account: current_account).find_by(email: params[:author])&.full_name || 'NA' %></span>
<% end %> <% end %>
<%= link_to url_for(params.to_unsafe_h.except(:author)), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %> <%= link_to url_for(params: request.query_parameters.except('author')), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %>
<%= svg_icon('x', class: 'w-5 h-5') %> <%= svg_icon('x', class: 'w-5 h-5') %>
<% end %> <% end %>
</div> </div>
@ -46,7 +46,7 @@
<% end %> <% end %>
</span> </span>
<% end %> <% end %>
<%= link_to url_for(params.to_unsafe_h.except(:completed_at_from, :completed_at_to)), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %> <%= link_to url_for(params: request.query_parameters.except('completed_at_from', 'completed_at_to')), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %>
<%= svg_icon('x', class: 'w-5 h-5') %> <%= svg_icon('x', class: 'w-5 h-5') %>
<% end %> <% end %>
</div> </div>
@ -65,7 +65,7 @@
<% end %> <% end %>
</span> </span>
<% end %> <% end %>
<%= link_to url_for(params.to_unsafe_h.except(:created_at_to, :created_at_from)), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %> <%= link_to url_for(params: request.query_parameters.except('created_at_to', 'created_at_from')), class: 'rounded-lg ml-1 hover:bg-base-content hover:text-white' do %>
<%= svg_icon('x', class: 'w-5 h-5') %> <%= svg_icon('x', class: 'w-5 h-5') %>
<% end %> <% end %>
</div> </div>

2
app/views/submissions_filters/_filter_modal.html.erb
Unescape View File

@ -10,7 +10,7 @@
</div> </div>
<% if params[:with_remove] %> <% if params[:with_remove] %>
<div class="text-center w-full mt-4"> <div class="text-center w-full mt-4">
<%= link_to t('remove_filter'), "#{params[:path]}?#{params.to_unsafe_h.slice(:q).merge(local_assigns[:default_params]).to_query}", class: 'link', data: { turbo_frame: :_top } %> <%= link_to t('remove_filter'), "#{params[:path]}?#{request.query_parameters.slice('q').merge(local_assigns[:default_params]).to_query}", class: 'link', data: { turbo_frame: :_top } %>
</div> </div>
<% end %> <% end %>
<% end %> <% end %>

6
app/views/templates/show.html.erb
Unescape View File

@ -30,7 +30,7 @@
<% if is_show_tabs %> <% if is_show_tabs %>
<div class="flex items-center flex-col md:flex-row md:flex-wrap gap-2 mb-4"> <div class="flex items-center flex-col md:flex-row md:flex-wrap gap-2 mb-4">
<div class="flex items-center md:items-end flex-col md:flex-row gap-2 w-full md:w-fit"> <div class="flex items-center md:items-end flex-col md:flex-row gap-2 w-full md:w-fit">
<a href="<%= url_for(params.to_unsafe_h.except(:status)) %>" class="<%= params[:status].blank? ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700"> <a href="<%= url_for(params: request.query_parameters.except('status')) %>" class="<%= params[:status].blank? ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('list', class: 'w-5 h-5') %> <%= svg_icon('list', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('all') %></span> <span class="font-normal"><%= t('all') %></span>
@ -41,7 +41,7 @@
</div> </div>
<% end %> <% end %>
</a> </a>
<a href="<%= url_for(params.to_unsafe_h.merge(status: :pending)) %>" class="<%= params[:status] == 'pending' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700"> <a href="<%= url_for(params: request.query_parameters.merge('status' => 'pending')) %>" class="<%= params[:status] == 'pending' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('clock', class: 'w-5 h-5') %> <%= svg_icon('clock', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('pending') %></span> <span class="font-normal"><%= t('pending') %></span>
@ -52,7 +52,7 @@
</div> </div>
<% end %> <% end %>
</a> </a>
<a href="<%= url_for(params.to_unsafe_h.merge(status: :completed)) %>" class="<%= params[:status] == 'completed' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700"> <a href="<%= url_for(params: request.query_parameters.merge('status' => 'completed')) %>" class="<%= params[:status] == 'completed' ? 'border-neutral-700' : 'border-neutral-300' %> flex h-10 px-2 py-1 text-lg items-center justify-between border text-center text-neutral font-semibold rounded-xl w-full md:w-48 hover:border-neutral-700">
<div class="flex items-center space-x-1"> <div class="flex items-center space-x-1">
<%= svg_icon('circle_check', class: 'w-5 h-5') %> <%= svg_icon('circle_check', class: 'w-5 h-5') %>
<span class="font-normal"><%= t('completed') %></span> <span class="font-normal"><%= t('completed') %></span>

6
app/views/webhook_settings/show.html.erb
Unescape View File

@ -85,9 +85,9 @@
<div class="mt-6"> <div class="mt-6">
<h2 id="log" class="text-3xl font-bold"><%= t('events_log') %></h2> <h2 id="log" class="text-3xl font-bold"><%= t('events_log') %></h2>
<div class="tabs border-b mt-4"> <div class="tabs border-b mt-4">
<%= link_to t('all'), url_for(params.to_unsafe_h.except(:status)), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status].blank? ? 'tab-active tab-bordered' : 'pb-[3px]'}" %> <%= link_to t('all'), url_for(params: request.query_parameters.except('status')), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status].blank? ? 'tab-active tab-bordered' : 'pb-[3px]'}" %>
<%= link_to t('succeeded'), url_for(params.to_unsafe_h.merge(status: 'success')), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status] == 'success' ? 'tab-active tab-bordered' : 'pb-[3px]'}" %> <%= link_to t('succeeded'), url_for(params: request.query_parameters.merge('status' => 'success')), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status] == 'success' ? 'tab-active tab-bordered' : 'pb-[3px]'}" %>
<%= link_to t('failed'), url_for(params.to_unsafe_h.merge(status: 'error')), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status] == 'error' ? 'tab-active tab-bordered' : 'pb-[3px]'}" %> <%= link_to t('failed'), url_for(params: request.query_parameters.merge('status' => 'error')), style: 'margin-bottom: -1px', class: "tab h-10 text-base #{params[:status] == 'error' ? 'tab-active tab-bordered' : 'pb-[3px]'}" %>
</div> </div>
<% if @webhook_events.present? %> <% if @webhook_events.present? %>
<div class="divide-y divide-base-300 rounded-lg"> <div class="divide-y divide-base-300 rounded-lg">

2
config/routes.rb
Unescape View File

@ -56,7 +56,7 @@ Rails.application.routes.draw do
resources :account_custom_fields, only: %i[create] resources :account_custom_fields, only: %i[create]
resources :user_configs, only: %i[create] resources :user_configs, only: %i[create]
resources :encrypted_user_configs, only: %i[destroy] resources :encrypted_user_configs, only: %i[destroy]
resources :timestamp_server, only: %i[create] resources :timestamp_server, only: %i[create] unless Docuseal.multitenant?
resources :dashboard, only: %i[index] resources :dashboard, only: %i[index]
resources :setup, only: %i[index create] resources :setup, only: %i[index create]
resource :newsletter, only: %i[show update] resource :newsletter, only: %i[show update]

13
lib/download_utils.rb
Unescape View File

@ -35,16 +35,16 @@ module DownloadUtils
module_function module_function
def call(url) def call(url, validate: Docuseal.multitenant?)
uri = begin uri = begin
URI(url) URI(url)
rescue URI::Error rescue URI::Error
Addressable::URI.parse(url).normalize Addressable::URI.parse(url).normalize
end end
validate_uri!(uri) if Docuseal.multitenant? validate_uri!(uri) if validate
resp = conn.get(uri) resp = conn(validate:).get(uri)
raise UnableToDownload, "Error loading: #{uri}" if resp.status >= 400 raise UnableToDownload, "Error loading: #{uri}" if resp.status >= 400
@ -52,14 +52,15 @@ module DownloadUtils
end end
def validate_uri!(uri) def validate_uri!(uri)
raise UnableToDownload, "Error loading: #{uri}. Only HTTPS is allowed." if uri.scheme != 'https' raise UnableToDownload, "Error loading: #{uri}. Only HTTPS is allowed." if uri.scheme != 'https' ||
[443, nil].exclude?(uri.port)
raise UnableToDownload, "Error loading: #{uri}. Can't download from localhost." if uri.host.in?(LOCALHOSTS) raise UnableToDownload, "Error loading: #{uri}. Can't download from localhost." if uri.host.in?(LOCALHOSTS)
end end
def conn def conn(validate: Docuseal.multitenant?)
Faraday.new do |faraday| Faraday.new do |faraday|
faraday.response :follow_redirects, callback: lambda { |_, new_env| faraday.response :follow_redirects, callback: lambda { |_, new_env|
validate_uri!(new_env[:url]) if Docuseal.multitenant? validate_uri!(new_env[:url]) if validate
} }
end end
end end

2
lib/send_webhook_request.rb
Unescape View File

@ -22,7 +22,7 @@ module SendWebhookRequest
end end
if Docuseal.multitenant? if Docuseal.multitenant?
raise HttpsError, 'Only HTTPS is allowed.' if uri.scheme != 'https' && raise HttpsError, 'Only HTTPS is allowed.' if (uri.scheme != 'https' || [443, nil].exclude?(uri.port)) &&
!AccountConfig.exists?(key: :allow_http, !AccountConfig.exists?(key: :allow_http,
account_id: webhook_url.account_id) account_id: webhook_url.account_id)
raise LocalhostError, "Can't send to localhost." if uri.host.in?(LOCALHOSTS) raise LocalhostError, "Can't send to localhost." if uri.host.in?(LOCALHOSTS)

5
lib/submissions.rb
Unescape View File

@ -18,7 +18,8 @@ module Submissions
def plain_search(submissions, keyword, search_values: false, search_template: false) def plain_search(submissions, keyword, search_values: false, search_template: false)
return submissions if keyword.blank? return submissions if keyword.blank?
term = "%#{keyword.downcase}%" sanitized = ActiveRecord::Base.sanitize_sql_like(keyword.downcase)
term = "%#{sanitized}%"
arel_table = Submitter.arel_table arel_table = Submitter.arel_table
@ -31,7 +32,7 @@ module Submissions
if search_template if search_template
submissions = submissions.left_joins(:template) submissions = submissions.left_joins(:template)
arel = arel.or(Template.arel_table[:name].lower.matches("%#{keyword.downcase}%")) arel = arel.or(Template.arel_table[:name].lower.matches("%#{sanitized}%"))
end end
submissions.joins(:submitters).where(arel).group(:id) submissions.joins(:submitters).where(arel).group(:id)

2
lib/submissions/generate_result_attachments.rb
Unescape View File

@ -162,7 +162,7 @@ module Submissions
pdf.trailer.info[:DocumentID] = document_id pdf.trailer.info[:DocumentID] = document_id
pdf.pages.each do |page| pdf.pages.each do |page|
font_size = (([page.box.width, page.box.height].min / A4_SIZE[0].to_f) * 9).to_i font_size = [(([page.box.width, page.box.height].min / A4_SIZE[0].to_f) * 9).to_i, 4].max
cnv = page.canvas(type: :overlay) cnv = page.canvas(type: :overlay)
text = text =

3
lib/submitters.rb
Unescape View File

@ -14,6 +14,7 @@ module Submitters
UnableToSendCode = Class.new(StandardError) UnableToSendCode = Class.new(StandardError)
InvalidOtp = Class.new(StandardError) InvalidOtp = Class.new(StandardError)
MaliciousFileExtension = Class.new(StandardError) MaliciousFileExtension = Class.new(StandardError)
ArgumentError = Class.new(StandardError)
DANGEROUS_EXTENSIONS = Set.new(%w[ DANGEROUS_EXTENSIONS = Set.new(%w[
exe com bat cmd scr pif vbs vbe js jse wsf wsh msi msp exe com bat cmd scr pif vbs vbe js jse wsf wsh msi msp
@ -133,7 +134,7 @@ module Submitters
filename: file.original_filename, filename: file.original_filename,
content_type: file.content_type) content_type: file.content_type)
else else
ActiveStorage::Blob.find_signed(params[:blob_signed_id]) raise ArgumentError, 'file param is missing'
end end
ActiveStorage::Attachment.create!( ActiveStorage::Attachment.create!(

45
lib/submitters/authorized_for_form.rb
Unescape View File

@ -0,0 +1,45 @@
# frozen_string_literal: true
module Submitters
module AuthorizedForForm
Unauthorized = Class.new(StandardError)
module_function
def call(submitter, current_user, request)
pass_email_2fa?(submitter, request) && pass_link_2fa?(submitter, current_user, request)
end
def pass_email_2fa?(submitter, request)
return false unless submitter
return true if submitter.submission.template&.preferences&.dig('require_email_2fa') != true &&
submitter.preferences['require_email_2fa'] != true
return true if request.cookie_jar.encrypted[:email_2fa_slug] == submitter.slug
token = request.params[:two_factor_token].presence || request.headers['x-two-factor-token'].presence
return true if token.present? &&
Submitter.signed_id_verifier.verified(token, purpose: :email_two_factor) == submitter.slug
false
end
def pass_link_2fa?(submitter, current_user, request)
return false unless submitter
return true if submitter.submission.source != 'link'
return true unless submitter.submission.template&.preferences&.dig('shared_link_2fa') == true
return true if request.cookie_jar.encrypted[:email_2fa_slug] == submitter.slug
return true if submitter.email == current_user&.email && current_user&.account_id == submitter.account_id
if (token = request.params[:two_factor_token].presence || request.headers['x-two-factor-token'].presence)
link_2fa_key = [submitter.email.downcase.squish, submitter.submission.template.slug].join(':')
return true if Submitter.signed_id_verifier.verified(token, purpose: :email_two_factor) == link_2fa_key
end
false
end
end
end

2
lib/submitters/normalize_values.rb
Unescape View File

@ -236,7 +236,7 @@ module Submitters
return blob if blob return blob if blob
data = DownloadUtils.call(url).body data = DownloadUtils.call(url, validate: true).body
checksum = Digest::MD5.base64digest(data) checksum = Digest::MD5.base64digest(data)

4
lib/template_folders.rb
Unescape View File

@ -20,7 +20,9 @@ module TemplateFolders
def search(folders, keyword) def search(folders, keyword)
return folders if keyword.blank? return folders if keyword.blank?
folders.where(TemplateFolder.arel_table[:name].lower.matches("%#{keyword.downcase}%")) sanitized = ActiveRecord::Base.sanitize_sql_like(keyword.downcase)
folders.where(TemplateFolder.arel_table[:name].lower.matches("%#{sanitized}%"))
end end
def filter_active_folders(template_folders, templates) def filter_active_folders(template_folders, templates)

4
lib/templates.rb
Unescape View File

@ -52,7 +52,9 @@ module Templates
def plain_search(templates, keyword) def plain_search(templates, keyword)
return templates if keyword.blank? return templates if keyword.blank?
templates.where(Template.arel_table[:name].lower.matches("%#{keyword.downcase}%")) sanitized = ActiveRecord::Base.sanitize_sql_like(keyword.downcase)
templates.where(Template.arel_table[:name].lower.matches("%#{sanitized}%"))
end end
def fulltext_search(current_user, templates, keyword) def fulltext_search(current_user, templates, keyword)

BIN
public/apple-icon-180x180.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 11 KiB

BIN
public/apple-touch-icon-precomposed.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

BIN
public/apple-touch-icon.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

BIN
public/favicon-16x16.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 695 B

After

Width:  |  Height:  |  Size: 807 B

BIN
public/favicon-32x32.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.6 KiB

After

Width:  |  Height:  |  Size: 1.8 KiB

BIN
public/favicon-96x96.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 5.2 KiB

After

Width:  |  Height:  |  Size: 5.5 KiB

BIN
public/favicon.ico
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.1 KiB

After

Width:  |  Height:  |  Size: 1.1 KiB

5
public/favicon.svg
Unescape View File

@ -0,0 +1,5 @@
<svg height="180" width="180" viewBox="0 0 180 180" xmlns="http://www.w3.org/2000/svg">
<circle fill="white" cx="90" cy="90" r="88"/>
<path fill="#e0753f" d="M 178.224 72.09 c -0.296 -1.463 -0.627 -2.919 -0.996 -4.364 -0.293 -1.151 -0.616 -2.293 -0.956 -3.433 -0.301 -1.008 -0.612 -2.014 -0.95 -3.012 -0.531 -1.578 -1.113 -3.142 -1.735 -4.694 -0.216 -0.54 -0.433 -1.082 -0.661 -1.618 -0.195 -0.462 -0.399 -0.917 -0.601 -1.375 -0.262 -0.591 -0.53 -1.177 -0.804 -1.762 -0.074 -0.159 -0.151 -0.315 -0.226 -0.474 -0.209 -0.441 -0.422 -0.881 -0.638 -1.318 -0.076 -0.154 -0.153 -0.306 -0.229 -0.459 -0.236 -0.471 -0.477 -0.939 -0.721 -1.406 -0.053 -0.101 -0.105 -0.201 -0.158 -0.302 -1.143 -2.16 -2.367 -4.269 -3.68 -6.322 -0.116 -0.181 -0.237 -0.359 -0.355 -0.539 -0.094 -0.144 -0.189 -0.288 -0.284 -0.432 -0.284 -0.431 -0.57 -0.861 -0.862 -1.287 -0.112 -0.164 -0.225 -0.326 -0.338 -0.489 -0.193 -0.279 -0.382 -0.56 -0.579 -0.836 -0.089 -0.125 -0.182 -0.249 -0.273 -0.374 -0.13 -0.182 -0.264 -0.362 -0.395 -0.542 -0.277 -0.38 -0.556 -0.76 -0.838 -1.135 -0.15 -0.199 -0.303 -0.395 -0.454 -0.593 -0.21 -0.274 -0.417 -0.552 -0.63 -0.823 -0.055 -0.069 -0.111 -0.136 -0.166 -0.205 -0.482 -0.61 -0.971 -1.216 -1.47 -1.814 -0.129 -0.155 -0.262 -0.306 -0.392 -0.461 -0.402 -0.476 -0.808 -0.95 -1.22 -1.417 -0.186 -0.212 -0.375 -0.422 -0.563 -0.631 -0.384 -0.428 -0.773 -0.854 -1.167 -1.276 -0.176 -0.189 -0.351 -0.379 -0.529 -0.567 -0.564 -0.595 -1.134 -1.186 -1.716 -1.768 -1.091 -1.091 -2.207 -2.15 -3.346 -3.178 -1.016 -0.919 -2.05 -1.815 -3.103 -2.684 -0.772 -0.636 -1.557 -1.255 -2.348 -1.864 -3.465 -2.67 -7.112 -5.075 -10.927 -7.209 -2.869 -1.604 -5.83 -3.06 -8.883 -4.351 -2.443 -1.033 -4.922 -1.948 -7.428 -2.756 -8.879 -2.863 -18.13 -4.318 -27.605 -4.318 -3.19 0 -6.354 0.169 -9.488 0.496 -4.036 0.421 -8.019 1.114 -11.94 2.073 -1.732 0.423 -3.452 0.892 -5.157 1.42 -2.856 0.883 -5.673 1.912 -8.447 3.085 -2.645 1.118 -5.222 2.357 -7.729 3.711 -2.574 1.39 -5.073 2.901 -7.494 4.533 -1.195 0.805 -2.37 1.64 -3.527 2.503 -1.156 0.864 -2.292 1.756 -3.408 2.676 -0.553 0.456 -1.1 0.919 -1.643 1.389 -1.649 1.427 -3.252 2.92 -4.806 4.473 -2.582 2.582 -4.991 5.299 -7.222 8.138 -0.892 1.135 -1.756 2.292 -2.59 3.467 -0.417 0.588 -0.827 1.18 -1.23 1.778 -0.403 0.597 -0.798 1.199 -1.186 1.806 -0.388 0.607 -0.769 1.218 -1.143 1.835 -2.241 3.697 -4.216 7.562 -5.916 11.582 -1.095 2.589 -2.059 5.217 -2.901 7.877 -0.153 0.482 -0.3 0.965 -0.444 1.449 -0.339 1.14 -0.663 2.282 -0.956 3.433 -0.369 1.446 -0.7 2.901 -0.996 4.364 -1.034 5.121 -1.618 10.343 -1.749 15.637 -0.018 0.757 -0.028 1.514 -0.028 2.274 0 1.123 0.02 2.244 0.062 3.361 0.285 7.82 1.568 15.475 3.825 22.879 0.044 0.147 0.088 0.295 0.133 0.441 0.877 2.823 1.894 5.608 3.054 8.35 0.85 2.009 1.769 3.98 2.755 5.912 0.539 1.057 1.105 2.099 1.685 3.132 4.013 7.142 8.98 13.698 14.846 19.564 7.713 7.713 16.611 13.878 26.477 18.352 0.705 0.32 1.415 0.632 2.131 0.935 2.081 0.88 4.185 1.679 6.313 2.396 9.217 3.106 18.85 4.677 28.719 4.677 8.031 0 15.902 -1.047 23.522 -3.107 0.633 -0.172 1.266 -0.35 1.895 -0.535 0.757 -0.222 1.509 -0.456 2.26 -0.698 0.717 -0.232 1.431 -0.474 2.145 -0.723 1.752 -0.616 3.49 -1.281 5.211 -2.009 0.755 -0.319 1.503 -0.651 2.247 -0.989 1.237 -0.563 2.459 -1.15 3.664 -1.766 0.644 -0.328 1.283 -0.665 1.917 -1.009 1.654 -0.896 3.274 -1.848 4.865 -2.844 5.736 -3.591 11.06 -7.827 15.912 -12.679 0.775 -0.775 1.534 -1.562 2.278 -2.36 5.204 -5.59 9.636 -11.754 13.246 -18.417 0.343 -0.634 0.68 -1.274 1.009 -1.917 0.482 -0.944 0.943 -1.9 1.392 -2.863 0.471 -1.007 0.928 -2.021 1.364 -3.049 1.22 -2.886 2.281 -5.82 3.187 -8.793 0.559 -1.833 1.056 -3.68 1.494 -5.542 0.108 -0.458 0.211 -0.916 0.312 -1.376 0.194 -0.883 0.373 -1.77 0.539 -2.659 1.02 -5.455 1.542 -11.02 1.542 -16.663 0 -6.074 -0.595 -12.058 -1.776 -17.911 z m -161.733 19.614 c -1.118 -56.662 44.604 -74.877 60.998 -67.647 2.187 0.965 4.732 2.431 7.042 2.96 5.295 1.213 13.432 -3.113 13.521 6.273 0.078 8.156 -3.389 13.108 -10.797 16.177 -7.539 3.124 -14.777 9.181 -19.95 15.493 -21.487 26.216 -31.231 68.556 -7.565 94.296 -13.679 -5.545 -42.418 -25.467 -43.248 -67.552 z m 91.109 72.619 c -0.053 0.008 -4.171 0.775 -4.171 0.775 0 0 -15.862 -22.957 -23.509 -21.719 11.291 16.04 12.649 22.625 12.649 22.625 -0.053 0.001 -0.107 0.001 -0.161 0.003 -51.831 2.131 -42.785 -64.026 -28.246 -86.502 -1.555 13.073 8.878 39.992 39.034 44.1 9.495 1.293 32.302 -3.275 41.015 -11.38 0.098 1.825 0.163 3.85 0.159 6.013 -0.046 23.538 -13.47 42.743 -36.77 46.085 z m 30.575 -15.708 c 9.647 -9.263 12.869 -27.779 9.103 -44.137 -4.608 -20.011 -28.861 -32.383 -40.744 -35.564 5.766 -8.089 27.908 -14.274 39.567 5.363 -5.172 -10.519 -13.556 -23.023 -1.732 -33.128 12.411 13.329 19.411 29.94 20.161 48.7 0.75 18.753 -6.64 41.768 -26.355 58.765 z"/>
<circle fill="#e0753f" cx="71.927" cy="32.004" r="2.829"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 4.7 KiB

4
spec/jobs/send_form_completed_webhook_request_job_spec.rb
Unescape View File

@ -16,6 +16,10 @@ RSpec.describe SendFormCompletedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_form_declined_webhook_request_job_spec.rb
Unescape View File

@ -16,6 +16,10 @@ RSpec.describe SendFormDeclinedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_form_started_webhook_request_job_spec.rb
Unescape View File

@ -16,6 +16,10 @@ RSpec.describe SendFormStartedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_form_viewed_webhook_request_job_spec.rb
Unescape View File

@ -16,6 +16,10 @@ RSpec.describe SendFormViewedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_submission_completed_webhook_request_job_spec.rb
Unescape View File

@ -13,6 +13,10 @@ RSpec.describe SendSubmissionCompletedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_submission_created_webhook_request_job_spec.rb
Unescape View File

@ -13,6 +13,10 @@ RSpec.describe SendSubmissionCreatedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_submission_expired_webhook_request_job_spec.rb
Unescape View File

@ -13,6 +13,10 @@ RSpec.describe SendSubmissionExpiredWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_template_created_webhook_request_job_spec.rb
Unescape View File

@ -12,6 +12,10 @@ RSpec.describe SendTemplateCreatedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

4
spec/jobs/send_template_updated_webhook_request_job_spec.rb
Unescape View File

@ -12,6 +12,10 @@ RSpec.describe SendTemplateUpdatedWebhookRequestJob do
end end
describe '#perform' do describe '#perform' do
around do |example|
freeze_time { example.run }
end
before do before do
stub_request(:post, webhook_url.url).to_return(status: 200) stub_request(:post, webhook_url.url).to_return(status: 200)
end end

1
spec/rails_helper.rb
Unescape View File

@ -54,6 +54,7 @@ RSpec.configure do |config|
config.include FactoryBot::Syntax::Methods config.include FactoryBot::Syntax::Methods
config.include Devise::Test::IntegrationHelpers config.include Devise::Test::IntegrationHelpers
config.include SigningFormHelper config.include SigningFormHelper
config.include ActiveSupport::Testing::TimeHelpers
config.before(:each, type: :system) do config.before(:each, type: :system) do
if ENV['HEADLESS'] == 'false' if ENV['HEADLESS'] == 'false'

1
spec/system/email_settings_spec.rb
Unescape View File

@ -61,7 +61,6 @@ RSpec.describe 'Email Settings' do
expect(page).to have_field('Host', with: encrypted_config.value['host']) expect(page).to have_field('Host', with: encrypted_config.value['host'])
expect(page).to have_field('Port', with: encrypted_config.value['port']) expect(page).to have_field('Port', with: encrypted_config.value['port'])
expect(page).to have_field('Username', with: encrypted_config.value['username']) expect(page).to have_field('Username', with: encrypted_config.value['username'])
expect(page).to have_field('Password', with: encrypted_config.value['password'])
expect(page).to have_field('Domain', with: encrypted_config.value['domain']) expect(page).to have_field('Domain', with: encrypted_config.value['domain'])
expect(page).to have_select('Authentication', selected: 'Plain') expect(page).to have_select('Authentication', selected: 'Plain')
expect(page).to have_field('Send from Email', with: encrypted_config.value['from_email']) expect(page).to have_field('Send from Email', with: encrypted_config.value['from_email'])

Write Preview
Loading…
Cancel
Save