diff --git a/.tool-versions b/.tool-versions index 057186bf..053cba7f 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1 @@ -ruby 3.3.8 +ruby 3.3 diff --git a/Gemfile b/Gemfile index d0c7ea6e..6b9db5fb 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' ruby '~> 3.3' # Bundle edge Rails instead: gem "rails", github: "rails/rails", branch: "main" -gem 'rails', '~> 7.2.3.1' +gem 'rails', '~> 8.1.3' # Use postgres for all env dbs gem 'pg' diff --git a/Gemfile.lock b/Gemfile.lock index 4733a4a8..6a4e59bb 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,79 +1,80 @@ GEM remote: https://rubygems.org/ specs: - actioncable (7.2.3.1) - actionpack (= 7.2.3.1) - activesupport (= 7.2.3.1) + action_text-trix (2.1.18) + railties + actioncable (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) nio4r (~> 2.0) websocket-driver (>= 0.6.1) zeitwerk (~> 2.6) - actionmailbox (7.2.3.1) - actionpack (= 7.2.3.1) - activejob (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + actionmailbox (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) - actionmailer (7.2.3.1) - actionpack (= 7.2.3.1) - actionview (= 7.2.3.1) - activejob (= 7.2.3.1) - activesupport (= 7.2.3.1) + actionmailer (8.1.3) + actionpack (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activesupport (= 8.1.3) mail (>= 2.8.0) rails-dom-testing (~> 2.2) - actionpack (7.2.3.1) - actionview (= 7.2.3.1) - activesupport (= 7.2.3.1) - cgi + actionpack (8.1.3) + actionview (= 8.1.3) + activesupport (= 8.1.3) nokogiri (>= 1.8.5) - racc - rack (>= 2.2.4, < 3.3) + rack (>= 2.2.4) rack-session (>= 1.0.1) rack-test (>= 0.6.3) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) useragent (~> 0.16) - actiontext (7.2.3.1) - actionpack (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + actiontext (8.1.3) + action_text-trix (~> 2.1.15) + actionpack (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) globalid (>= 0.6.0) nokogiri (>= 1.8.5) - actionview (7.2.3.1) - activesupport (= 7.2.3.1) + actionview (8.1.3) + activesupport (= 8.1.3) builder (~> 3.1) - cgi erubi (~> 1.11) rails-dom-testing (~> 2.2) rails-html-sanitizer (~> 1.6) - activejob (7.2.3.1) - activesupport (= 7.2.3.1) + activejob (8.1.3) + activesupport (= 8.1.3) globalid (>= 0.3.6) - activemodel (7.2.3.1) - activesupport (= 7.2.3.1) - activerecord (7.2.3.1) - activemodel (= 7.2.3.1) - activesupport (= 7.2.3.1) + activemodel (8.1.3) + activesupport (= 8.1.3) + activerecord (8.1.3) + activemodel (= 8.1.3) + activesupport (= 8.1.3) timeout (>= 0.4.0) - activestorage (7.2.3.1) - actionpack (= 7.2.3.1) - activejob (= 7.2.3.1) - activerecord (= 7.2.3.1) - activesupport (= 7.2.3.1) + activestorage (8.1.3) + actionpack (= 8.1.3) + activejob (= 8.1.3) + activerecord (= 8.1.3) + activesupport (= 8.1.3) marcel (~> 1.0) - activesupport (7.2.3.1) + activesupport (8.1.3) base64 - benchmark (>= 0.3) bigdecimal concurrent-ruby (~> 1.0, >= 1.3.1) connection_pool (>= 2.2.5) drb i18n (>= 1.6, < 2) + json logger (>= 1.4.2) - minitest (>= 5.1, < 6) + minitest (>= 5.1) securerandom (>= 0.3) tzinfo (~> 2.0, >= 2.0.5) + uri (>= 0.13.1) addressable (2.9.0) public_suffix (>= 2.0.2, < 8.0) annotaterb (4.22.0) @@ -99,7 +100,6 @@ GEM ice_nine (~> 0.11.0) thread_safe (~> 0.3, >= 0.3.1) base64 (0.3.0) - benchmark (0.5.0) bigdecimal (4.1.0) bindex (0.8.1) blazer (3.3.0) @@ -127,7 +127,6 @@ GEM capybara-screenshot (1.0.27) capybara (>= 1.0, < 4) launchy - cgi (0.5.1) chartkick (5.2.1) childprocess (5.1.0) logger (~> 1.5) @@ -304,7 +303,9 @@ GEM method_source (1.1.0) mini_mime (1.1.5) mini_portile2 (2.8.9) - minitest (5.27.0) + minitest (6.0.3) + drb (~> 2.0) + prism (~> 1.5) msgpack (1.8.0) multi_test (1.1.0) multi_xml (0.8.1) @@ -398,20 +399,20 @@ GEM rack (>= 1.0.0) rackup (2.3.1) rack (>= 3) - rails (7.2.3.1) - actioncable (= 7.2.3.1) - actionmailbox (= 7.2.3.1) - actionmailer (= 7.2.3.1) - actionpack (= 7.2.3.1) - actiontext (= 7.2.3.1) - actionview (= 7.2.3.1) - activejob (= 7.2.3.1) - activemodel (= 7.2.3.1) - activerecord (= 7.2.3.1) - activestorage (= 7.2.3.1) - activesupport (= 7.2.3.1) + rails (8.1.3) + actioncable (= 8.1.3) + actionmailbox (= 8.1.3) + actionmailer (= 8.1.3) + actionpack (= 8.1.3) + actiontext (= 8.1.3) + actionview (= 8.1.3) + activejob (= 8.1.3) + activemodel (= 8.1.3) + activerecord (= 8.1.3) + activestorage (= 8.1.3) + activesupport (= 8.1.3) bundler (>= 1.15.0) - railties (= 7.2.3.1) + railties (= 8.1.3) rails-controller-testing (1.0.5) actionpack (>= 5.0.1.rc1) actionview (>= 5.0.1.rc1) @@ -423,10 +424,9 @@ GEM rails-html-sanitizer (1.7.0) loofah (~> 2.25) nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0) - railties (7.2.3.1) - actionpack (= 7.2.3.1) - activesupport (= 7.2.3.1) - cgi + railties (8.1.3) + actionpack (= 8.1.3) + activesupport (= 8.1.3) irb (~> 1.13) rackup (>= 1.0.0) rake (>= 12.2) @@ -582,11 +582,10 @@ GEM axiom-types (~> 0.1) coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) - web-console (4.2.1) - actionview (>= 6.0.0) - activemodel (>= 6.0.0) + web-console (4.3.0) + actionview (>= 8.0.0) bindex (>= 0.4.0) - railties (>= 6.0.0) + railties (>= 8.0.0) webmock (3.26.2) addressable (>= 2.8.0) crack (>= 0.3.2) @@ -644,7 +643,7 @@ DEPENDENCIES pg puma (>= 6.0) rack_session_access - rails (~> 7.2.3.1) + rails (~> 8.1.3) rails-controller-testing (~> 1.0) rspec-rails rspec-retry diff --git a/app/controllers/course_settings_controller.rb b/app/controllers/course_settings_controller.rb index 4a2cfe07..cbab44e4 100644 --- a/app/controllers/course_settings_controller.rb +++ b/app/controllers/course_settings_controller.rb @@ -59,8 +59,8 @@ def reset_email_templates end def course_settings_params - params.require(:course_settings).permit( - :enable_extensions, + params.expect( + course_settings: [ :enable_extensions, :auto_approve_days, :auto_approve_extended_request_days, :max_auto_approve, @@ -72,7 +72,7 @@ def course_settings_params :email_subject, :email_template, :enable_slack_webhook_url, - :slack_webhook_url + :slack_webhook_url ] ) end diff --git a/app/controllers/form_settings_controller.rb b/app/controllers/form_settings_controller.rb index 8b14e53f..c85afccd 100644 --- a/app/controllers/form_settings_controller.rb +++ b/app/controllers/form_settings_controller.rb @@ -37,10 +37,10 @@ def update private def form_setting_params - params.require(:form_setting).permit( - :reason_desc, :documentation_desc, :documentation_disp, + params.expect( + form_setting: [ :reason_desc, :documentation_desc, :documentation_disp, :custom_q1, :custom_q1_desc, :custom_q1_disp, - :custom_q2, :custom_q2_desc, :custom_q2_disp + :custom_q2, :custom_q2_desc, :custom_q2_disp ] ) end diff --git a/app/controllers/requests_controller.rb b/app/controllers/requests_controller.rb index 463f809d..7b6ca17c 100644 --- a/app/controllers/requests_controller.rb +++ b/app/controllers/requests_controller.rb @@ -222,7 +222,7 @@ def set_course_role_from_settings end def request_params - params.require(:request).permit(:assignment_id, :reason, :documentation, :custom_q1, :custom_q2, :requested_due_date, :user_id) + params.expect(request: [ :assignment_id, :reason, :documentation, :custom_q1, :custom_q2, :requested_due_date, :user_id ]) end def authenticate_user diff --git a/app/mailers/application_mailer.rb b/app/mailers/application_mailer.rb new file mode 100644 index 00000000..013c905d --- /dev/null +++ b/app/mailers/application_mailer.rb @@ -0,0 +1,10 @@ +class ApplicationMailer < ActionMailer::Base + # TODO: Deprecate the EmailService class and move the render_templates method to this class. + default from: ENV.fetch('DEFAULT_FROM_EMAIL', 'flextensions@berkeley.edu') + default content_type: 'text/html' + layout 'mailer' + + def generic_email(to:, from:, reply_to:, subject:, body:) + mail(to: to, from: from, reply_to: reply_to, subject: subject, body: body) + end +end diff --git a/app/services/email_service.rb b/app/services/email_service.rb index f6ebcced..934ed084 100644 --- a/app/services/email_service.rb +++ b/app/services/email_service.rb @@ -1,6 +1,10 @@ # frozen_string_literal: true # A class for sending templated emails, using basic `{{variable}}` substitution. +# TODO: Migrate this 'Service' to the ApplicationMailer class. +# As of Rails 8.1 we needed to introduct a subclass of ActionMailer::Base. +# We should be able to deprecate this class and move the render_templates method to the FlextensionsMailer class. + class EmailService class << self # Given a subject_template and body_template (both strings @@ -27,13 +31,12 @@ def render_templates(subject_template, body_template, mapping) def send_email(to:, from:, reply_to:, subject_template:, body_template:, mapping:, deliver_later: false) rendered = render_templates(subject_template, body_template, mapping) - mail = ActionMailer::Base.mail( + mail = ApplicationMailer.generic_email( to: to, from: from, reply_to: reply_to, subject: rendered[:subject], body: rendered[:body].gsub("\n", "
\n"), - content_type: 'text/html' ) deliver_later ? mail.deliver_later : mail.deliver_now diff --git a/bin/brakeman b/bin/brakeman index b4fe8de2..ace1c9ba 100755 --- a/bin/brakeman +++ b/bin/brakeman @@ -1,27 +1,7 @@ #!/usr/bin/env ruby -# frozen_string_literal: true - -# -# This file was generated by Bundler. -# -# The application 'brakeman' is installed as part of a gem, and -# this file is here to facilitate running it. -# - -ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__) - -bundle_binstub = File.expand_path("bundle", __dir__) - -if File.file?(bundle_binstub) - if File.read(bundle_binstub, 300).include?("This file was generated by Bundler") - load(bundle_binstub) - else - abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. -Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") - end -end - require "rubygems" require "bundler/setup" +ARGV.unshift("--ensure-latest") + load Gem.bin_path("brakeman", "brakeman") diff --git a/bin/ci b/bin/ci new file mode 100755 index 00000000..4137ad5b --- /dev/null +++ b/bin/ci @@ -0,0 +1,6 @@ +#!/usr/bin/env ruby +require_relative "../config/boot" +require "active_support/continuous_integration" + +CI = ActiveSupport::ContinuousIntegration +require_relative "../config/ci.rb" diff --git a/bin/dev b/bin/dev new file mode 100755 index 00000000..5f91c205 --- /dev/null +++ b/bin/dev @@ -0,0 +1,2 @@ +#!/usr/bin/env ruby +exec "./bin/rails", "server", *ARGV diff --git a/bin/rubocop b/bin/rubocop index 40330c0f..5a205047 100755 --- a/bin/rubocop +++ b/bin/rubocop @@ -2,7 +2,7 @@ require "rubygems" require "bundler/setup" -# explicit rubocop config increases performance slightly while avoiding config confusion. +# Explicit RuboCop config increases performance slightly while avoiding config confusion. ARGV.unshift("--config", File.expand_path("../.rubocop.yml", __dir__)) load Gem.bin_path("rubocop", "rubocop") diff --git a/bin/setup b/bin/setup index 5e00489e..81be011e 100755 --- a/bin/setup +++ b/bin/setup @@ -2,7 +2,6 @@ require "fileutils" APP_ROOT = File.expand_path("..", __dir__) -APP_NAME = "flextensions" def system!(*args) system(*args, exception: true) @@ -14,7 +13,6 @@ FileUtils.chdir APP_ROOT do # Add necessary setup steps to this file. puts "== Installing dependencies ==" - system! "gem install bundler --conservative" system("bundle check") || system!("bundle install") # puts "\n== Copying sample files ==" @@ -24,14 +22,14 @@ FileUtils.chdir APP_ROOT do puts "\n== Preparing database ==" system! "bin/rails db:prepare" + system! "bin/rails db:reset" if ARGV.include?("--reset") puts "\n== Removing old logs and tempfiles ==" system! "bin/rails log:clear tmp:clear" - puts "\n== Restarting application server ==" - system! "bin/rails restart" - - # puts "\n== Configuring puma-dev ==" - # system "ln -nfs #{APP_ROOT} ~/.puma-dev/#{APP_NAME}" - # system "curl -Is https://#{APP_NAME}.test/up | head -n 1" + unless ARGV.include?("--skip-server") + puts "\n== Starting development server ==" + STDOUT.flush # flush the output before exec(2) so that it displays + exec "bin/dev" + end end diff --git a/config/application.rb b/config/application.rb index e298613f..9ac11372 100644 --- a/config/application.rb +++ b/config/application.rb @@ -5,15 +5,18 @@ require "active_model/railtie" require "active_job/railtie" require "active_record/railtie" -require "active_storage/engine" +# require "active_storage/engine" require "action_controller/railtie" require "action_mailer/railtie" -require "action_mailbox/engine" -require "action_text/engine" +# require "action_mailbox/engine" +# require "action_text/engine" require "action_view/railtie" -require "action_cable/engine" +# require "action_cable/engine" # require "rails/test_unit/railtie" +# Enable writing 1.day.ago, 1.week.from_now, etc. in config files. +require "active_support/core_ext/integer/time" + # Require the gems listed in Gemfile, including any gems # you've limited to :test, :development, or :production. Bundler.require(*Rails.groups) diff --git a/config/ci.rb b/config/ci.rb new file mode 100644 index 00000000..99399939 --- /dev/null +++ b/config/ci.rb @@ -0,0 +1,19 @@ +# Run using bin/ci + +CI.run do + step "Setup", "bin/setup --skip-server" + + step "Style: Ruby", "bin/rubocop" + + step "Security: Importmap vulnerability audit", "bin/importmap audit" + step "Security: Brakeman code analysis", "bin/brakeman --quiet --no-pager --exit-on-warn --exit-on-error" + + + # Optional: set a green GitHub commit status to unblock PR merge. + # Requires the `gh` CLI and `gh extension install basecamp/gh-signoff`. + # if success? + # step "Signoff: All systems go. Ready for merge and deploy.", "gh signoff" + # else + # failure "Signoff: CI failed. Do not merge or deploy.", "Fix the issues and try again." + # end +end diff --git a/config/environments/development.rb b/config/environments/development.rb index 0a9108ae..606c7fde 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,14 +1,11 @@ -require "active_support/core_ext/integer/time" - -# Settings specified here will take precedence over those in config/application.rb. Rails.application.configure do + # Settings specified here will take precedence over those in config/application.rb. + # Configure 'rails notes' to inspect Cucumber files config.annotations.register_directories('features') config.annotations.register_extensions('feature') { |tag| /#\s*(#{tag}):?\s*(.*)$/ } - # In the development environment your application's code is reloaded any time - # it changes. This slows down response time but is perfect for development - # since you don't have to restart the web server when you make code changes. + # Make code changes take effect immediately without server restart. config.enable_reloading = true # Do not eager load code on boot. @@ -20,30 +17,29 @@ # Enable server timing. config.server_timing = true - # Enable/disable caching. By default caching is disabled. - # Run rails dev:cache to toggle caching. + # Enable/disable Action Controller caching. By default Action Controller caching is disabled. + # Run rails dev:cache to toggle Action Controller caching. if Rails.root.join("tmp/caching-dev.txt").exist? config.action_controller.perform_caching = true config.action_controller.enable_fragment_cache_logging = true - - config.cache_store = :memory_store - config.public_file_server.headers = { "Cache-Control" => "public, max-age=#{2.days.to_i}" } + config.public_file_server.headers = { "cache-control" => "public, max-age=#{2.days.to_i}" } else config.action_controller.perform_caching = false - - config.cache_store = :null_store end + # Change to :null_store to avoid any caching. + config.cache_store = :memory_store + # Store uploaded files on the local file system (see config/storage.yml for options). - config.active_storage.service = :local + # config.active_storage.service = :local # Don't care if the mailer can't send. config.action_mailer.raise_delivery_errors = false - # Disable caching for Action Mailer templates even if Action Controller - # caching is enabled. + # Make template changes take effect immediately. config.action_mailer.perform_caching = false + # Set localhost to be used by links generated in mailer templates. config.action_mailer.default_url_options = { host: "localhost", port: 3000 } # Print deprecation notices to the Rails logger. @@ -61,11 +57,14 @@ # Highlight code that triggered database queries in logs. config.active_record.verbose_query_logs = true + # Append comments with runtime information tags to SQL queries in logs. + config.active_record.query_log_tags_enabled = true + # Highlight code that enqueued background job in logs. config.active_job.verbose_enqueue_logs = true - # Suppress logger output for asset requests. - config.assets.quiet = true + # Highlight code that triggered redirect in logs. + config.action_dispatch.verbose_redirect_logs = true # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true @@ -76,7 +75,7 @@ # Uncomment if you wish to allow Action Cable access from any origin. # config.action_cable.disable_request_forgery_protection = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true # Apply autocorrection by RuboCop to files generated by `bin/rails generate`. diff --git a/config/environments/production.rb b/config/environments/production.rb index 6838a8f6..ef7ae0d6 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -1,56 +1,32 @@ -require "active_support/core_ext/integer/time" - Rails.application.configure do # Settings specified here will take precedence over those in config/application.rb. # Code is not reloaded between requests. config.enable_reloading = false - # Eager load code on boot. This eager loads most of Rails and - # your application in memory, allowing both threaded web servers - # and those relying on copy on write to perform better. - # Rake tasks automatically ignore this option for performance. + # Eager load code on boot for better performance and memory savings (ignored by Rake tasks). config.eager_load = true - # Full error reports are disabled and caching is turned on. + # Full error reports are disabled. config.consider_all_requests_local = false - config.action_controller.perform_caching = true - - # Ensures that a master key has been made available in ENV["RAILS_MASTER_KEY"], config/master.key, or an environment - # key such as config/credentials/production.key. This key is used to decrypt credentials (and other encrypted files). - # config.require_master_key = true - # Disable serving static files from `public/`, relying on NGINX/Apache to do so instead. - # config.public_file_server.enabled = false - - # Compress CSS using a preprocessor. - # config.assets.css_compressor = :sass + # Turn on fragment caching in view templates. + config.action_controller.perform_caching = true - # Do not fall back to assets pipeline if a precompiled asset is missed. - config.assets.compile = false + # Cache assets for far-future expiry since they are all digest stamped. + config.public_file_server.headers = { "cache-control" => "public, max-age=#{1.year.to_i}" } # Enable serving of images, stylesheets, and JavaScripts from an asset server. # config.asset_host = "http://assets.example.com" - # Specifies the header that your server uses for sending files. - # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for Apache - # config.action_dispatch.x_sendfile_header = "X-Accel-Redirect" # for NGINX - # Store uploaded files on the local file system (see config/storage.yml for options). - config.active_storage.service = :local - - # Mount Action Cable outside main process or domain. - # config.action_cable.mount_path = nil - # config.action_cable.url = "wss://example.com/cable" - # config.action_cable.allowed_request_origins = [ "http://example.com", /http:\/\/example.*/ ] - config.hosts.clear + # config.active_storage.service = :local # Assume all access to the app is happening through a SSL-terminating reverse proxy. - # Can be used together with config.force_ssl for Strict-Transport-Security and secure cookies. # config.assume_ssl = true # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. - #config.force_ssl = true + # config.force_ssl = true # Setup logging with Lograge [https://github.com/roidrage/lograge] # See config/initializers/lograge.rb for more details. @@ -73,40 +49,30 @@ # Use a different cache store in production. # config.cache_store = :mem_cache_store - # Use a real queuing backend for Active Job (and separate queues per environment). + # Replace the default in-process and non-durable queuing backend for Active Job. # config.active_job.queue_adapter = :resque - # config.active_job.queue_name_prefix = "flextensions_production" - - # config.action_mailer.perform_caching = false # Ignore bad email addresses and do not raise email delivery errors. # Set this to true and configure the email server for immediate delivery to raise delivery errors. # config.action_mailer.raise_delivery_errors = false + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to # the I18n.default_locale when a translation cannot be found). config.i18n.fallbacks = true - # Don't log any deprecations. - config.active_support.report_deprecations = false - # Do not dump schema after migrations. config.active_record.dump_schema_after_migration = false - # Generate these keys by running: - # head -c 32 /dev/urandom | base64 - config.active_record.encryption.primary_key = - ENV["ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY"] - config.active_record.encryption.deterministic_key = - ENV["ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY"] - config.active_record.encryption.key_derivation_salt = - ENV["ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT"] + # Only use :id for inspections in production. + config.active_record.attributes_for_inspect = [ :id ] # Enable DNS rebinding protection and other `Host` header attacks. # config.hosts = [ # "example.com", # Allow requests from example.com # /.*\.example\.com/ # Allow requests from subdomains like `www.example.com` # ] + # # Skip DNS rebinding protection for the default health check endpoint. # config.host_authorization = { exclude: ->(request) { request.path == "/up" } } diff --git a/config/environments/test.rb b/config/environments/test.rb index c9f0436f..04f735d2 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -1,15 +1,9 @@ -require "active_support/core_ext/integer/time" - # The test environment is used exclusively to run your application's # test suite. You never need to work with it otherwise. Remember that # your test database is "scratch space" for the test suite and is wiped # and recreated between test runs. Don't rely on the data there! Rails.application.configure do - # Configure 'rails notes' to inspect Cucumber files - config.annotations.register_directories('features') - config.annotations.register_extensions('feature') { |tag| /#\s*(#{tag}):?\s*(.*)$/ } - # Settings specified here will take precedence over those in config/application.rb. # While tests run files are not watched, reloading is not necessary. @@ -21,15 +15,11 @@ # loading is working properly before deploying your code. config.eager_load = ENV["CI"].present? - # Configure public file server for tests with Cache-Control for performance. - config.public_file_server.enabled = true - config.public_file_server.headers = { - "Cache-Control" => "public, max-age=#{1.hour.to_i}" - } + # Configure public file server for tests with cache-control for performance. + config.public_file_server.headers = { "cache-control" => "public, max-age=3600" } - # Show full error reports and disable caching. + # Show full error reports. config.consider_all_requests_local = true - config.action_controller.perform_caching = false config.cache_store = :null_store # Render exception templates for rescuable exceptions and raise for other exceptions. @@ -39,31 +29,26 @@ config.action_controller.allow_forgery_protection = false # Store uploaded files on the local file system in a temporary directory. - config.active_storage.service = :test - - # config.action_mailer.perform_caching = false + # config.active_storage.service = :test # Tell Action Mailer not to deliver emails to the real world. # The :test delivery method accumulates sent emails in the # ActionMailer::Base.deliveries array. - # config.action_mailer.delivery_method = :test + config.action_mailer.delivery_method = :test + + # Set host to be used by links generated in mailer templates. + config.action_mailer.default_url_options = { host: "example.com" } # Print deprecation notices to the stderr. config.active_support.deprecation = :stderr - # Raise exceptions for disallowed deprecations. - config.active_support.disallowed_deprecation = :raise - - # Tell Active Support which deprecation messages to disallow. - config.active_support.disallowed_deprecation_warnings = [] - # Raises error for missing translations. # config.i18n.raise_on_missing_translations = true # Annotate rendered view with file names. # config.action_view.annotate_rendered_view_with_filenames = true - # Raise error when a before_action's only/except options reference missing actions + # Raise error when a before_action's only/except options reference missing actions. config.action_controller.raise_on_missing_callback_actions = true # Set up default encryption keys for the test environment diff --git a/config/initializers/content_security_policy.rb b/config/initializers/content_security_policy.rb index b3076b38..d51d7139 100644 --- a/config/initializers/content_security_policy.rb +++ b/config/initializers/content_security_policy.rb @@ -20,6 +20,10 @@ # config.content_security_policy_nonce_generator = ->(request) { request.session.id.to_s } # config.content_security_policy_nonce_directives = %w(script-src style-src) # +# # Automatically add `nonce` to `javascript_tag`, `javascript_include_tag`, and `stylesheet_link_tag` +# # if the corresponding directives are specified in `content_security_policy_nonce_directives`. +# # config.content_security_policy_nonce_auto = true +# # # Report violations without enforcing the policy. # # config.content_security_policy_report_only = true # end diff --git a/config/initializers/filter_parameter_logging.rb b/config/initializers/filter_parameter_logging.rb index c010b83d..c0b717f7 100644 --- a/config/initializers/filter_parameter_logging.rb +++ b/config/initializers/filter_parameter_logging.rb @@ -4,5 +4,5 @@ # Use this to limit dissemination of sensitive information. # See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors. Rails.application.config.filter_parameters += [ - :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn + :passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc ] diff --git a/config/initializers/new_framework_defaults_8_1.rb b/config/initializers/new_framework_defaults_8_1.rb new file mode 100644 index 00000000..2dcf3ca7 --- /dev/null +++ b/config/initializers/new_framework_defaults_8_1.rb @@ -0,0 +1,74 @@ +# Be sure to restart your server when you modify this file. +# +# This file eases your Rails 8.1 framework defaults upgrade. +# +# Uncomment each configuration one by one to switch to the new default. +# Once your application is ready to run with all new defaults, you can remove +# this file and set the `config.load_defaults` to `8.1`. +# +# Read the Guide for Upgrading Ruby on Rails for more info on each option. +# https://guides.rubyonrails.org/upgrading_ruby_on_rails.html + +### +# Skips escaping HTML entities and line separators. When set to `false`, the +# JSON renderer no longer escapes these to improve performance. +# +# Example: +# class PostsController < ApplicationController +# def index +# render json: { key: "\u2028\u2029<>&" } +# end +# end +# +# Renders `{"key":"\u2028\u2029\u003c\u003e\u0026"}` with the previous default, but `{"key":"<>&"}` with the config +# set to `false`. +# +# Applications that want to keep the escaping behavior can set the config to `true`. +#++ +# Rails.configuration.action_controller.escape_json_responses = false + +### +# Skips escaping LINE SEPARATOR (U+2028) and PARAGRAPH SEPARATOR (U+2029) in JSON. +# +# Historically these characters were not valid inside JavaScript literal strings but that changed in ECMAScript 2019. +# As such it's no longer a concern in modern browsers: https://caniuse.com/mdn-javascript_builtins_json_json_superset. +#++ +# Rails.configuration.active_support.escape_js_separators_in_json = false + +### +# Raises an error when order dependent finder methods (e.g. `#first`, `#second`) are called without `order` values +# on the relation, and the model does not have any order columns (`implicit_order_column`, `query_constraints`, or +# `primary_key`) to fall back on. +# +# The current behavior of not raising an error has been deprecated, and this configuration option will be removed in +# Rails 8.2. +#++ +# Rails.configuration.active_record.raise_on_missing_required_finder_order_columns = true + +### +# Controls how Rails handles path relative URL redirects. +# When set to `:raise`, Rails will raise an `ActionController::Redirecting::UnsafeRedirectError` +# for relative URLs without a leading slash, which can help prevent open redirect vulnerabilities. +# +# Example: +# redirect_to "example.com" # Raises UnsafeRedirectError +# redirect_to "@attacker.com" # Raises UnsafeRedirectError +# redirect_to "/safe/path" # Works correctly +# +# Applications that want to allow these redirects can set the config to `:log` (previous default) +# to only log warnings, or `:notify` to send ActiveSupport notifications. +#++ +# Rails.configuration.action_controller.action_on_path_relative_redirect = :raise + +### +# Use a Ruby parser to track dependencies between Action View templates +#++ +# Rails.configuration.action_view.render_tracker = :ruby + +### +# When enabled, hidden inputs generated by `form_tag`, `token_tag`, `method_tag`, and the hidden parameter fields +# included in `button_to` forms will omit the `autocomplete="off"` attribute. +# +# Applications that want to keep generating the `autocomplete` attribute for those tags can set it to `false`. +#++ +# Rails.configuration.action_view.remove_hidden_field_autocomplete = true diff --git a/config/puma.rb b/config/puma.rb index 03c166f4..38c4b865 100644 --- a/config/puma.rb +++ b/config/puma.rb @@ -1,13 +1,18 @@ # This configuration file will be evaluated by Puma. The top-level methods that # are invoked here are part of Puma's configuration DSL. For more information # about methods provided by the DSL, see https://puma.io/puma/Puma/DSL.html. - +# # Puma starts a configurable number of processes (workers) and each process # serves each request in a thread from an internal thread pool. # +# You can control the number of workers using ENV["WEB_CONCURRENCY"]. You +# should only set this value when you want to run 2 or more workers. The +# default is already 1. You can set it to `auto` to automatically start a worker +# for each available processor. +# # The ideal number of threads per worker depends both on how much time the # application spends waiting for IO operations and on how much you wish to -# to prioritize throughput over latency. +# prioritize throughput over latency. # # As a rule of thumb, increasing the number of threads will increase how much # traffic a given process can handle (throughput), but due to CRuby's @@ -29,6 +34,9 @@ # Allow puma to be restarted by `bin/rails restart` command. plugin :tmp_restart +# Run the Solid Queue supervisor inside of Puma for single-server deployments. +plugin :solid_queue if ENV["SOLID_QUEUE_IN_PUMA"] + # Specify the PID file. Defaults to tmp/pids/server.pid in development. # In other environments, only set the PID file if requested. pidfile ENV["PIDFILE"] if ENV["PIDFILE"] diff --git a/db/schema.rb b/db/schema.rb index 848df19c..f0d2b360 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,11 +10,9 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.2].define(version: 2026_03_06_000001) do - create_schema "hypershield" - +ActiveRecord::Schema[8.1].define(version: 2026_03_06_000001) do # These are extensions that must be enabled in order to support this database - enable_extension "plpgsql" + enable_extension "pg_catalog.plpgsql" # Custom types defined in this database. # Note that some types may not work with other database engines. Be careful if changing database. @@ -22,182 +20,182 @@ create_enum "request_status", ["pending", "approved", "denied"] create_table "assignments", force: :cascade do |t| - t.string "name" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.string "external_assignment_id" t.bigint "course_to_lms_id", null: false + t.datetime "created_at", null: false t.datetime "due_date" - t.datetime "late_due_date" t.boolean "enabled", default: false + t.string "external_assignment_id" + t.datetime "late_due_date" + t.string "name" + t.datetime "updated_at", null: false end create_table "blazer_audits", force: :cascade do |t| - t.bigint "user_id" + t.datetime "created_at" + t.string "data_source" t.bigint "query_id" t.text "statement" - t.string "data_source" - t.datetime "created_at" + t.bigint "user_id" t.index ["query_id"], name: "index_blazer_audits_on_query_id" t.index ["user_id"], name: "index_blazer_audits_on_user_id" end create_table "blazer_checks", force: :cascade do |t| + t.string "check_type" + t.datetime "created_at", null: false t.bigint "creator_id" + t.text "emails" + t.datetime "last_run_at" + t.text "message" t.bigint "query_id" - t.string "state" t.string "schedule" - t.text "emails" t.text "slack_channels" - t.string "check_type" - t.text "message" - t.datetime "last_run_at" - t.datetime "created_at", null: false + t.string "state" t.datetime "updated_at", null: false t.index ["creator_id"], name: "index_blazer_checks_on_creator_id" t.index ["query_id"], name: "index_blazer_checks_on_query_id" end create_table "blazer_dashboard_queries", force: :cascade do |t| + t.datetime "created_at", null: false t.bigint "dashboard_id" - t.bigint "query_id" t.integer "position" - t.datetime "created_at", null: false + t.bigint "query_id" t.datetime "updated_at", null: false t.index ["dashboard_id"], name: "index_blazer_dashboard_queries_on_dashboard_id" t.index ["query_id"], name: "index_blazer_dashboard_queries_on_query_id" end create_table "blazer_dashboards", force: :cascade do |t| + t.datetime "created_at", null: false t.bigint "creator_id" t.string "name" - t.datetime "created_at", null: false t.datetime "updated_at", null: false t.index ["creator_id"], name: "index_blazer_dashboards_on_creator_id" end create_table "blazer_queries", force: :cascade do |t| + t.datetime "created_at", null: false t.bigint "creator_id" - t.string "name" + t.string "data_source" t.text "description" + t.string "name" t.text "statement" - t.string "data_source" t.string "status" - t.datetime "created_at", null: false t.datetime "updated_at", null: false t.index ["creator_id"], name: "index_blazer_queries_on_creator_id" end create_table "course_settings", force: :cascade do |t| - t.bigint "course_id", null: false - t.boolean "enable_extensions", default: false t.integer "auto_approve_days", default: 0 t.integer "auto_approve_extended_request_days", default: 0 - t.integer "max_auto_approve", default: 0 - t.boolean "enable_emails", default: false - t.string "reply_email" + t.bigint "course_id", null: false + t.datetime "created_at", null: false t.string "email_subject", default: "Extension Request Status: {{status}} - {{course_code}}" t.text "email_template", default: "Dear {{student_name}},\n\nYour extension request for {{assignment_name}} in {{course_name}} ({{course_code}}) has been {{status}}.\n\nExtension Details:\n- Original Due Date: {{original_due_date}}\n- New Due Date: {{new_due_date}}\n- Extension Days: {{extension_days}}\n\nIf you have any questions, please contact the course staff.\n\nBest regards,\n{{course_name}} Staff" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.string "slack_webhook_url" - t.boolean "enable_slack_webhook_url" + t.boolean "enable_emails", default: false + t.boolean "enable_extensions", default: false t.boolean "enable_gradescope", default: false - t.string "gradescope_course_url" + t.boolean "enable_slack_webhook_url" t.boolean "extend_late_due_date", default: true, null: false + t.string "gradescope_course_url" + t.integer "max_auto_approve", default: 0 + t.string "reply_email" + t.string "slack_webhook_url" + t.datetime "updated_at", null: false t.index ["course_id"], name: "index_course_settings_on_course_id" end create_table "course_to_lmss", force: :cascade do |t| - t.bigint "lms_id" t.bigint "course_id" t.datetime "created_at", null: false - t.datetime "updated_at", null: false t.string "external_course_id" - t.jsonb "recent_roster_sync", default: {} + t.bigint "lms_id" t.jsonb "recent_assignment_sync", default: {} + t.jsonb "recent_roster_sync", default: {} + t.datetime "updated_at", null: false t.index ["course_id"], name: "index_course_to_lmss_on_course_id" t.index ["lms_id"], name: "index_course_to_lmss_on_lms_id" end create_table "courses", force: :cascade do |t| - t.string "course_name" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false t.string "canvas_id" t.string "course_code" + t.string "course_name" + t.datetime "created_at", null: false t.string "readonly_api_token" t.string "semester" + t.datetime "updated_at", null: false t.index ["canvas_id"], name: "index_courses_on_canvas_id", unique: true t.index ["readonly_api_token"], name: "index_courses_on_readonly_api_token", unique: true end create_table "extensions", force: :cascade do |t| t.bigint "assignment_id" - t.string "student_email" + t.datetime "created_at", null: false + t.string "external_extension_id" t.datetime "initial_due_date" - t.datetime "new_due_date" t.bigint "last_processed_by_id" - t.datetime "created_at", null: false + t.datetime "new_due_date" + t.string "student_email" t.datetime "updated_at", null: false - t.string "external_extension_id" t.index ["assignment_id"], name: "index_extensions_on_assignment_id" t.index ["last_processed_by_id"], name: "index_extensions_on_last_processed_by_id" end create_table "form_settings", force: :cascade do |t| t.bigint "course_id", null: false - t.text "reason_desc" - t.text "documentation_desc" - t.enum "documentation_disp", enum_type: "form_display_status" + t.datetime "created_at", null: false t.string "custom_q1" t.text "custom_q1_desc" t.enum "custom_q1_disp", enum_type: "form_display_status" t.string "custom_q2" t.text "custom_q2_desc" t.enum "custom_q2_disp", enum_type: "form_display_status" - t.datetime "created_at", null: false + t.text "documentation_desc" + t.enum "documentation_disp", enum_type: "form_display_status" + t.text "reason_desc" t.datetime "updated_at", null: false t.index ["course_id"], name: "index_form_settings_on_course_id" end create_table "lms_credentials", force: :cascade do |t| - t.bigint "user_id" + t.datetime "created_at", null: false + t.datetime "expire_time" + t.string "external_user_id" t.string "lms_name" - t.string "username" t.string "password" - t.string "token" t.string "refresh_token" - t.datetime "created_at", null: false + t.string "token" t.datetime "updated_at", null: false - t.string "external_user_id" - t.datetime "expire_time" + t.bigint "user_id" + t.string "username" t.index ["user_id"], name: "index_lms_credentials_on_user_id" end create_table "lmss", force: :cascade do |t| - t.string "lms_name" - t.boolean "use_auth_token" t.datetime "created_at", null: false - t.datetime "updated_at", null: false t.string "lms_base_url" + t.string "lms_name" + t.datetime "updated_at", null: false + t.boolean "use_auth_token" end create_table "requests", force: :cascade do |t| - t.datetime "requested_due_date" - t.text "reason" - t.text "documentation" + t.bigint "assignment_id", null: false + t.boolean "auto_approved", default: false, null: false + t.bigint "course_id", null: false + t.datetime "created_at", null: false t.text "custom_q1" t.text "custom_q2" + t.text "documentation" t.string "external_extension_id" - t.bigint "course_id", null: false - t.bigint "assignment_id", null: false - t.bigint "user_id", null: false t.bigint "last_processed_by_user_id" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.text "reason" + t.datetime "requested_due_date" t.enum "status", default: "pending", null: false, enum_type: "request_status" - t.boolean "auto_approved", default: false, null: false + t.datetime "updated_at", null: false + t.bigint "user_id", null: false t.index ["assignment_id"], name: "index_requests_on_assignment_id" t.index ["auto_approved"], name: "index_requests_on_auto_approved" t.index ["course_id"], name: "index_requests_on_course_id" @@ -206,25 +204,25 @@ end create_table "user_to_courses", force: :cascade do |t| - t.bigint "user_id" + t.boolean "allow_extended_requests", default: false, null: false t.bigint "course_id" - t.string "role" t.datetime "created_at", null: false - t.datetime "updated_at", null: false t.boolean "removed", default: false, null: false - t.boolean "allow_extended_requests", default: false, null: false + t.string "role" + t.datetime "updated_at", null: false + t.bigint "user_id" t.index ["course_id"], name: "index_user_to_courses_on_course_id" t.index ["user_id"], name: "index_user_to_courses_on_user_id" end create_table "users", force: :cascade do |t| - t.string "email" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false + t.boolean "admin", default: false t.string "canvas_uid" + t.datetime "created_at", null: false + t.string "email" t.string "name" t.string "student_id" - t.boolean "admin", default: false + t.datetime "updated_at", null: false t.index ["canvas_uid"], name: "index_users_on_canvas_uid", unique: true t.index ["email"], name: "index_users_on_email", unique: true end diff --git a/public/400.html b/public/400.html new file mode 100644 index 00000000..640de033 --- /dev/null +++ b/public/400.html @@ -0,0 +1,135 @@ + + + + + + + The server cannot process the request due to a client error (400 Bad Request) + + + + + + + + + + + + + +
+
+ +
+
+

The server cannot process the request due to a client error. Please check the request and try again. If you're the application owner check the logs for more information.

+
+
+ + + + diff --git a/public/404.html b/public/404.html index 2be3af26..d7f0f142 100644 --- a/public/404.html +++ b/public/404.html @@ -1,67 +1,135 @@ - - - - The page you were looking for doesn't exist (404) - - - - - - -
-
-

The page you were looking for doesn't exist.

-

You may have mistyped the address or the page may have moved.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + The page you were looking for doesn't exist (404 Not found) + + + + + + + + + + + + + +
+
+ +
+
+

The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. If you're the application owner check the logs for more information.

+
+
+ + + diff --git a/public/406-unsupported-browser.html b/public/406-unsupported-browser.html index 7cf1e168..43d2811e 100644 --- a/public/406-unsupported-browser.html +++ b/public/406-unsupported-browser.html @@ -1,66 +1,135 @@ - - - - Your browser is not supported (406) - - - - - - -
-
-

Your browser is not supported.

-

Please upgrade your browser to continue.

-
-
- + + + + + + + Your browser is not supported (406 Not Acceptable) + + + + + + + + + + + + + +
+
+ +
+
+

Your browser is not supported.
Please upgrade your browser to continue.

+
+
+ + + diff --git a/public/422.html b/public/422.html index c08eac0d..f12fb4aa 100644 --- a/public/422.html +++ b/public/422.html @@ -1,67 +1,135 @@ - - - - The change you wanted was rejected (422) - - - - - - -
-
-

The change you wanted was rejected.

-

Maybe you tried to change something you didn't have access to.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + The change you wanted was rejected (422 Unprocessable Entity) + + + + + + + + + + + + + +
+
+ +
+
+

The change you wanted was rejected. Maybe you tried to change something you didn't have access to. If you're the application owner check the logs for more information.

+
+
+ + + diff --git a/public/500.html b/public/500.html index 78a030af..e4eb18a7 100644 --- a/public/500.html +++ b/public/500.html @@ -1,66 +1,135 @@ - - - - We're sorry, but something went wrong (500) - - - - - - -
-
-

We're sorry, but something went wrong.

-
-

If you are the application owner check the logs for more information.

-
- + + + + + + + We're sorry, but something went wrong (500 Internal Server Error) + + + + + + + + + + + + + +
+
+ +
+
+

We're sorry, but something went wrong.
If you're the application owner check the logs for more information.

+
+
+ + + diff --git a/public/icon.png b/public/icon.png index f3b5abcb..c4c9dbfb 100644 Binary files a/public/icon.png and b/public/icon.png differ diff --git a/public/icon.svg b/public/icon.svg index 78307ccd..04b34bf8 100644 --- a/public/icon.svg +++ b/public/icon.svg @@ -1,3 +1,3 @@ - - + + diff --git a/spec/controllers/api/v1/assignments_controller_spec.rb b/spec/controllers/api/v1/assignments_controller_spec.rb index 58a0f11e..a55ffdc0 100644 --- a/spec/controllers/api/v1/assignments_controller_spec.rb +++ b/spec/controllers/api/v1/assignments_controller_spec.rb @@ -42,7 +42,7 @@ def json_response it 'returns status :bad_request when name is missing' do post :create, params: valid_params.except(:name) expect(response).to have_http_status(:bad_request) - expect(json_response['error']).to include('param is missing or the value is empty: name') + expect(json_response['error']).to include('param is missing or the value is empty') end end diff --git a/spec/controllers/api/v1/lmss_controller_spec.rb b/spec/controllers/api/v1/lmss_controller_spec.rb index f662384d..4308002b 100644 --- a/spec/controllers/api/v1/lmss_controller_spec.rb +++ b/spec/controllers/api/v1/lmss_controller_spec.rb @@ -29,7 +29,7 @@ def json_response it 'returns status :bad_request' do post :create, params: { course_id: @course.id, external_course_id: @external_course_id } expect(response).to have_http_status(:bad_request) - expect(response.body).to include('param is missing or the value is empty: lms_id') + expect(response.body).to include('param is missing or the value is empty') end end diff --git a/spec/controllers/requests_controller_spec.rb b/spec/controllers/requests_controller_spec.rb index 723cac10..8ad29106 100644 --- a/spec/controllers/requests_controller_spec.rb +++ b/spec/controllers/requests_controller_spec.rb @@ -366,7 +366,7 @@ post :approve, params: { course_id: course.id, id: request.id }, format: :json payload = response.parsed_body - expect(response).to have_http_status(:unprocessable_entity) + expect(response).to have_http_status(:unprocessable_content) expect(payload['success']).to be(false) expect(payload['message']).to match(/failed/i) end @@ -409,7 +409,7 @@ post :reject, params: { course_id: course.id, id: request.id }, format: :json payload = response.parsed_body - expect(response).to have_http_status(:unprocessable_entity) + expect(response).to have_http_status(:unprocessable_content) expect(payload['success']).to be(false) expect(payload['message']).to match(/failed/i) end @@ -475,7 +475,7 @@ post :mass_approve, params: { course_id: course.id, request_ids: [] }, format: :json payload = response.parsed_body - expect(response).to have_http_status(:unprocessable_entity) + expect(response).to have_http_status(:unprocessable_content) expect(payload['success']).to be(false) expect(payload['message']).to match(/select at least one/i) end @@ -533,7 +533,7 @@ }, format: :json payload = response.parsed_body - expect(response).to have_http_status(:unprocessable_entity) + expect(response).to have_http_status(:unprocessable_content) expect(payload['success']).to be(false) expect(payload['message']).to match(/no pending requests/i) end diff --git a/spec/controllers/user_to_courses_controller_spec.rb b/spec/controllers/user_to_courses_controller_spec.rb index eaaa61e7..86c46750 100644 --- a/spec/controllers/user_to_courses_controller_spec.rb +++ b/spec/controllers/user_to_courses_controller_spec.rb @@ -46,7 +46,7 @@ expect(student_enrollment.reload.allow_extended_requests).to be false end - it 'returns unprocessable_entity when update fails' do + it 'returns unprocessable_content when update fails' do errors = ActiveModel::Errors.new(student_enrollment) errors.add(:base, 'Validation failed') allow_any_instance_of(UserToCourse).to receive(:update).and_return(false) @@ -58,7 +58,7 @@ allow_extended_requests: true } - expect(response).to have_http_status(:unprocessable_entity) + expect(response).to have_http_status(:unprocessable_content) expect(response.parsed_body['redirect_to']).to be_present end end