Merge branch 'v3.0.0' into devel

Author: arnaudbesnier

CHANGELOG.md

@@ -2,6 +2,89 @@
 
 ## [Unreleased]
 
+## RELEASE 3.0.0-beta.18 - 2019-04-10
+### Fixed
+- Search - Enable PostgreSQL's CITEXT fields in search.
+
+## RELEASE 3.0.0-beta.17 - 2019-04-04
+### Changed
+- Error Handling - Display an explicit error message if the envSecret is detected as missing or unknown during data a API request.
+
+## RELEASE 3.0.0-beta.16 - 2019-03-29
+### Fixed
+- Security - Fix implementation of session token passed in headers while downloading collections records.
+
+## RELEASE 3.0.0-beta.15 - 2019-03-27
+### Changed
+- Security - Do not pass session token in query params while downloading collections records.
+
+## RELEASE 3.0.0-beta.14 - 2019-03-01
+### Fixed
+- Records Display - Restrict record data serialization based the schema collection fields in the #create and #update actions.
+
+## RELEASE 3.0.0-beta.13 - 2019-02-28
+### Fixed
+- Records Display - Restrict record data serialization based the schema collection fields in the #show action.
+
+## RELEASE 3.0.0-beta.12 - 2019-02-28
+### Fixed
+- Records Display - Ensure that the data is properly sent even if an attribute serialization happens for an unknown reason.
+
+## RELEASE 3.0.0-beta.11 - 2019-02-27
+### Fixed
+- Filters - Fix resources display if filtered with associations conditions with the related columns hidden in the list. 🛡
+
+## RELEASE 3.0.0-beta.10 - 2019-02-26
+### Fixed
+- Schema - Ensure that unhandled field types are not defined anymore in collections schemas. 🛡
+
+## RELEASE 3.0.0-beta.9 - 2019-02-25
+### Fixed
+- Charts - Fix Value charts having filters on associations targeting a collection having with a custom table name. 🛡
+- Charts - Fix Value charts having filters on associations targeting a collection associated through multiple `belongs_to` association to the current resource. 🛡
+
+## RELEASE 3.0.0-beta.8 - 2019-02-20
+### Fixed
+- Export - Fix broken export action. [Regression introduced in 3.0.0-beta.7]
+
+## RELEASE 3.0.0-beta.7 - 2019-02-06
+### Fixed
+- Filters - Fix association filtering on collections having several associations targeting the same table.
+
+## RELEASE 3.0.0-beta.6 - 2019-02-01
+### Added
+- Charts - Users can create "Leaderboard" charts.
+- Charts - Users can create "Objective" charts.
+- Technical - Add a new apimap property "relationship".
+
+## RELEASE 3.0.0-beta.5 - 2019-01-30
+### Fixed
+- Validations - Remove badly set validations on Array fields.
+
+## RELEASE 3.0.0-beta.4 - 2019-01-30
+### Fixed
+- Schema - Fix empty validations set in the schema file.
+
+## RELEASE 3.0.0-beta.3 - 2019-01-30
+### Fixed
+- Build - Fix liana version set in the `.forestadmin-schema.json` meta.
+
+## RELEASE 3.0.0-beta.2 - 2019-01-30
+### Fixed
+- Build - Fix liana version set in the `.forestadmin-schema.json` meta.
+
+## RELEASE 3.0.0-beta.1 - 2019-01-30
+### Fixed
+- Build - Fix regressions in the build script.
+
+## RELEASE 3.0.0-beta.0 - 2019-01-30
+### Added
+- Developer Experience - On start, create a `.forestadmin-schema.json` file that contains the schema definition.
+- Developer Experience - On production, load `.forestadmin-schema.json` for schema update.
+
+### Changed
+- Schema - Developers can deactivate the automatic schema sending on server start (using `FOREST_DISABLE_AUTO_SCHEMA_APPLY` environment variable, deprecating `FOREST_DEACTIVATE_AUTOMATIC_APIMAP`).
+
 ## RELEASE 2.15.8 - 2019-03-01
 ### Fixed
 - Records Display - Restrict record data serialization based the schema collection fields in the #create and #update actions.

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    forest_liana (2.15.8)
+    forest_liana (3.0.0.pre.beta.18)
       arel-helpers
       base32
       bcrypt

app/controllers/forest_liana/application_controller.rb

@@ -3,6 +3,8 @@
 
 module ForestLiana
   class ApplicationController < ForestLiana::BaseController
+    REGEX_COOKIE_SESSION_TOKEN = /forest_session_token=([^;]*)/;
+
     def self.papertrail?
       Object.const_get('PaperTrail::Version').is_a?(Class) rescue false
     end
@@ -56,11 +58,13 @@ def serialize_models(records, options = {}, fields_searched = [])
 
     def authenticate_user_from_jwt
       begin
-        if request.headers['Authorization'] || params['sessionToken']
+        if request.headers
           if request.headers['Authorization']
             token = request.headers['Authorization'].split.second
-          else
-            token = params['sessionToken']
+          # NOTICE: Necessary for downloads authentication.
+          elsif request.headers['cookie']
+            match = REGEX_COOKIE_SESSION_TOKEN.match(request.headers['cookie'])
+            token = match[1] if match && match[1]
           end
 
           @jwt_decoded_token = JWT.decode(token, ForestLiana.auth_secret, true,

app/controllers/forest_liana/base_controller.rb

@@ -20,7 +20,6 @@ def reject_unauthorized_ip
           end
         end
       rescue ForestLiana::Errors::ExpectedError => exception
-        exception.display_error
         error_data = JSONAPI::Serializer.serialize_errors([{
           status: exception.error_code,
           detail: exception.message

app/controllers/forest_liana/sessions_controller.rb

@@ -82,6 +82,10 @@ def process_login(
 
         render(serializer: nil, json: nil, status: :internal_server_error)
       else
+        # NOTICE: Set a cookie to ensure secure authentication using export feature.
+        # NOTICE: The token is empty at first authentication step if the 2FA option is active.
+        response.set_cookie("forest_session_token", reponse_data[:token]) if reponse_data[:token]
+
         render(json: reponse_data, serializer: nil)
       end
     end

app/models/forest_liana/model/action.rb

@@ -4,14 +4,68 @@ class ForestLiana::Model::Action
   include ActiveModel::Serialization
   extend ActiveModel::Naming
 
-  # TODO: Remove :global option when we remove the deprecation warning.
-  attr_accessor :id, :name, :endpoint, :http_method, :fields, :redirect,
-    :global, :type, :download
+  attr_accessor :id, :name, :base_url, :endpoint, :http_method, :fields, :redirect,
+    :type, :download
 
   def initialize(attributes = {})
+    if attributes.key?(:global)
+      FOREST_LOGGER.error "REMOVED OPTION: The support for Smart Action \"global\" option is now " \
+        "removed. Please set \"type: 'global'\" instead of \"global: true\" for the " \
+        "\"#{attributes[:name]}\" Smart Action."
+    end
+
+
+    if attributes.key?(:type) && !['bulk', 'global', 'single'].include?(attributes[:type])
+      FOREST_LOGGER.warn "Please set a valid Smart Action type (\"bulk\", \"global\" or " \
+        "\"single\") for the \"#{attributes[:name]}\" Smart Action."
+    end
+
     attributes.each do |name, value|
       send("#{name}=", value)
     end
+
+    @fields ||= []
+
+    has_fields_without_name = false
+
+    @fields.delete_if do |field|
+      if field.key?(:field)
+        false
+      else
+        has_fields_without_name = true
+        true
+      end
+    end
+
+    @fields.map! do |field|
+      if field.key?(:isRequired)
+        FOREST_LOGGER.warn "DEPRECATION WARNING: isRequired on field \"#{field[:field]}\" is deprecated. Please use is_required."
+        field[:is_required] = !!field[:isRequired]
+        field.delete(:isRequired)
+      end
+
+      field[:type] = "String" unless field.key?(:type)
+      field[:default_value] = nil unless field.key?(:default_value)
+      field[:enums] = nil unless field.key?(:enums)
+      field[:is_required] = false unless field.key?(:is_required)
+      field[:reference] = nil unless field.key?(:reference)
+      field[:description] = nil unless field.key?(:description)
+      field[:widget] = nil unless field.key?(:widget)
+      field
+    end
+
+    if has_fields_without_name
+      FOREST_LOGGER.warn "Please set a name to all your \"#{@name}\" Smart Action fields " \
+        "(Smart Actions fields without name are ignored)."
+    end
+
+    dasherized_name = @name.downcase.gsub!(" ", "-") unless @name.nil?
+    @endpoint ||= "forest/actions/#{dasherized_name}" unless dasherized_name.nil?
+    @http_method ||= "POST"
+    @redirect ||= nil
+    @base_url ||= nil
+    @type ||= "bulk"
+    @download ||= false
   end
 
   def persisted?

app/models/forest_liana/model/collection.rb

@@ -5,21 +5,49 @@ class ForestLiana::Model::Collection
   extend ActiveModel::Naming
 
   attr_accessor :name, :fields, :actions, :segments, :only_for_relationships,
-    :is_virtual, :is_read_only, :is_searchable, :display_name, :icon,
+    :is_virtual, :is_read_only, :is_searchable, :icon,
     :integration, :pagination_type, :search_fields,
     # TODO: Remove once lianas prior to 2.0.0 are not supported anymore.
     :name_old
 
   def initialize(attributes = {})
-    @actions = []
-    @segments = []
-    @is_searchable = true
-    @is_read_only = false
-    @search_fields = nil
-
     attributes.each do |name, value|
       send("#{name}=", value)
     end
+
+    init_properties_with_default
+  end
+
+  def init_properties_with_default
+    @name_old ||= @name
+    @is_virtual ||= false
+    @icon ||= nil
+    @is_read_only ||= false
+    @is_searchable = true if @is_searchable.nil?
+    @only_for_relationships ||= false
+    @pagination_type ||= "page"
+    @search_fields ||= nil
+    @fields ||= []
+    @actions ||= []
+    @segments ||= []
+
+    @fields = @fields.map do |field|
+      field[:type] = "String" unless field.key?(:type)
+      field[:default_value] = nil unless field.key?(:default_value)
+      field[:enums] = nil unless field.key?(:enums)
+      field[:integration] = nil unless field.key?(:integration)
+      field[:is_filterable] = true unless field.key?(:is_filterable)
+      field[:is_read_only] = false unless field.key?(:is_read_only)
+      field[:is_required] = false unless field.key?(:is_required)
+      field[:is_sortable] = true unless field.key?(:is_sortable)
+      field[:is_virtual] = false unless field.key?(:is_virtual)
+      field[:reference] = nil unless field.key?(:reference)
+      field[:inverse_of] = nil unless field.key?(:inverse_of)
+      field[:relationship] = nil unless field.key?(:relationship)
+      field[:widget] = nil unless field.key?(:widget)
+      field[:validations] = nil unless field.key?(:validations)
+      field
+    end
   end
 
   def persisted?
@@ -32,13 +60,13 @@ def id
 
   def fields_smart_belongs_to
     fields.select do |field|
-      field[:'is-virtual'] && field[:type] == 'String' && !field[:reference].nil?
+      field[:'is_virtual'] && field[:type] == 'String' && !field[:reference].nil?
     end
   end
 
   def string_smart_fields_names
     fields
-      .select { |field| field[:'is-virtual'] && field[:type] == 'String' }
+      .select { |field| field[:'is_virtual'] && field[:type] == 'String' }
       .map { |field| field[:field].to_s }
   end
 end

app/models/forest_liana/model/segment.rb

@@ -10,7 +10,7 @@ def initialize(attributes = {}, &block)
     attributes.each do |name, value|
       send("#{name}=", value)
     end
-    
+
     @where = block if block
   end