Workarea 3.3.4
Patch release notes for Workarea 3.3.4.
Bump Puma To Latest Minor Version
This helps fix local networking issues with Docker setups, but there are more features that might tickle your fancy.
Issues
Commits
Depend on workarea-ci
Workarea now depends on a new library, workarea-ci, designed to support CI-based builds of the Workarea application. Within it, you'll find prescribed scripts that run each component of the Workarea core platform, as well as facilities for running your own apps in this manner. Separated by script file, each component's tests are now executable in parallel on CI, in a repeatable and battle-tested way.
Issues
Pull Requests
Commits
Allow Mongoid To Specify Mongo Driver Dependency
This was originally committed to fix an issue with the Ruby driver, which was since resolved upstream. Removing this dependency specification allows Mongoid to dictate its Mongo driver version, and benefits the platform by ensuring that Workarea apps are always as up-to-date as it can be when communicating with the database.
Issues
Pull Requests
Commits
Allow Decimal Values in Range Field Number Input
Range number fields in content editor forms need the step
attribute to
be set in order to allow their values to be set to a floating-point or
non-Integer. Ensures that input for this field will not exceed what the
range specifies, and allows decimal values as the input.
Issues
Pull Requests
Commits
Specify Product Image Path Options Explicitly
Rather than allow Rails to infer them, specify product_image_path
options explicitly in its implementation, specifically the call to
mounted_core.dynamic_product_image_path
. This helper can raise errors
at random times due to a difference in the attributes based on whether
Rails can or cannot infer their values, so it's less error-prone to
specify these parameters explicitly in the helper definition.
Discovered by Greg Harnly.
Issues
Pull Requests
Commits
Keep Payment Profile Email Address and Order Email Address Consistent
Payment profile email addresses should always be the same value as the order email during the checkout process. However, in guest checkout it's possible to bring these values out-of-sync by changing your email when a payment profile has already been created for the order. This change ensures that Workarea finds payment profiles by reference number and email, and if not, creates a new record. This ensures that a new payment profile record is created for each change to the email on an order, and both fixes the issue for guests as well as prevents against profile takeover of registered users (or existing users in the system).
Issues
Pull Requests
Commits
- 59d81c24c1316acf9036dfaa28d3dbd362ce8db4
- 804bd9f7ede6fac8de2875e52cdcf94106b1ea75
- 2b0d8d702028d8b8efa731c7381c4f034e4a1393
- 2635595a5eacef1f55001cb481f8fb59a205add9
Protect "Contact Us", Email Signup, and Forgot Password Forms from Denial-of-Service Attacks
Forms on the /contact
, /email_signup
, and /forgot_password
pages
were open to Denial of Service attacks since they had no way of
throttling requests sent to those pages. Workarea now mitigates the
impact spammers might have on the resources of your application by
adding a Rack::Attack
rule for POST requests to the above routes,
based on IP and/or email address. This also prevents Workarea from
needing to depend on CAPTCHA even further to prevent automated clients
from using the form.
Issues
Pull Requests
Commits
Remove Transactional Email Content Nesting
Due to content blocks being able to define their own HTML markup, wrapping their containing elements in a different containing element caused visual problems in some email templates. This change pulls the content block out of the nested HTML tag and lets it define its own markup.
Issues
Pull Requests
Commits
Fix Session Access in Cache Varies Configuration
Upon release of this feature, accessing the session
hash within the
Cache::Varies.on { ... }
configuration caused an error due to a
missing rack.session.options
value. Since the feature depends on our
use of ActionDispatch::Session::CookieStore
, Workarea now throws an
error when a different store as in use, such as a NullStore
in
testing.
Issues
Pull Requests
Commits
Fix Spelling Error In Scroll To Buttons Configuration
Although Workarea probably has the "offest" offsets of any eCommerce product,
the incorrect spelling of the WORKAREA.config.scrollToButtons.topOffset
configuration caused problems in the WORKAREA.scrollToButtons
module. The
spelling of this configuration setting has been fixed, so it can be useful in
projects going forward.
Solved by Lucas Boyd.
Issues
Pull Requests
Commits
Explicitly Require Dragonfly's S3 Data Store
Since Workarea depends on Dragonfly's S3 Data Store, ensure that it's required in Ruby before applying S3 configuration upon app initialization.
Issues
Commits
Fix Regular Expression In Pattern For Details/Filters
Product filters were not editable in the workflow because the regex we added in did not work properly. This fixes the regex by removing the modifier and slashes for the "type" field.
Issues
Pull Requests
Commits
Fix Indicator of Selected Category in Secondary Navigation
Fragment cache keys for a menu of taxons did not originally include the ID of the selected taxon in the key, resulting in the page appearing like the link was never selected. Workarea now avoids this problem by including the selected taxon's ID in the fragment cache key for the menu.
Issues
Pull Requests
Commits
Add Docker Generator
Generates Dockerfile
, docker-compose.yml
, and other associated
configuration files for running Workarea applications (and dependent
services) in local Docker containers. The generator also whitelists the
web_console
ports so developers can get a debugger console at any
breakpoint in their application.
Issues
Pull Requests
Commits
- 492fa6d9c5b7c92e69320011ef2b0f0ad913a7b7
- d182d05ea36af235892c0aa056e884abe3a6112a
- 62bc5147268df68963b77532b528328e0da5e91c
- b7c82b2bc3631cab966566dac5285b173b451ce4
Change Regions In Address Region Select Field, Regardless Of Dom Structure Changes
Update the resetSelectUI()
function in WORKAREA.addressRegionFields
to query for the region <select>
field in order to change its
contents. Previously, the order in which the order that DOM elements
were laid out on the page mattered, and a bug was discovered when the
two elements reversed position on the page layout. Now, the $regionField
from within the local .address-fields
element is selected, improving
reliability and robustness in the JS code.