Workarea 3.3.4

Patch release notes for Workarea 3.3.4.

Bump Puma To Latest Minor Version

This helps fix local networking issues with Docker setups, but there are more features that might tickle your fancy.

Read all about it!

Issues

Commits

Depend on workarea-ci

Workarea now depends on a new library, workarea-ci, designed to support CI-based builds of the Workarea application. Within it, you'll find prescribed scripts that run each component of the Workarea core platform, as well as facilities for running your own apps in this manner. Separated by script file, each component's tests are now executable in parallel on CI, in a repeatable and battle-tested way.

Issues

Pull Requests

Commits

Allow Mongoid To Specify Mongo Driver Dependency

This was originally committed to fix an issue with the Ruby driver, which was since resolved upstream. Removing this dependency specification allows Mongoid to dictate its Mongo driver version, and benefits the platform by ensuring that Workarea apps are always as up-to-date as it can be when communicating with the database.

Issues

Pull Requests

Commits

Allow Decimal Values in Range Field Number Input

Range number fields in content editor forms need the step attribute to be set in order to allow their values to be set to a floating-point or non-Integer. Ensures that input for this field will not exceed what the range specifies, and allows decimal values as the input.

Issues

Pull Requests

Commits

Specify Product Image Path Options Explicitly

Rather than allow Rails to infer them, specify product_image_path options explicitly in its implementation, specifically the call to mounted_core.dynamic_product_image_path. This helper can raise errors at random times due to a difference in the attributes based on whether Rails can or cannot infer their values, so it's less error-prone to specify these parameters explicitly in the helper definition.

Discovered by Greg Harnly.

Issues

Pull Requests

Commits

Keep Payment Profile Email Address and Order Email Address Consistent

Payment profile email addresses should always be the same value as the order email during the checkout process. However, in guest checkout it's possible to bring these values out-of-sync by changing your email when a payment profile has already been created for the order. This change ensures that Workarea finds payment profiles by reference number and email, and if not, creates a new record. This ensures that a new payment profile record is created for each change to the email on an order, and both fixes the issue for guests as well as prevents against profile takeover of registered users (or existing users in the system).

Issues

Pull Requests

Commits

Protect "Contact Us", Email Signup, and Forgot Password Forms from Denial-of-Service Attacks

Forms on the /contact, /email_signup, and /forgot_password pages were open to Denial of Service attacks since they had no way of throttling requests sent to those pages. Workarea now mitigates the impact spammers might have on the resources of your application by adding a Rack::Attack rule for POST requests to the above routes, based on IP and/or email address. This also prevents Workarea from needing to depend on CAPTCHA even further to prevent automated clients from using the form.

Issues

Pull Requests

Commits

Remove Transactional Email Content Nesting

Due to content blocks being able to define their own HTML markup, wrapping their containing elements in a different containing element caused visual problems in some email templates. This change pulls the content block out of the nested HTML tag and lets it define its own markup.

Issues

Pull Requests

Commits

Fix Session Access in Cache Varies Configuration

Upon release of this feature, accessing the session hash within the Cache::Varies.on { ... } configuration caused an error due to a missing rack.session.options value. Since the feature depends on our use of ActionDispatch::Session::CookieStore, Workarea now throws an error when a different store as in use, such as a NullStore in testing.

Issues

Pull Requests

Commits

Fix Spelling Error In Scroll To Buttons Configuration

Although Workarea probably has the "offest" offsets of any eCommerce product, the incorrect spelling of the WORKAREA.config.scrollToButtons.topOffset configuration caused problems in the WORKAREA.scrollToButtons module. The spelling of this configuration setting has been fixed, so it can be useful in projects going forward.

Solved by Lucas Boyd.

Issues

Pull Requests

Commits

Explicitly Require Dragonfly's S3 Data Store

Since Workarea depends on Dragonfly's S3 Data Store, ensure that it's required in Ruby before applying S3 configuration upon app initialization.

Issues

Commits

Fix Regular Expression In Pattern For Details/Filters

Product filters were not editable in the workflow because the regex we added in did not work properly. This fixes the regex by removing the modifier and slashes for the "type" field.

Issues

Pull Requests

Commits

Fix Indicator of Selected Category in Secondary Navigation

Fragment cache keys for a menu of taxons did not originally include the ID of the selected taxon in the key, resulting in the page appearing like the link was never selected. Workarea now avoids this problem by including the selected taxon's ID in the fragment cache key for the menu.

Issues

Pull Requests

Commits

Add Docker Generator

Generates Dockerfile, docker-compose.yml, and other associated configuration files for running Workarea applications (and dependent services) in local Docker containers. The generator also whitelists the web_console ports so developers can get a debugger console at any breakpoint in their application.

Issues

Pull Requests

Commits

Change Regions In Address Region Select Field, Regardless Of Dom Structure Changes

Update the resetSelectUI() function in WORKAREA.addressRegionFields to query for the region <select> field in order to change its contents. Previously, the order in which the order that DOM elements were laid out on the page mattered, and a bug was discovered when the two elements reversed position on the page layout. Now, the $regionField from within the local .address-fields element is selected, improving reliability and robustness in the JS code.

Issues

Pull Requests

Commits