saeloun / plate Goto Github PK

Circle CI ready

• Add an Error page

• Add configuration for https://www.honeybadger.io/
• Setup and test with example account

• Add email preview
• Add email template

This version fixes some CVE's.

Example:
Remediation
Upgrade activesupport to version 6.0.3.1 or later. For example:

gem "activesupport", ">= 6.0.3.1"
Always verify the validity and compatibility of suggestions with your codebase.

Details
CVE-2020-8165
high severity
Vulnerable versions: >= 6.0.0, <= 6.0.3
Patched version: 6.0.3.1
In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when
untrusted user input is written to the cache store using the raw: true parameter, re-reading the result
from the cache can evaluate the user input as a Marshalled object instead of plain text. Vulnerable code looks like:

data = cache.fetch("demo", raw: true) { untrusted_string }
Impact
Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum,
this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.
In addition to upgrading to the latest versions of Rails, developers should ensure that whenever
they are calling Rails.cache.fetch they are using consistent values of the raw parameter for both
reading and writing, especially in the case of the RedisCacheStore which does not, prior to these changes,
detect if data was serialized using the raw option upon deserialization.

Workarounds
It is recommended that application developers apply the suggested patch or upgrade to the latest release as
soon as possible. If this is not possible, we recommend ensuring that all user-provided strings cached using
the raw argument should be double-checked to ensure that they conform to the expected format.

You can move the notification send after a contact is created to a job

SMTP configuration example

Make it Heroku deployable

Let's use https://github.com/thoughtbot/factory_bot

• Email template
• Admin dashboard

ActiveJob with Sidekiq

1. Figure out the dependencies and install them so that you are able to run the project on you local.(Ex. You will need to install PG and Redis)
2. Updated the read me and send a PR.

• Basic version
• Payments version
  E-Commerce:
• Add products listing
• Add products show page
• Add cart
• Buy and settings for Stripe
• Recurring payments(Future)

Issue:
On committing the changes to the branch, the following error is observed

husky > pre-commit (node v10.15.3)
  ↓ Stashing changes... [skipped]
    → No partially staged files found...
  ❯ Running linters...
    ↓ Running tasks for app/**/*.{js.jsx,js,es6,jsx,scss,css} [skipped]
      → No staged files match app/**/*.{js.jsx,js,es6,jsx,scss,css}
    ❯ Running tasks for {app,test,features,lib}/**/*.{rb,rake,jbuilder}
      ✖ bundle exec rubocop -a
        git add

✖ bundle exec rubocop -a found some errors. Please fix them and try committing again.

Bundler 2 requires Ruby 2.3 or later. Either install bundler 1 or update to a supported Ruby version.
husky > pre-commit hook failed (add --no-verify to bypass)

Context
When parallelize(workers: :number_of_processors) is added in test_hepler.rb and we execute rake, the test coverage report for SimpleCov show incorrect results.

When this line is commented out the coverage report is correct.

I also tried SimpleCov Parallel gem but this too shows an incorrect result.

The service_name attribute is missing in active_storage_blobs. So when we are trying to attach a file to active storage, it will raise this error.

• Show Users

Takes to devise user edit page and allows user to upload image, etc.

https://monosnap.com/file/i7bxhe0R6v3BjYgLTY2vMB1kNrmfvy

@vipulnsward _A

asking because
the link in README: http://railstemplate.herokuapp.com/
doesn't work any more.

https://devcenter.heroku.com/articles/review-apps-new#configuration

• Setup bootstrap
• Light mode: https://demos.creative-tim.com/argon-design-system/index.html
• Dark mode: https://demos.creative-tim.com/blk-design-system/index.html

• Templates for Analytics