diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0c772a1ab..8f8805e7d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,40 @@
+## VERSION 2.8.0
+
+Version 2.8 contains important security updates and the following new featuers:
+
+- NEW It is now possible create users one at a time, with or without inviting them.
+- NEW When creating tickets by API, you can now specify the CC and BCC for the new ticket.
+- NEW A new API for viewing and editing taggings has been added (thanks @schmidt)
+- NEW A honeypot (anti spam) feature was added to the new ticket form (thanks @schmidt)
+- CHANGE Assigning an agent no longer automatically marks the ticket as "pending".
+- CHANGE The whitelist of allowable file attachments has been significantly changed and made more flexible (see upgrade notes below).
+- FIX A bug was fixed that displays the proper error message when a non supported file attachment is made in the web UI
+- FIX #1576 The right menu no longer gets stuck open when turbolinks is enabled
+- FIX #1581 Radio buttons are now properly aligned in the mobile responsive view of the Singular theme
+
+IMPORTANT UPGRADE NOTES:
+
+This release of Helpy includes a change to the way file attachments are handled. Previous
+versions used a default "whitelist" of file types where were allowed and was generally limited to
+the most common image and doc foramts.
+
+This version adds configuration settings which can be modified by API that allow you to set your own
+whitelist of filetypes which should be allowed, or a blacklist of filetypes that should be rejected. In
+addition, the default whitelist has been removed, and Helpy now ships with a short blacklist of files that could be
+considered "risky." Files with these extensions are blacklisted by default:
+
+```
+ade, adp, apk, appx, appxbundle, bat, cab, chm, cmd, com, cpl, dll, dmg, exe, hta, ins, isp, iso, jar, js, jse, lib,
+lnk, mde, msc, msi, msix, msixbundle, msp, mst, nsh, pif, ps1, scr, sct, .shb, sys, vb, vbe, vbs, vxd, wsc, wsf, wsh
+```
+
+NOTE: Do not provide values for both blacklist and whitelist, as they will conflict and it will be impossible for
+customers to attach files.
+
+
## VERSION 2.7.0
-The 2.7 release of Helpy is here, with several great new features to help you b etter provide great customer support.
+The 2.7 release of Helpy is here, with several great new features to help you better provide great customer support.
New Features:
diff --git a/Gemfile b/Gemfile
index 2d20ba5f1..9a998415a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -170,6 +170,8 @@ group :development, :test do
gem 'scss-lint'
gem 'awesome_print'
gem 'rb-readline'
+ gem 'capybara'
+
end
gem 'bulk_insert'
@@ -194,10 +196,10 @@ group :test do
gem 'shoulda', '3.5' # Required for minitest
gem 'shoulda-matchers', '~> 2.0' # Required for minitest
gem 'factory_bot_rails'
- gem 'capybara', '< 3.0'
+ gem 'webdrivers'
gem 'capybara-email'
- gem 'selenium-webdriver'
- gem 'chromedriver-helper'
+ gem 'selenium-webdriver', '3.141.0'
+ # gem 'chromedriver-helper'
gem 'launchy'
gem "codeclimate-test-reporter",require: nil
gem 'simplecov', :require => false
diff --git a/Gemfile.lock b/Gemfile.lock
index 6f8140709..fd96eb19f 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -65,8 +65,6 @@ GEM
activerecord (>= 3.2, < 7.0)
rake (>= 10.4, < 14.0)
ansi (1.5.0)
- archive-zip (0.12.0)
- io-like (~> 0.3.0)
arel (6.0.4)
ast (2.4.0)
attachinary (1.3.1)
@@ -100,13 +98,13 @@ GEM
bundler (>= 1.2.0, < 3)
thor (~> 0.18)
byebug (10.0.2)
- capybara (2.18.0)
+ capybara (3.9.0)
addressable
mini_mime (>= 0.1.3)
- nokogiri (>= 1.3.3)
- rack (>= 1.0.0)
- rack-test (>= 0.5.4)
- xpath (>= 2.0, < 4.0)
+ nokogiri (~> 1.8)
+ rack (>= 1.6.0)
+ rack-test (>= 0.6.3)
+ xpath (~> 3.1)
capybara-email (3.0.1)
capybara (>= 2.4, < 4.0)
mail
@@ -117,10 +115,8 @@ GEM
celluloid (0.16.0)
timers (~> 4.0.0)
chartkick (3.3.1)
- childprocess (3.0.0)
- chromedriver-helper (2.1.1)
- archive-zip (~> 0.10)
- nokogiri (~> 1.8)
+ childprocess (0.9.0)
+ ffi (~> 1.0, >= 1.0.11)
client_side_validations (4.2.12)
jquery-rails (>= 3.1.2, < 5.0.0)
js_regex (~> 1.0, >= 1.0.19)
@@ -301,7 +297,6 @@ GEM
inky-rb (1.3.7.5)
foundation_emails (~> 2)
nokogiri
- io-like (0.3.1)
ipaddress (0.8.3)
jaro_winkler (1.5.4)
jbuilder (2.9.1)
@@ -534,7 +529,7 @@ GEM
unicode-display_width (>= 1.4.0, < 1.7)
ruby-progressbar (1.10.1)
ruby2_keywords (0.0.2)
- rubyzip (2.2.0)
+ rubyzip (1.3.0)
sass (3.4.25)
sass-rails (5.0.7)
railties (>= 4.0.0, < 6)
@@ -552,9 +547,9 @@ GEM
sdoc (1.0.0)
rdoc (>= 5.0)
selectize-rails (0.12.6)
- selenium-webdriver (3.142.7)
- childprocess (>= 0.5, < 4.0)
- rubyzip (>= 1.2.2)
+ selenium-webdriver (3.141.0)
+ childprocess (~> 0.5)
+ rubyzip (~> 1.2, >= 1.2.2)
shoulda (3.5.0)
shoulda-context (~> 1.0, >= 1.0.1)
shoulda-matchers (>= 1.4.1, < 3.0)
@@ -617,6 +612,10 @@ GEM
activemodel (>= 4.2)
debug_inspector
railties (>= 4.2)
+ webdrivers (4.2.0)
+ nokogiri (~> 1.6)
+ rubyzip (>= 1.3.0)
+ selenium-webdriver (>= 3.0, < 4.0)
xpath (3.2.0)
nokogiri (~> 1.8)
@@ -640,11 +639,10 @@ DEPENDENCIES
bulk_insert
bundler-audit
byebug
- capybara (< 3.0)
+ capybara
capybara-email
carrierwave (~> 1.3.1)
chartkick
- chromedriver-helper
client_side_validations
client_side_validations-simple_form
cloudinary (= 1.1.7)
@@ -731,7 +729,7 @@ DEPENDENCIES
scss-lint
sdoc (~> 1.0.0)
selectize-rails
- selenium-webdriver
+ selenium-webdriver (= 3.141.0)
shoulda (= 3.5)
shoulda-matchers (~> 2.0)
simple_form
@@ -749,6 +747,7 @@ DEPENDENCIES
uglifier (>= 1.3.0)
unicorn
web-console (~> 3.3)
+ webdrivers
RUBY VERSION
ruby 2.4.1p111
diff --git a/app/models/topic.rb b/app/models/topic.rb
index 28dbb4c3b..ef20e048e 100644
--- a/app/models/topic.rb
+++ b/app/models/topic.rb
@@ -152,13 +152,14 @@ def self.bulk_trash(post_attributes)
def assign(user_id=2, assigned_to)
self.posts.create(body: I18n.t(:assigned_message, assigned_to: User.find(assigned_to).name), kind: 'note', user_id: user_id)
self.assigned_user_id = assigned_to
- self.current_status = 'pending'
+ # self.current_status = 'pending'
self.save
end
def self.bulk_agent_assign(post_attributes, assigned_to)
Post.bulk_insert values: post_attributes
- self.update_all(assigned_user_id: assigned_to, current_status: 'pending')
+ #self.update_all(assigned_user_id: assigned_to, current_status: 'pending')
+ self.update_all(assigned_user_id: assigned_to)
end
def self.bulk_group_assign(post_attributes, assigned_group)
diff --git a/app/themes/flat/views/layouts/flat.html.erb b/app/themes/flat/views/layouts/flat.html.erb
index 96793ff6c..3c9dbbf75 100644
--- a/app/themes/flat/views/layouts/flat.html.erb
+++ b/app/themes/flat/views/layouts/flat.html.erb
@@ -119,6 +119,11 @@ $('#right-menu').sidr({
$('ul.nav').off().on('click', function(){
$.sidr('close', 'nav');
});
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+ $.sidr('close', 'nav');
+});
<%= "".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
<%= "#{AppSettings['design.footer_js']}".html_safe %>
diff --git a/app/themes/light/views/layouts/light.html.erb b/app/themes/light/views/layouts/light.html.erb
index 272588a26..0722a37f3 100644
--- a/app/themes/light/views/layouts/light.html.erb
+++ b/app/themes/light/views/layouts/light.html.erb
@@ -115,6 +115,11 @@ $('#right-menu').sidr({
}
});
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+ $.sidr('close', 'nav');
+});
+
// Close menu on click
$('ul.nav').off().on('click', function(){
$.sidr('close', 'nav');
diff --git a/app/themes/nordic/views/layouts/nordic.html.erb b/app/themes/nordic/views/layouts/nordic.html.erb
index da4a9ee45..7cfc2534a 100644
--- a/app/themes/nordic/views/layouts/nordic.html.erb
+++ b/app/themes/nordic/views/layouts/nordic.html.erb
@@ -132,6 +132,11 @@ $('#right-menu').sidr({
$('ul.nav').off().on('click', function(){
$.sidr('close', 'nav');
});
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+ $.sidr('close', 'nav');
+});
<%= "".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
<%= "#{AppSettings['design.footer_js']}".html_safe %>
diff --git a/app/themes/singular/assets/stylesheets/singular/singular.scss b/app/themes/singular/assets/stylesheets/singular/singular.scss
index 60c4012e3..65dcb97a5 100644
--- a/app/themes/singular/assets/stylesheets/singular/singular.scss
+++ b/app/themes/singular/assets/stylesheets/singular/singular.scss
@@ -25,7 +25,7 @@ main {
background-color: $body-bg;
}
-input,
+input:not([type=radio]),
select {
min-height: 60px;
}
@@ -109,9 +109,6 @@ i.circle-icon {
font-size: 150%;
}
- .article-block {
- }
-
i.circle-icon {
display: inline-block;
border-radius: 60px;
@@ -128,6 +125,11 @@ i.circle-icon {
.article-icon {
margin-bottom: 20px;
}
+
+ select,
+ input:not([type=radio]) {
+ min-height: 20px;
+ }
}
@media(min-width:768px){
@@ -758,9 +760,6 @@ header {
padding-bottom: 0;
}
-.navbar-form .input-group .form-control {
-}
-
.navbar-right {
margin-right: -45px;
}
diff --git a/app/themes/singular/views/layouts/singular.html.erb b/app/themes/singular/views/layouts/singular.html.erb
index 026df68b2..38891303d 100644
--- a/app/themes/singular/views/layouts/singular.html.erb
+++ b/app/themes/singular/views/layouts/singular.html.erb
@@ -175,6 +175,11 @@ $('#right-menu').sidr({
$('ul.nav').off().on('click', function(){
$.sidr('close', 'nav');
});
+
+// Close menu before navigating so turbolinks does not cache menu open
+$(document).on('page:before-change', function () {
+ $.sidr('close', 'nav');
+});
<%= "".html_safe if AppSettings['widget.show_on_support_site'] == '1' %>
<%= "#{AppSettings['design.footer_js']}".html_safe %>
diff --git a/config/environment.rb b/config/environment.rb
index 4880d560c..0b4c5bdbd 100644
--- a/config/environment.rb
+++ b/config/environment.rb
@@ -5,6 +5,6 @@
Rails.application.initialize!
# Get the current tag version
-VERSION = '2.7.0'
+VERSION = '2.8.0'
REVISION = `git log --pretty=format:'%h' -n 1`
APP_VERSION = "#{VERSION}:#{REVISION}"
diff --git a/test/controllers/admin/topics_controller_test.rb b/test/controllers/admin/topics_controller_test.rb
index 36f54297a..c72107140 100644
--- a/test/controllers/admin/topics_controller_test.rb
+++ b/test/controllers/admin/topics_controller_test.rb
@@ -541,7 +541,7 @@ class Admin::TopicsControllerTest < ActionController::TestCase
spam_topics = Topic.where(current_status: 'spam').all
sign_in users(:agent)
xhr :get, :unassign_agent, { q: 'spam', affect: 'all' }
- assert_equal 0, Topic.admin_search('spam').where(assigned_user_id: nil).size
+ assert_equal 2, Topic.admin_search('spam').where(assigned_user_id: nil).size
assert_response :success
end
diff --git a/test/models/topic_test.rb b/test/models/topic_test.rb
index 2dc9acc76..cd39d4bbe 100644
--- a/test/models/topic_test.rb
+++ b/test/models/topic_test.rb
@@ -124,7 +124,7 @@ class TopicTest < ActiveSupport::TestCase
assert_equal t_posts_count + 1, topic.posts.count
end
- test "#assign_agent should set the current_status of the topic to pending, assigned_user_id to specified user_id, and should create a closed_message post belonging to that topic" do
+ test "#assign_agent should set assigned_user_id to specified user_id, and should create a closed_message post belonging to that topic" do
topic = create :topic
bulk_post_attributes = []
t_posts_count = topic.posts.count
@@ -133,7 +133,6 @@ class TopicTest < ActiveSupport::TestCase
topics.bulk_agent_assign(bulk_post_attributes, 1)
topic = Topic.find(topic.id)
- assert_equal 'pending', topic.current_status
assert_equal 1, topic.assigned_user_id
assert_equal t_posts_count + 1, topic.posts.count
end