Merge pull request #304 from tomatoes-app/security-update-gems

Update gems (security)

Gemfile

@@ -76,6 +76,6 @@ end
 group :development, :test do
   gem 'byebug'
   gem 'pry'
-  gem 'rubocop', '~> 0.47.0', require: false
+  gem 'rubocop', '~> 0.51.0', require: false
   gem 'test-unit', '~> 3.0'
 end

Gemfile.lock

@@ -48,7 +48,7 @@ GEM
       mime-types (>= 2.99)
       unf
     ast (2.3.0)
-    autoprefixer-rails (7.1.6)
+    autoprefixer-rails (7.2.0)
       execjs
     better_errors (2.4.0)
       coderay (>= 1.0.0)
@@ -68,12 +68,12 @@ GEM
     byebug (9.1.0)
     coderay (1.1.2)
     concurrent-ruby (1.0.5)
-    coveralls (0.7.2)
-      multi_json (~> 1.3)
-      rest-client (= 1.6.7)
-      simplecov (>= 0.7)
-      term-ansicolor (= 1.2.2)
-      thor (= 0.18.1)
+    coveralls (0.8.21)
+      json (>= 1.8, < 3)
+      simplecov (~> 0.14.1)
+      term-ansicolor (~> 1.3)
+      thor (~> 0.19.4)
+      tins (~> 1.6)
     crass (1.0.3)
     dalli (2.7.6)
     debug_inspector (0.0.3)
@@ -205,6 +205,7 @@ GEM
     omniauth-twitter (1.4.0)
       omniauth-oauth (~> 1.1)
       rack
+    parallel (1.12.0)
     parser (2.4.0.2)
       ast (~> 2.3)
     power_assert (1.1.1)
@@ -253,12 +254,11 @@ GEM
       ffi (>= 0.5.0, < 2)
     rdiscount (2.2.0.1)
     ref (2.0.0)
-    rest-client (1.6.7)
-      mime-types (>= 1.16)
-    rubocop (0.47.1)
+    rubocop (0.51.0)
+      parallel (~> 1.10)
       parser (>= 2.3.3.1, < 3.0)
       powerpack (~> 0.1)
-      rainbow (>= 1.99.1, < 3.0)
+      rainbow (>= 2.2.2, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-progressbar (1.9.0)
@@ -277,7 +277,7 @@ GEM
       addressable (>= 2.3.5, < 2.6)
       faraday (~> 0.8, < 1.0)
     simple_oauth (0.3.1)
-    simplecov (0.15.1)
+    simplecov (0.14.1)
       docile (~> 1.1.0)
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
@@ -291,17 +291,17 @@ GEM
       sprockets (>= 3.0.0)
     sucker_punch (2.0.4)
       concurrent-ruby (~> 1.0.0)
-    term-ansicolor (1.2.2)
-      tins (~> 0.8)
+    term-ansicolor (1.6.0)
+      tins (~> 1.0)
     test-unit (3.2.6)
       power_assert
     therubyracer (0.12.3)
       libv8 (~> 3.16.14.15)
       ref
-    thor (0.18.1)
+    thor (0.19.4)
     thread_safe (0.3.6)
     tilt (2.0.8)
-    tins (0.13.2)
+    tins (1.16.0)
     twitter (6.2.0)
       addressable (~> 2.3)
       buftok (~> 0.2.0)
@@ -315,7 +315,7 @@ GEM
       simple_oauth (~> 0.3.0)
     tzinfo (1.2.4)
       thread_safe (~> 0.1)
-    uglifier (4.0.0)
+    uglifier (4.0.1)
       execjs (>= 0.3.0, < 3)
     unf (0.1.4)
       unf_ext
@@ -359,7 +359,7 @@ DEPENDENCIES
   rails (~> 5.1)
   rails_12factor
   rdiscount
-  rubocop (~> 0.47.0)
+  rubocop (~> 0.51.0)
   sass-rails (>= 3.2)
   simplecov
   sucker_punch (~> 2.0)

app/controllers/api/projects_controller.rb

@@ -3,13 +3,13 @@ class ProjectsController < BaseController
     include ProjectsParams
 
     before_action :authenticate_user!
-    before_action :find_project, only: [:show, :update, :destroy]
+    before_action :find_project, only: %i[show update destroy]
 
     # GET /api/projects
     def index
       @projects = current_user.projects
       @projects = @projects.tagged_with(params[:tag_list].split(',').map(&:strip)) if params[:tag_list]
-      @projects = @projects.order_by([[:created_at, :desc], [:_id, :desc]]).page params[:page]
+      @projects = @projects.order_by([%i[created_at desc], %i[_id desc]]).page params[:page]
 
       render json: Presenter::Projects.new(@projects)
     end

app/controllers/api/sessions_controller.rb

@@ -6,7 +6,7 @@ class SessionsController < BaseController
     def create
       auth_provider = AuthFactory.build(params)
       user = auth_provider.find_user
-      user = auth_provider.create_user! unless user
+      user ||= auth_provider.create_user!
 
       tomatoes_auth = user.authorizations.build(provider: 'tomatoes')
       tomatoes_auth.generate_token

app/controllers/api/tomatoes_controller.rb

@@ -3,14 +3,14 @@ class TomatoesController < BaseController
     include TomatoesParams
 
     before_action :authenticate_user!
-    before_action :find_tomato, only: [:show, :update, :destroy]
+    before_action :find_tomato, only: %i[show update destroy]
 
     # GET /api/tomatoes
     def index
       @tomatoes = current_user.tomatoes
       @tomatoes = @tomatoes.after(from) if from
       @tomatoes = @tomatoes.before(to) if to
-      @tomatoes = @tomatoes.order_by([[:created_at, :desc], [:_id, :desc]]).page params[:page]
+      @tomatoes = @tomatoes.order_by([%i[created_at desc], %i[_id desc]]).page params[:page]
 
       render json: Presenter::Tomatoes.new(@tomatoes)
     end

app/controllers/concerns/projects_params.rb

@@ -1,11 +1,11 @@
 module ProjectsParams
   def resource_params
     params.permit(
-      project: [
-        :name,
-        :tag_list,
-        :money_budget,
-        :time_budget
+      project: %i[
+        name
+        tag_list
+        money_budget
+        time_budget
       ]
     ).require(:project)
   end

app/controllers/concerns/users_params.rb

@@ -1,17 +1,17 @@
 module UsersParams
   def resource_params
     params.permit(
-      user: [
-        :name,
-        :email,
-        :image,
-        :time_zone,
-        :color,
-        :work_hours_per_day,
-        :average_hourly_rate,
-        :currency,
-        :volume,
-        :ticking
+      user: %i[
+        name
+        email
+        image
+        time_zone
+        color
+        work_hours_per_day
+        average_hourly_rate
+        currency
+        volume
+        ticking
       ]
     ).require(:user)
   end

app/controllers/projects_controller.rb

@@ -2,11 +2,11 @@ class ProjectsController < ApplicationController
   include ProjectsParams
 
   before_action :authenticate_user!
-  before_action :find_project, only: [:show, :edit, :update, :destroy]
+  before_action :find_project, only: %i[show edit update destroy]
 
   # GET /projects
   def index
-    @projects = current_user.projects.order_by([[:created_at, :desc]]).page params[:page]
+    @projects = current_user.projects.order_by([%i[created_at desc]]).page params[:page]
   end
 
   # GET /projects/1

app/controllers/statistics_controller.rb

@@ -3,7 +3,7 @@ class StatisticsController < ApplicationController
   def index
     @users        = User.count
     @tomatoes     = Tomato.count
-    @first_tomato = Tomato.order_by([[:created_at, :desc]]).last || Tomato.new(created_at: Time.zone.now)
+    @first_tomato = Tomato.order_by([%i[created_at desc]]).last || Tomato.new(created_at: Time.zone.now)
   end
 
   # GET /statistics/users_by_tomatoes.json

app/controllers/tomatoes_controller.rb

@@ -1,18 +1,18 @@
 class TomatoesController < ApplicationController
   include TomatoesParams
 
-  before_action :authenticate_user!, except: [:by_day, :by_hour]
-  before_action :find_user, only: [:by_day, :by_hour]
-  before_action :find_tomato, only: [:show, :edit, :update, :destroy]
+  before_action :authenticate_user!, except: %i[by_day by_hour]
+  before_action :find_user, only: %i[by_day by_hour]
+  before_action :find_tomato, only: %i[show edit update destroy]
 
   # GET /tomatoes
   # GET /tomatoes.csv
   def index
-    @tomatoes = current_user.tomatoes.order_by([[:created_at, :desc]]).page params[:page]
+    @tomatoes = current_user.tomatoes.order_by([%i[created_at desc]]).page params[:page]
 
     respond_to do |format|
       format.html # index.html.erb
-      format.csv { export_csv(current_user.tomatoes.order_by([[:created_at, :desc]])) }
+      format.csv { export_csv(current_user.tomatoes.order_by([%i[created_at desc]])) }
     end
   end
 
@@ -58,7 +58,7 @@ def create
       if @tomato.save
         format.js do
           @highlight      = @tomato
-          @tomatoes       = current_user.tomatoes.after(Time.zone.now.beginning_of_day).order_by([[:created_at, :desc]])
+          @tomatoes       = current_user.tomatoes.after(Time.zone.now.beginning_of_day).order_by([%i[created_at desc]])
           @tomatoes_count = current_user.tomatoes_counters
           @projects       = @tomatoes.collect(&:projects).flatten.uniq
 

app/controllers/welcome_controller.rb

@@ -15,7 +15,7 @@ def new_tomato
   end
 
   def daily_tomatoes
-    @tomatoes ||= current_user.tomatoes.after(Time.zone.now.beginning_of_day).order_by([[:created_at, :desc]])
+    @tomatoes ||= current_user.tomatoes.after(Time.zone.now.beginning_of_day).order_by([%i[created_at desc]])
   end
 
   def tomatoes_counters

app/helpers/application_helper.rb

@@ -16,7 +16,7 @@ def humanize(secs)
   end
 
   def content_for_user(user, &block)
-    capture(&block) if current_user && current_user.id == user.id
+    capture(&block) if current_user&.id == user.id
   end
 
   def money(number, unit)

app/models/tomato.rb

@@ -64,7 +64,7 @@ def projects
   private
 
   def must_not_overlap
-    last_tomato = user.tomatoes.after(Time.zone.now - DURATION.seconds).order_by([[:created_at, :desc]]).first
+    last_tomato = user.tomatoes.after(Time.zone.now - DURATION.seconds).order_by([%i[created_at desc]]).first
     return unless last_tomato
     limit = (DURATION.seconds - (Time.zone.now - last_tomato.created_at)).seconds
     errors.add(:base, I18n.t('errors.messages.must_not_overlap', limit: humanize(limit)))

app/models/user.rb

@@ -1,5 +1,3 @@
-# encoding: UTF-8
-
 class User
   include Mongoid::Document
   include Mongoid::Timestamps
@@ -46,12 +44,12 @@ class User
   validates :average_hourly_rate, numericality: { greater_than: 0, allow_blank: true }
 
   embeds_many :authorizations
-  has_many :tomatoes
-  has_many :projects
-  has_one :daily_score, inverse_of: :user, foreign_key: :uid
-  has_one :weekly_score, inverse_of: :user, foreign_key: :uid
-  has_one :monthly_score, inverse_of: :user, foreign_key: :uid
-  has_one :overall_score, inverse_of: :user, foreign_key: :uid
+  has_many :tomatoes, dependent: :nullify
+  has_many :projects, dependent: :nullify
+  has_one :daily_score, inverse_of: :user, foreign_key: :uid, dependent: :nullify
+  has_one :weekly_score, inverse_of: :user, foreign_key: :uid, dependent: :nullify
+  has_one :monthly_score, inverse_of: :user, foreign_key: :uid, dependent: :nullify
+  has_one :overall_score, inverse_of: :user, foreign_key: :uid, dependent: :nullify
 
   # TODO: this could be a composite index
   # TODO: this should be a unique index (unique: true)
@@ -115,8 +113,8 @@ def self.omniauth_attributes(auth)
   def omniauth_attributes(auth)
     attributes = self.class.omniauth_attributes(auth)
 
-    [:name, :email].each do |attribute|
-      attributes.delete(attribute) if send(attribute) && !send(attribute).empty?
+    %i[name email].each do |attribute|
+      attributes.delete(attribute) if send(attribute).present?
     end
 
     attributes
@@ -149,7 +147,7 @@ def self.total_by_day(users)
 
   def color
     color_value = self[:color]
-    color_value && !color_value.empty? ? color_value : User::DEFAULT_COLOR
+    color_value.present? ? color_value : User::DEFAULT_COLOR
   end
 
   def volume
@@ -164,7 +162,7 @@ def ticking
 
   def currency
     currency_value = self[:currency]
-    currency_value && !currency_value.empty? ? currency_value : User::DEFAULT_CURRENCY
+    currency_value.present? ? currency_value : User::DEFAULT_CURRENCY
   end
 
   def nickname
@@ -173,7 +171,7 @@ def nickname
 
   def image_file
     image_value = self[:image] || authorizations.first.try(:image)
-    image_value && !image_value.empty? ? image_value : User::DEFAULT_IMAGE_FILE
+    image_value.present? ? image_value : User::DEFAULT_IMAGE_FILE
   end
 
   def time_zone
@@ -189,7 +187,7 @@ def estimated_revenues
   end
 
   def tomatoes_counters
-    Hash[[:day, :week, :month].map do |time_period|
+    Hash[%i[day week month].map do |time_period|
       [time_period, tomatoes_counter(time_period)]
     end]
   end

chrome_app/manifest.json

@@ -1 +1 @@
-{"name":"Tomatoes","app":{"urls":["http://tomato.es/"],"launch":{"web_url":"http://tomato.es/"}},"icons":{"128":"icon_128.png"},"version":"0.14.8","description":"Pomodoro Technique\u00ae web-based time tracker"}
+{"name":"Tomatoes","app":{"urls":["http://tomato.es/"],"launch":{"web_url":"http://tomato.es/"}},"icons":{"128":"icon_128.png"},"version":"0.14.9","description":"Pomodoro Technique\u00ae web-based time tracker"}

config/application.rb

@@ -12,7 +12,7 @@
 Bundler.require(*Rails.groups)
 
 module TomatoesApp
-  VERSION = '0.14.8'.freeze
+  VERSION = '0.14.9'.freeze
   REPO = 'https://github.com/tomatoes-app/tomatoes'.freeze
 
   class Application < Rails::Application
@@ -27,7 +27,7 @@ class Application < Rails::Application
     # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
     # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
     # config.i18n.default_locale = :de
-    config.i18n.available_locales = %w(en it es fr pt-BR)
+    config.i18n.available_locales = %w[en it es fr pt-BR]
 
     # Do not swallow errors in after_commit/after_rollback callbacks.
     # config.active_record.raise_in_transactional_callbacks = true

config/initializers/assets.rb

@@ -8,11 +8,11 @@
 
 # Precompile additional assets.
 # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
-Rails.application.config.assets.precompile += %w(
+Rails.application.config.assets.precompile += %w[
   users.js
   users_charts.js
   statistics.js
   TT.js
   farbtastic.css
   bootstrap-social.css
-)
+]