Merge branch 'master' into AO3-6856-edit-page-for-default-language-ac…

…cessible-despite-edit-link-being-hidden

.github/workflows/reviewdog.yml

@@ -23,7 +23,7 @@ jobs:
           bundler-cache: true
 
       - name: rubocop
-        uses: reviewdog/action-rubocop@ef7ea4380fa10c72a1671f16f4fa37927c75f42c
+        uses: reviewdog/action-rubocop@cd8c2943f425b54f97095777109ae9f1f2d79a61
         with:
           use_bundler: true
           reporter: github-pr-check

Gemfile

@@ -172,6 +172,8 @@ gem 'rvm-capistrano'
 
 # Use unicorn as the web server
 gem 'unicorn', '~> 5.5', require: false
+# Install puma so we can migrate to it
+gem "puma", "~> 6.5.0"
 # Use god as the monitor
 gem 'god', '~> 0.13.7'
 

Gemfile.lock

@@ -346,12 +346,12 @@ GEM
       net-smtp
     marcel (1.0.2)
     matrix (0.4.2)
-    mechanize (2.10.0)
+    mechanize (2.12.2)
       addressable (~> 2.8)
       base64
       domain_name (~> 0.5, >= 0.5.20190701)
       http-cookie (~> 1.0, >= 1.0.3)
-      mime-types (~> 3.0)
+      mime-types (~> 3.3)
       net-http-digest_auth (~> 1.4, >= 1.4.1)
       net-http-persistent (>= 2.5.2, < 5.0.dev)
       nkf
@@ -364,7 +364,7 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2024.0206)
     mini_mime (1.1.2)
-    mini_portile2 (2.8.7)
+    mini_portile2 (2.8.8)
     minitest (5.25.1)
     mono_logger (1.1.2)
     multi_json (1.15.0)
@@ -397,7 +397,7 @@ GEM
     netrc (0.11.0)
     nio4r (2.7.0)
     nkf (0.2.0)
-    nokogiri (1.16.7)
+    nokogiri (1.16.8)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
     orm_adapter (0.5.0)
@@ -423,6 +423,8 @@ GEM
       byebug (~> 11.0)
       pry (>= 0.13, < 0.15)
     public_suffix (5.0.4)
+    puma (6.5.0)
+      nio4r (~> 2.0)
     pundit (2.3.1)
       activesupport (>= 3.0.0)
     raabro (1.4.0)
@@ -459,9 +461,9 @@ GEM
       activesupport (>= 5.0.0)
       minitest
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.1)
       loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
     rails-i18n (7.0.8)
       i18n (>= 0.7, < 2)
       railties (>= 6.0.0, < 8)
@@ -696,6 +698,7 @@ DEPENDENCIES
   phraseapp-in-context-editor-ruby (>= 1.0.6)
   pickle
   pry-byebug
+  puma (~> 6.5.0)
   pundit
   rack (~> 2.2)
   rack-attack

app/controllers/application_controller.rb

@@ -393,20 +393,39 @@ def use_caching?
   # Prevents banned and suspended users from adding/editing content
   def check_user_status
     if current_user.is_a?(User) && (current_user.suspended? || current_user.banned?)
-      flash[:error] = if current_user.suspended?
-                        t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
-                      else
-                        t("users.status.ban_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path))
-                      end
+      if current_user.suspended?
+        suspension_end = current_user.suspended_until
+
+        # Unban threshold is 6:51pm, 12 hours after the unsuspend_users rake task located in schedule.rb is run at 6:51am
+        unban_theshold = DateTime.new(suspension_end.year, suspension_end.month, suspension_end.day, 18, 51, 0, "+00:00") 
+
+        # If the stated suspension end date is after the unban threshold we need to advance a day 
+        suspension_end = suspension_end.next_day(1) if suspension_end > unban_theshold
+        localized_suspension_end = view_context.date_in_zone(suspension_end)
+        flash[:error] = t("users.status.suspension_notice_html", suspended_until: localized_suspension_end, contact_abuse_link: view_context.link_to(t("users.contact_abuse"), new_abuse_report_path))
+
+      else
+        flash[:error] = t("users.status.ban_notice_html", contact_abuse_link: view_context.link_to(t("users.contact_abuse"), new_abuse_report_path))
+      end
       redirect_to current_user
     end
   end
 
   # Prevents temporarily suspended users from deleting content
   def check_user_not_suspended
     return unless current_user.is_a?(User) && current_user.suspended?
+
+    suspension_end = current_user.suspended_until
+
+    # Unban threshold is 6:51pm, 12 hours after the unsuspend_users rake task located in schedule.rb is run at 6:51am
+    unban_theshold = DateTime.new(suspension_end.year, suspension_end.month, suspension_end.day, 18, 51, 0, "+00:00") 
+
+    # If the stated suspension end date is after the unban threshold we need to advance a day 
+    suspension_end = suspension_end.next_day(1) if suspension_end > unban_theshold
+    localized_suspension_end = view_context.date_in_zone(suspension_end)
 
-    flash[:error] = t("users.status.suspension_notice_html", contact_abuse_link: view_context.link_to(t("users.status.contact_abuse"), new_abuse_report_path), suspended_until: localize(current_user.suspended_until))
+    flash[:error] = t("users.status.suspension_notice_html", suspended_until: localized_suspension_end, contact_abuse_link: view_context.link_to(t("users.contact_abuse"), new_abuse_report_path))
+
     redirect_to current_user
   end
 

app/controllers/feedbacks_controller.rb

@@ -19,6 +19,8 @@ def create
     @feedback.rollout = @feedback.rollout_string
     @feedback.user_agent = request.env["HTTP_USER_AGENT"]
     @feedback.ip_address = request.remote_ip
+    @feedback.referer = request.referer if request.referer && ArchiveConfig.PERMITTED_HOSTS.include?(URI(request.referer).host)
+    @feedback.site_skin = helpers.current_skin
     if @feedback.save
       @feedback.email_and_send
       flash[:notice] = t("successfully_sent",
@@ -42,5 +44,4 @@ def feedback_params
       :comment, :email, :summary, :username, :language
     )
   end
-
 end

app/controllers/languages_controller.rb

@@ -34,6 +34,19 @@ def edit
   def update
     @language = Language.find_by(short: params[:id])
     authorize @language
+
+    if !policy(@language).can_edit_non_abuse_fields? && (@language.name != language_params[:name] || @language.short != language_params[:short] || @language.sortable_name != language_params[:sortable_name] || @language.support_available != (language_params[:support_available] == "1"))
+      flash[:error] = t("languages.update.non_abuse_field_error")
+      redirect_to languages_path
+      return
+    end
+
+    if !policy(@language).can_edit_abuse_fields? && (@language.abuse_support_available != (language_params[:abuse_support_available] == "1"))
+      flash[:error] = t("languages.update.abuse_field_error")
+      redirect_to languages_path
+      return
+    end
+
     if @language.update(language_params)
       flash[:notice] = t("languages.successfully_updated")
       redirect_to languages_path

app/controllers/pseuds_controller.rb

@@ -91,7 +91,7 @@ def create
           # if setting this one as default, unset the attribute of the current default pseud
           old_default.update_attribute(:is_default, false)
         end
-        redirect_to([@user, @pseud])
+        redirect_to polymorphic_path([@user, @pseud])
       else
         render action: "new"
       end

app/controllers/tag_wranglings_controller.rb

@@ -27,6 +27,7 @@ def index
                            in_use: true,
                            unwrangleable: false,
                            unwrangled: true,
+                           has_posted_works: true,
                            sort_column: params[:sort_column],
                            sort_direction: params[:sort_direction],
                            page: params[:page],

app/controllers/users/passwords_controller.rb

@@ -14,14 +14,14 @@ def create
     end
 
     if user.prevent_password_resets?
-      flash[:error] = t(".reset_blocked", contact_abuse_link: view_context.link_to(t(".contact_abuse"), new_abuse_report_path)).html_safe
+      flash[:error] = t(".reset_blocked_html", contact_abuse_link: view_context.link_to(t(".contact_abuse"), new_abuse_report_path))
       redirect_to root_path and return
     elsif user.password_resets_limit_reached?
       available_time = ApplicationController.helpers.time_in_zone(
         user.password_resets_available_time, nil, user
       )
 
-      flash[:error] = t(".reset_cooldown", reset_available_time: available_time).html_safe
+      flash[:error] = t(".reset_cooldown_html", reset_available_time: available_time)
       redirect_to root_path and return
     end
 

app/controllers/users_controller.rb

@@ -1,7 +1,7 @@
 class UsersController < ApplicationController
   cache_sweeper :pseud_sweeper
 
-  before_action :check_user_status, only: [:edit, :update]
+  before_action :check_user_status, only: [:edit, :update, :change_username, :changed_username]
   before_action :load_user, except: [:activate, :delete_confirmation, :index]
   before_action :check_ownership, except: [:activate, :delete_confirmation, :edit, :index, :show, :update]
   before_action :check_ownership_or_admin, only: [:edit, :update]

app/helpers/skins_helper.rb

@@ -14,45 +14,41 @@ def skin_preview_display(skin)
     end
   end
 
-  def skin_tag
-    skin = nil
-
-    if params[:site_skin]
-      skin ||= Skin.approved_or_owned_by.usable.find_by(id: params[:site_skin])
-    end
-
-    if (logged_in? || logged_in_as_admin?) && session[:site_skin]
-      skin ||= Skin.approved_or_owned_by.usable.find_by(id: session[:site_skin])
-    end
-
-    skin_id = if skin.nil?
-                current_user&.preference&.skin_id || AdminSetting.default_skin_id
-              else
-                skin.id
-              end
-
-    return "" if skin_id.nil?
+  # Fetches the current skin. This is determined by the following
+  # 1. Skin ID set by request parameter
+  # 2. Skin ID set in the current session (if someone, a user or admin, is logged in)
+  # 3. Current user's skin preference
+  # 4. The default skin (as set by the active AdminSetting)
+  def current_skin
+    skin = Skin.approved_or_owned_by.usable.find_by(id: params[:site_skin]) if params[:site_skin]
+    skin ||= Skin.approved_or_owned_by.usable.find_by(id: session[:site_skin]) if (logged_in? || logged_in_as_admin?) && session[:site_skin]
+    skin ||= current_user&.preference&.skin
+    skin || AdminSetting.default_skin
+  end
 
+  def skin_tag
     roles = if logged_in_as_admin?
               Skin::DEFAULT_ROLES_TO_INCLUDE + ["admin"]
             else
               Skin::DEFAULT_ROLES_TO_INCLUDE
             end
 
-    # We include the version information for both the skin_id and the
+    skin = current_skin
+    return "" unless skin
+
+    # We include the version information for both the skin's id and the
     # AdminSetting.default_skin_id because the default skin is used in skins of
     # type "user", so we need to regenerate the cache block when it's modified.
     #
     # We also include the default_skin_id in the version number so that we
     # regenerate the cache block when an admin updates the current default
     # skin.
     Rails.cache.fetch(
-      [:v1, :site_skin, skin_id, logged_in_as_admin?],
-      version: [skin_cache_version(skin_id),
+      [:v1, :site_skin, skin.id, logged_in_as_admin?],
+      version: [skin_cache_version(skin.id),
                 AdminSetting.default_skin_id,
                 skin_cache_version(AdminSetting.default_skin_id)]
     ) do
-      skin ||= Skin.find(skin_id)
       skin.get_style(roles)
     end
   end

app/helpers/wrangling_helper.rb

@@ -3,7 +3,7 @@ def tag_counts_per_category
     counts = {}
     [Fandom, Character, Relationship, Freeform].each do |klass|
       counts[klass.to_s.downcase.pluralize.to_sym] = Rails.cache.fetch("/wrangler/counts/sidebar/#{klass}", race_condition_ttl: 10, expires_in: 1.hour) do
-        TagQuery.new(type: klass.to_s, in_use: true, unwrangleable: false, unwrangled: true).count
+        TagQuery.new(type: klass.to_s, in_use: true, unwrangleable: false, unwrangled: true, has_posted_works: true).count
       end
     end
     counts[:UnsortedTag] = Rails.cache.fetch("/wrangler/counts/sidebar/UnsortedTag", race_condition_ttl: 10, expires_in: 1.hour) do

app/models/abuse_report.rb

@@ -124,8 +124,9 @@ def send_report
   end
 
   def attach_work_download(ticket_id)
+    is_not_comments = url[%r{/comments/}, 0].nil?
     work_id = url[%r{/works/(\d+)}, 1]
-    return unless work_id
+    return unless work_id && is_not_comments
 
     work = Work.find_by(id: work_id)
     ReportAttachmentJob.perform_later(ticket_id, work) if work

app/models/feedback.rb

@@ -1,8 +1,8 @@
 # Class which holds feedback sent to the archive administrators about the archive as a whole
 class Feedback < ApplicationRecord
-  attr_accessor :ip_address
+  attr_accessor :ip_address, :referer, :site_skin
 
-  # note -- this has NOTHING to do with the Comment class!
+  # NOTE: this has NOTHING to do with the Comment class!
   # This is just the name of the text field in the Feedback
   # class which holds the user's comments.
   validates_presence_of :comment
@@ -60,7 +60,8 @@ def rollout_string
   end
 
   def send_report
-    return unless %w(staging production).include?(Rails.env)
+    return unless zoho_enabled?
+
     reporter = SupportReporter.new(
       title: summary,
       description: comment,
@@ -69,8 +70,17 @@ def send_report
       username: username,
       user_agent: user_agent,
       site_revision: ArchiveConfig.REVISION.to_s,
-      rollout: rollout
+      rollout: rollout,
+      ip_address: ip_address,
+      referer: referer,
+      site_skin: site_skin
     )
     reporter.send_report!
   end
+
+  private
+
+  def zoho_enabled?
+    %w[staging production].include?(Rails.env)
+  end
 end

app/models/feedback_reporters/abuse_reporter.rb

@@ -1,6 +1,4 @@
 class AbuseReporter < FeedbackReporter
-  attr_accessor :ip_address
-
   def report_attributes
     super.deep_merge(
       "departmentId" => department_id,

app/models/feedback_reporters/feedback_reporter.rb

@@ -13,7 +13,8 @@ class FeedbackReporter
                 :language,
                 :category,
                 :username,
-                :url
+                :url,
+                :ip_address
 
   def initialize(attrs = {})
     attrs.each_pair do |key, val|

app/models/feedback_reporters/support_reporter.rb

@@ -1,5 +1,5 @@
 class SupportReporter < FeedbackReporter
-  attr_accessor :user_agent, :site_revision, :rollout
+  attr_accessor :user_agent, :referer, :rollout, :site_revision, :site_skin
 
   def report_attributes
     super.deep_merge(
@@ -13,10 +13,17 @@ def report_attributes
   private
 
   def custom_zoho_fields
+    # To avoid issues where Zoho ticket creation silently fails, only grab the first
+    # 255 characters of the referer URL. That may miss some complex search queries,
+    # but still keep enough to be useful most of the time.
+    truncated_referer = referer.present? ? referer[0..254] : "Unknown URL"
     {
       "cf_archive_version" => site_revision.presence || "Unknown site revision",
       "cf_rollout" => rollout.presence || "Unknown",
-      "cf_user_agent" => user_agent.presence || "Unknown user agent"
+      "cf_user_agent" => user_agent.presence || "Unknown user agent",
+      "cf_ip" => ip_address.presence || "Unknown IP",
+      "cf_referer" => truncated_referer,
+      "cf_site_skin" => site_skin&.public ? site_skin.title : "Custom skin"
     }
   end
 

app/models/tag.rb

@@ -1065,14 +1065,15 @@ def unwrangled?
   #################################
 
   def unwrangled_query(tag_type, options = {})
-    self_type = %w(Character Fandom Media).include?(self.type) ? self.type.downcase : "fandom"
+    self_type = %w[Character Fandom Media].include?(self.type) ? self.type.downcase : "fandom"
     TagQuery.new(options.merge(
-      type: tag_type,
-      unwrangleable: false,
-      wrangled: false,
-      "pre_#{self_type}_ids": [self.id],
-      per_page: Tag.per_page
-    ))
+                   type: tag_type,
+                   unwrangleable: false,
+                   wrangled: false,
+                   has_posted_works: true,
+                   "pre_#{self_type}_ids": [self.id],
+                   per_page: Tag.per_page
+                 ))
   end
 
   def unwrangled_tags(tag_type, options = {})