Intermediary upgrade to rails 5

Gemfile.lock

@@ -95,8 +95,8 @@ GEM
       railties (>= 4.1.0, < 5.2)
       responders
       warden (~> 1.2.3)
-    devise-i18n (1.3.0)
+    devise-i18n (1.4.0)
-      devise (>= 2.0)
+      devise (>= 3.1)
     differ (0.1.2)
     domain_name (0.5.20170404)
       unf (>= 0.0.5, < 1.0.0)
@@ -110,8 +110,6 @@ GEM
     erubis (2.7.0)
     eventmachine (1.2.5)
     execjs (2.7.0)
-    faraday (0.11.0)
-      multipart-post (>= 1.2, < 3)
     ffi (1.9.18)
     flag-icons-rails (2.5.0)
       sass (~> 3.2)
@@ -122,7 +120,7 @@ GEM
       actionpack (>= 3.2.13)
     formtastic_i18n (0.6.0)
     geocoder (1.4.4)
-    globalid (0.4.0)
+    globalid (0.4.1)
       activesupport (>= 4.2.0)
     guard (2.14.1)
       formatador (>= 0.2.4)
@@ -168,11 +166,11 @@ GEM
       haml (>= 4.0.6, < 6.0)
       html2haml (>= 1.0.1)
       railties (>= 4.0.1)
-    haml_lint (0.26.0)
+    haml_lint (0.27.0)
       haml (>= 4.0, < 5.1)
       rainbow
       rake (>= 10, < 13)
-      rubocop (>= 0.49.0)
+      rubocop (>= 0.50.0)
       sysexits (~> 1.1)
     has_scope (0.7.1)
       actionpack (>= 4.1, < 5.2)
@@ -183,17 +181,17 @@ GEM
       haml (>= 4.0, < 6)
       nokogiri (>= 1.6.0)
       ruby_parser (~> 3.5)
-    http (2.2.2)
+    http (3.0.0)
       addressable (~> 2.3)
       http-cookie (~> 1.0)
-      http-form_data (~> 1.0.1)
+      http-form_data (>= 2.0.0.pre.pre2, < 3)
       http_parser.rb (~> 0.6.0)
     http-cookie (1.0.3)
       domain_name (~> 0.5)
-    http-form_data (1.0.3)
+    http-form_data (2.0.0)
     http_accept_language (2.1.1)
     http_parser.rb (0.6.0)
-    i18n (0.9.0)
+    i18n (0.9.1)
       concurrent-ruby (~> 1.0)
     i18n-active_record (0.2.0)
       i18n (>= 0.5.0)
@@ -213,18 +211,18 @@ GEM
     jquery-ui-rails (6.0.1)
       railties (>= 3.2.16)
     json (1.8.6)
-    kaminari (1.1.0)
+    kaminari (1.1.1)
       activesupport (>= 4.1.0)
-      kaminari-actionview (= 1.1.0)
+      kaminari-actionview (= 1.1.1)
-      kaminari-activerecord (= 1.1.0)
+      kaminari-activerecord (= 1.1.1)
-      kaminari-core (= 1.1.0)
+      kaminari-core (= 1.1.1)
-    kaminari-actionview (1.1.0)
+    kaminari-actionview (1.1.1)
       actionview
-      kaminari-core (= 1.1.0)
+      kaminari-core (= 1.1.1)
-    kaminari-activerecord (1.1.0)
+    kaminari-activerecord (1.1.1)
       activerecord
-      kaminari-core (= 1.1.0)
+      kaminari-core (= 1.1.1)
-    kaminari-core (1.1.0)
+    kaminari-core (1.1.1)
     kramdown (1.15.0)
     libv8 (3.16.14.19)
     listen (3.1.5)
@@ -235,17 +233,14 @@ GEM
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     lumberjack (1.0.12)
-    mail (2.6.6)
+    mail (2.7.0)
-      mime-types (>= 1.16, < 4)
+      mini_mime (>= 0.1.1)
     memoizable (0.4.2)
       thread_safe (~> 0.3, >= 0.3.1)
     meta-tags (2.6.0)
       actionpack (>= 3.2.0, < 5.3)
     method_source (0.9.0)
-    mime-types (3.1)
+    mini_mime (1.0.0)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2016.0521)
-    mini_mime (0.1.4)
     minitest (5.10.3)
     modernizr-rails (2.7.1)
     multi_json (1.12.2)
@@ -259,7 +254,7 @@ GEM
       nenv (~> 0.1)
       shellany (~> 0.0)
     orm_adapter (0.5.0)
-    paper_trail (8.0.0)
+    paper_trail (8.0.1)
       activerecord (>= 4.2, < 5.2)
       request_store (~> 1.1)
     parallel (1.12.0)
@@ -275,7 +270,7 @@ GEM
     pry (0.11.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    public_suffix (3.0.0)
+    public_suffix (3.0.1)
     puma (3.10.0)
     rack (2.0.3)
     rack-livereload (0.3.16)
@@ -296,7 +291,7 @@ GEM
       sprockets-rails (>= 2.0.0)
     rails-assets-jquery-sparkline (2.1.3)
     rails-assets-leaflet (1.2.0)
-    rails-assets-leaflet.markercluster (1.1.0)
+    rails-assets-leaflet.markercluster (1.2.0)
       rails-assets-leaflet (>= 1.0.3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
@@ -314,7 +309,7 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rainbow (2.2.2)
       rake
-    rake (12.1.0)
+    rake (12.2.1)
     ransack (1.8.4)
       actionpack (>= 3.0)
       activerecord (>= 3.0)
@@ -342,7 +337,7 @@ GEM
     ruby_parser (3.10.1)
       sexp_processor (~> 4.9)
     rubyzip (1.2.1)
-    sass (3.5.2)
+    sass (3.5.3)
       sass-listen (~> 4.0.0)
     sass-listen (4.0.0)
       rb-fsevent (~> 0.9, >= 0.9.4)
@@ -356,7 +351,7 @@ GEM
     sdoc (0.4.2)
       json (~> 1.7, >= 1.7.7)
       rdoc (~> 4.0)
-    selenium-webdriver (3.6.0)
+    selenium-webdriver (3.7.0)
       childprocess (~> 0.5)
       rubyzip (~> 1.0)
     sexp_processor (4.10.0)
@@ -396,17 +391,18 @@ GEM
     turbolinks (5.0.1)
       turbolinks-source (~> 5)
     turbolinks-source (5.0.3)
-    twitter (6.1.0)
+    twitter (6.2.0)
-      addressable (~> 2.5)
+      addressable (~> 2.3)
       buftok (~> 0.2.0)
-      equalizer (= 0.0.11)
+      equalizer (~> 0.0.11)
-      faraday (~> 0.11.0)
+      http (~> 3.0)
-      http (~> 2.1)
+      http-form_data (~> 2.0)
       http_parser.rb (~> 0.6.0)
-      memoizable (~> 0.4.2)
+      memoizable (~> 0.4.0)
-      naught (~> 1.1)
+      multipart-post (~> 2.0)
-      simple_oauth (~> 0.3.1)
+      naught (~> 1.0)
-    tzinfo (1.2.3)
+      simple_oauth (~> 0.3.0)
+    tzinfo (1.2.4)
       thread_safe (~> 0.1)
     uglifier (3.2.0)
       execjs (>= 0.3.0, < 3)

Guardfile

@@ -11,7 +11,7 @@ guard :livereload do
   watch(%r{(app|vendor)(/assets/\w+/(.+\.(sass|coffee|haml))).*}) { |m| "/assets/#{m[3]}" }
 end
 
-guard :minitest do
+guard :minitest, spring: 'bin/rails test' do
   # with Minitest::Unit
   watch(%r{^test/(.*)\/?test_(.*)\.rb})
   watch(%r{^lib/(.*/)?([^/]+)\.rb})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }

app/controllers/application_controller.rb

@@ -3,7 +3,7 @@ class ApplicationController < ActionController::Base
   before_action :set_paper_trail_whodunnit, :set_locale, :set_filters
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery prepend: true, with: :exception
 
   private
 

app/models/event.rb

@@ -18,7 +18,7 @@ class Event < ApplicationRecord
   validates :title, presence: true
   validate :end_after_start
   RULES = %w[daily weekly monthly monthly_day].freeze
-  validates :rule, allow_nil: true, inclusion: RULES
+  validates :rule, inclusion: RULES
   validates :description, presence: true
   validates :city, presence: true
   validates :region, presence: true

app/views/devise/confirmations/new.html.haml

@@ -1,9 +1,10 @@
 %h2 Resend confirmation instructions
-= form_for(resource, :as => resource_name, :url => confirmation_path(resource_name), :html => { :method => :post }) do |f|
+= form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
   = devise_error_messages!
-  %div
+  .field
     = f.label :email
     %br/
-    = f.email_field :email, :autofocus => true
+    = f.email_field :email, autofocus: true, value: (resource.pending_reconfirmation? ? resource.unconfirmed_email : resource.email)
-  %div= f.submit "Resend confirmation instructions"
+  .actions
+    = f.submit "Resend confirmation instructions"
 = render "devise/shared/links"

app/views/devise/mailer/confirmation_instructions.html.haml

@@ -1,4 +1,4 @@
 %p
   Welcome #{@email}!
 %p You can confirm your account email through the link below:
-%p= link_to 'Confirm my account', confirmation_url(@resource, :confirmation_token => @token)
+%p= link_to 'Confirm my account', confirmation_url(@resource, confirmation_token: @token)

app/views/devise/mailer/email_changed.html.haml

@@ -0,0 +1,8 @@
+%p
+  Hello #{@email}!
+- if @resource.try(:unconfirmed_email?)
+  %p
+    We're contacting you to notify you that your email is being changed to #{@resource.unconfirmed_email}.
+- else
+  %p
+    We're contacting you to notify you that your email has been changed to #{@resource.email}.

app/views/devise/mailer/password_change.html.haml

@@ -0,0 +1,3 @@
+%p
+  Hello #{@resource.email}!
+%p We're contacting you to notify you that your password has been changed.

app/views/devise/mailer/reset_password_instructions.html.haml

@@ -1,6 +1,6 @@
 %p
   Hello #{@resource.email}!
 %p Someone has requested a link to change your password. You can do this through the link below.
-%p= link_to 'Change my password', edit_password_url(@resource, :reset_password_token => @token)
+%p= link_to 'Change my password', edit_password_url(@resource, reset_password_token: @token)
 %p If you didn't request this, please ignore this email.
 %p Your password won't change until you access the link above and create a new one.

app/views/devise/mailer/unlock_instructions.html.haml

@@ -2,4 +2,4 @@
   Hello #{@resource.email}!
 %p Your account has been locked due to an excessive number of unsuccessful sign in attempts.
 %p Click the link below to unlock your account:
-%p= link_to 'Unlock my account', unlock_url(@resource, :unlock_token => @token)
+%p= link_to 'Unlock my account', unlock_url(@resource, unlock_token: @token)

app/views/devise/passwords/edit.html.haml

@@ -1,14 +1,19 @@
 %h2 Change your password
-= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :put }) do |f|
+= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :put }) do |f|
   = devise_error_messages!
   = f.hidden_field :reset_password_token
-  %div
+  .field
     = f.label :password, "New password"
     %br/
-    = f.password_field :password, :autofocus => true
+    - if @minimum_password_length
-  %div
+      %em
+        (#{@minimum_password_length} characters minimum)
+      %br/
+    = f.password_field :password, autofocus: true, autocomplete: "off"
+  .field
     = f.label :password_confirmation, "Confirm new password"
     %br/
-    = f.password_field :password_confirmation
+    = f.password_field :password_confirmation, autocomplete: "off"
-  %div= f.submit "Change my password"
+  .actions
+    = f.submit "Change my password"
 = render "devise/shared/links"

app/views/devise/passwords/new.html.haml

@@ -1,9 +1,10 @@
 %h2 Forgot your password?
-= form_for(resource, :as => resource_name, :url => password_path(resource_name), :html => { :method => :post }) do |f|
+= form_for(resource, as: resource_name, url: password_path(resource_name), html: { method: :post }) do |f|
   = devise_error_messages!
-  %div
+  .field
     = f.label :email
     %br/
-    = f.email_field :email, :autofocus => true
+    = f.email_field :email, autofocus: true
-  %div= f.submit "Send me reset password instructions"
+  .actions
+    = f.submit "Send me reset password instructions"
 = render "devise/shared/links"

app/views/devise/registrations/edit.html.haml

@@ -1,30 +1,36 @@
 %h2
   Edit #{resource_name.to_s.humanize}
-= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f|
+= form_for(resource, as: resource_name, url: registration_path(resource_name), html: { method: :put }) do |f|
   = devise_error_messages!
-  %div
+  .field
     = f.label :email
     %br/
-    = f.email_field :email, :autofocus => true
+    = f.email_field :email, autofocus: true
   - if devise_mapping.confirmable? && resource.pending_reconfirmation?
     %div
       Currently waiting confirmation for: #{resource.unconfirmed_email}
-  %div
+  .field
     = f.label :password
     %i (leave blank if you don't want to change it)
     %br/
-    = f.password_field :password, :autocomplete => "off"
+    = f.password_field :password, autocomplete: "off"
-  %div
+    - if @minimum_password_length
+      %br/
+      %em
+        = @minimum_password_length
+        characters minimum
+  .field
     = f.label :password_confirmation
     %br/
-    = f.password_field :password_confirmation
+    = f.password_field :password_confirmation, autocomplete: "off"
-  %div
+  .field
     = f.label :current_password
     %i (we need your current password to confirm your changes)
     %br/
-    = f.password_field :current_password
+    = f.password_field :current_password, autocomplete: "off"
-  %div= f.submit "Update"
+  .actions
+    = f.submit "Update"
 %h3 Cancel my account
 %p
-  Unhappy? #{button_to "Cancel my account", registration_path(resource_name), :data => { :confirm => "Are you sure?" }, :method => :delete}
+  Unhappy? #{button_to "Cancel my account", registration_path(resource_name), data: { confirm: "Are you sure?" }, method: :delete}
 = link_to "Back", :back

app/views/devise/registrations/new.html.haml

@@ -1,17 +1,21 @@
 %h2 Sign up
-= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f|
+= form_for(resource, as: resource_name, url: registration_path(resource_name)) do |f|
   = devise_error_messages!
-  %div
+  .field
     = f.label :email
     %br/
-    = f.email_field :email, :autofocus => true
+    = f.email_field :email, autofocus: true
-  %div
+  .field
     = f.label :password
+    - if @minimum_password_length
+      %em
+        (#{@minimum_password_length} characters minimum)
     %br/
-    = f.password_field :password
+    = f.password_field :password, autocomplete: "off"
-  %div
+  .field
     = f.label :password_confirmation
     %br/
-    = f.password_field :password_confirmation
+    = f.password_field :password_confirmation, autocomplete: "off"
-  %div= f.submit "Sign up"
+  .actions
+    = f.submit "Sign up"
 = render "devise/shared/links"

app/views/devise/sessions/new.html.haml

@@ -2,20 +2,19 @@
 
 %fieldset
   = form_for resource, as: resource_name,
-    url: session_path(resource_name) do |f|
+             url: session_path(resource_name) do |f|
     .field.login
       = f.label :login
-      = f.text_field :login, autofocus: true
+      %br/
-
+      = f.email_field :login, autofocus: true
     .field.password
       = f.label :password
-      = f.password_field :password
+      %br/
-
+      = f.password_field :password, autocomplete: 'off'
     - if devise_mapping.rememberable?
       .field
         = f.check_box :remember_me
         = f.label :remember_me
-
     .actions= f.submit t('.sign_in')
 
 = render 'devise/shared/links'

app/views/devise/shared/_links.html.haml

@@ -0,0 +1,19 @@
+- if controller_name != 'sessions'
+  = link_to "Log in", new_session_path(resource_name)
+  %br/
+- if devise_mapping.registerable? && controller_name != 'registrations'
+  = link_to "Sign up", new_registration_path(resource_name)
+  %br/
+- if devise_mapping.recoverable? && controller_name != 'passwords' && controller_name != 'registrations'
+  = link_to "Forgot your password?", new_password_path(resource_name)
+  %br/
+- if devise_mapping.confirmable? && controller_name != 'confirmations'
+  = link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name)
+  %br/
+- if devise_mapping.lockable? && resource_class.unlock_strategy_enabled?(:email) && controller_name != 'unlocks'
+  = link_to "Didn't receive unlock instructions?", new_unlock_path(resource_name)
+  %br/
+- if devise_mapping.omniauthable?
+  - resource_class.omniauth_providers.each do |provider|
+    = link_to "Sign in with #{OmniAuth::Utils.camelize(provider)}", omniauth_authorize_path(resource_name, provider)
+    %br/

app/views/devise/unlocks/new.html.haml

@@ -1,9 +1,10 @@
 %h2 Resend unlock instructions
-= form_for(resource, :as => resource_name, :url => unlock_path(resource_name), :html => { :method => :post }) do |f|
+= form_for(resource, as: resource_name, url: unlock_path(resource_name), html: { method: :post }) do |f|
   = devise_error_messages!
-  %div
+  .field
     = f.label :email
     %br/
-    = f.email_field :email, :autofocus => true
+    = f.email_field :email, autofocus: true
-  %div= f.submit "Resend unlock instructions"
+  .actions
+    = f.submit "Resend unlock instructions"
 = render "devise/shared/links"

app/views/orgas/_types.haml

@@ -1,5 +1,5 @@
 - params[:q] = {} if params[:q].nil?
-- p = params[:q].clone
+- p = params[:q].clone.permit
 
 %ul.counters
   -# The reorder and specific count are required for the "near" scope

app/views/orgas/index.html.haml

@@ -54,7 +54,7 @@
             = link_to orga.feed do
               %em.fa.fa-rss{ title: Orga.human_attribute_name(:feed) }
         %td.view
-          = link_to orga_path(orga, q: params[:q], page: params[:page]) do
+          = link_to orga_path orga, q: params[:q].permit, page: params[:page] do
             %em.fa.fa-eye
         %td.edit
           - if orga.secret.nil? || user_signed_in?

test/controllers/orgas_controller_test.rb

@@ -1,40 +1,42 @@
 require 'test_helper'
 
-# Free Software groups life cycle
+# Organisations life cycle tests
-class OrgasControllerTest < ActionController::TestCase
+class OrgasControllerTest < ActionDispatch::IntegrationTest
-  include Devise::Test::ControllerHelpers
-
   setup do
     @orga = orgas :one
   end
 
   test 'should get index' do
-    get :index
+    get orgas_url, params: {
+      orga: {
+        region: regions(:region_one)
+      }
+    }
     assert_response :success
   end
 
   test 'should get new' do
     sign_in users(:one)
-    get :new
+    get new_orga_url
     assert_response :success
   end
 
   test 'should create orga' do
     sign_in users(:one)
     assert_difference 'Orga.count' do
-      post :create, orga: {
+      post orgas_url, params: {
-        kind_id: @orga.kind_id,
+        orga: {
-        name: @orga.name,
+          kind_id: @orga.kind_id,
-        city: @orga.city,
+          name: @orga.name,
-        region_id: @orga.region.id,
+          city: @orga.city,
-        description: @orga.description,
+          region_id: @orga.region.id,
-        url: @orga.url,
+          description: @orga.description,
-        feed: @orga.feed,
+          url: @orga.url,
-        contact: @orga.contact,
+          feed: @orga.feed,
-        submitter: @orga.contact
+          contact: @orga.contact,
+          submitter: @orga.contact
+        }
       }
-
-      assert_empty assigns(:orga).errors.messages
     end
 
     assert_redirected_to :root
@@ -43,31 +45,30 @@ class OrgasControllerTest < ActionController::TestCase
   test 'should create minimalist orga' do
     sign_in users(:one)
     assert_difference 'Orga.count' do
-      post :create, orga: {
+      post orgas_url, params: {
-        kind_id: @orga.kind_id,
+        orga: {
-        name: @orga.name,
+          kind_id: @orga.kind_id,
-        region_id: @orga.region.id,
+          name: @orga.name,
-        description: @orga.description,
+          region_id: @orga.region.id,
-        url: @orga.url
+          description: @orga.description,
+          url: @orga.url
+        }
       }
-
-      assert_empty assigns(:orga).errors.messages
     end
 
     assert_redirected_to :root
   end
 
   test 'should not create orga' do
-    sign_in users(:one)
     assert_no_difference 'Orga.count' do
-      post :create, orga: { url: @orga.url }
+      post orgas_url, params: {
-
+        orga: { url: @orga.url }
-      assert_not_empty assigns(:orga).errors.messages
+      }
     end
   end
 
   test 'should get show' do
-    get :show, id: @orga
+    get orga_url(@orga.id)
     assert_response :success
   end
 
@@ -75,22 +76,28 @@ class OrgasControllerTest < ActionController::TestCase
     # Necessary to have the proper paper_trail version
     @orga.update_attributes name: 'My Title'
 
-    patch :update, id: @orga, secret: @orga.secret, orga: { name: @orga.name }
+    patch orga_url(@orga), params: {
+      secret: @orga.secret,
+      orga: { name: @orga.name }
+    }
 
-    assert_empty assigns(:orga).errors.messages
+    assert_redirected_to orga_url(@orga)
-    assert_redirected_to assigns(:orga)
   end
 
   test 'should not update orga' do
     sign_in users(:one)
-    patch :update, id: @orga, orga: { name: nil }
+    patch orga_url(@orga), params: {
+      orga: { name: nil }
+    }
 
-    assert_not_empty assigns(:orga).errors.messages
+    assert_redirected_to :new_user_session
   end
 
   test 'should not update orga without proper secret' do
-    patch :update, id: @orga, orga: {
+    patch orga_url(@orga), params: {
-      name: 'hello world'
+      orga: {
+        name: 'hello world'
+      }
     }
 
     assert_redirected_to :new_user_session

test/mailers/previews/event_mailer_preview.rb

@@ -18,8 +18,8 @@ class EventMailerPreview < ActionMailer::Preview
     event = Event.first
 
     event.start_time += 1.day
-    event.description = event.description + '
+    event.description = event.description + '<p>     et</p>
-hello world'
+<p> hello world</p>'
 
     EventMailer.update event
   end

test/models/event_test.rb

@@ -84,14 +84,14 @@ class EventTest < ActiveSupport::TestCase
   test 'named scope future.daylimit' do
     assert Event.respond_to? :future
     assert Event.respond_to? :daylimit
-    assert_match(/<= end_time/, Event.future.daylimit(nil).where_values[0])
+    assert_match(/<= end_time/, Event.future.daylimit(nil).to_sql)
-    assert_match(/end_time <=/, Event.future.daylimit(nil).where_values[1])
+    assert_match(/end_time <=/, Event.future.daylimit(nil).to_sql)
   end
 
   test 'named scope year' do
     assert Event.respond_to? :year
-    assert_match(/<= end_time/, Event.year(2014).where_values[0])
+    assert_match(/<= end_time/, Event.year(2014).to_sql)
-    assert_match(/start_time <=/, Event.year(2014).where_values[0])
+    assert_match(/start_time <=/, Event.year(2014).to_sql)
   end
 
   test 'named scope region' do

test/test_helper.rb

@@ -2,9 +2,9 @@ ENV['RAILS_ENV'] ||= 'test'
 require File.expand_path('../../config/environment', __FILE__)
 require 'rails/test_help'
 
-require 'simplecov'
+# require 'simplecov'
 
-SimpleCov.start 'rails'
+# SimpleCov.start 'rails'
 
 module ActiveSupport
   # Standard helper class for almost all tests
@@ -32,5 +32,11 @@ module ActiveSupport
       'country'      => 'United States',
       'country_code' => 'US'
     }]
+
+    def sign_in(user)
+      post user_session_path \
+        'user[email]' => user.email,
+        'user[password]' => user.password
+    end
   end
 end