Merge branch 'release/0.1.14'

.env.example

@@ -37,3 +37,11 @@ SIDEKIQ_PASSWORD: <some_password>
 # Stripe
 STRIPE_PUBLISHABLE_KEY="stripe_publishable_key"
 STRIPE_SECRET_KEY="stripe_secret_key"
+
+#Wise
+WISE_API_URL="https://api.sandbox.transferwise.tech"
+WISE_ACCESS_TOKEN="access-token-12345"
+WISE_PROFILE_ID="123456"
+
+#Feature Flags
+ENABLE_WEEKLY_REMINDER=

Gemfile

@@ -118,6 +118,9 @@ gem "stripe"
 # Background job processing adapter
 gem "sidekiq"
 
+#  job scheduler extension for Sidekiq
+gem "sidekiq-scheduler"
+
 # searchkick for elasticsearch
 gem "elasticsearch", "< 7.14" # select one
 gem "searchkick"
@@ -163,6 +166,10 @@ group :development, :test do
 
   # help to kill N+1 queries and unused eager loading. https://github.com/flyerhzm/bullet
   gem "bullet"
+
+  # To record response of outgoing API calls
+  gem "vcr", "~> 3.0.1"
+  gem "webmock", "~> 3.14.0"
 end
 
 group :development do

Gemfile.lock

@@ -138,6 +138,8 @@ GEM
     countries (5.0.1)
       i18n_data (~> 0.16.0)
       sixarm_ruby_unaccent (~> 1.1)
+    crack (0.4.5)
+      rexml
     crass (1.0.6)
     data_migrate (8.0.0)
       activerecord (>= 5.0)
@@ -172,6 +174,8 @@ GEM
       faraday (~> 1)
       multi_json
     erubi (1.10.0)
+    et-orbi (1.2.7)
+      tzinfo
     execjs (2.8.1)
     factory_bot (6.2.1)
       activesupport (>= 5.0.0)
@@ -205,11 +209,15 @@ GEM
     faraday-retry (1.0.3)
     ffi (1.15.5)
     foreman (0.87.2)
+    fugit (1.5.3)
+      et-orbi (~> 1, >= 1.2.7)
+      raabro (~> 1.4)
     globalid (1.0.0)
       activesupport (>= 5.0)
     grover (1.1.1)
       combine_pdf (~> 1.0)
       nokogiri (~> 1.0)
+    hashdiff (1.0.1)
     hashie (5.0.0)
     honeybadger (4.12.1)
     i18n (1.10.0)
@@ -308,6 +316,7 @@ GEM
       nio4r (~> 2.0)
     pundit (2.2.0)
       activesupport (>= 3.0.0)
+    raabro (1.4.0)
     racc (1.6.0)
     rack (2.2.3.1)
     rack-mini-profiler (3.0.0)
@@ -416,6 +425,8 @@ GEM
     ruby_audit (2.1.0)
       bundler-audit (~> 0.9.0)
     rubyzip (2.3.2)
+    rufus-scheduler (3.8.1)
+      fugit (~> 1.1, >= 1.1.6)
     sass-rails (6.0.0)
       sassc-rails (~> 2.1, >= 2.1.1)
     sassc (2.4.0)
@@ -443,6 +454,11 @@ GEM
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
       redis (>= 4.2.0)
+    sidekiq-scheduler (4.0.1)
+      redis (>= 4.2.0)
+      rufus-scheduler (~> 3.2)
+      sidekiq (>= 4)
+      tilt (>= 1.4.0)
     simple_po_parser (1.1.6)
     simplecov (0.21.2)
       docile (~> 1.1)
@@ -468,6 +484,7 @@ GEM
       concurrent-ruby (~> 1.0)
     unicode-display_width (2.1.0)
     uniform_notifier (1.16.0)
+    vcr (3.0.3)
     warden (1.2.9)
       rack (>= 2.0.9)
     web-console (4.2.0)
@@ -479,6 +496,10 @@ GEM
       nokogiri (~> 1.6)
       rubyzip (>= 1.3.0)
       selenium-webdriver (~> 4.0)
+    webmock (3.14.0)
+      addressable (>= 2.8.0)
+      crack (>= 0.3.2)
+      hashdiff (>= 0.4.0, < 2.0.0)
     webpacker (5.4.3)
       activesupport (>= 5.2)
       rack-proxy (>= 0.6.1)
@@ -553,12 +574,15 @@ DEPENDENCIES
   shoulda-callback-matchers (~> 1.1.1)
   shoulda-matchers (~> 5.1)
   sidekiq
+  sidekiq-scheduler
   simplecov
   spring
   stripe
   tzinfo-data
+  vcr (~> 3.0.1)
   web-console (>= 4.1.0)
   webdrivers
+  webmock (~> 3.14.0)
   webpacker
 
 RUBY VERSION

app/controllers/clients_controller.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
 class ClientsController < ApplicationController
-  skip_after_action :verify_authorized, except: :create
-
   def index
+    authorize :index, policy_class: ClientPolicy
     render :index, locals: {
       clients:,
       new_client: Client.new,

app/controllers/concerns/error_handler.rb

@@ -42,6 +42,7 @@ def user_not_authorized(exception)
           redirect_to redirect_path
         end
         format.json { render json: { errors: message }, status: :forbidden }
+        format.any(:pdf, :csv) { render json: { errors: message }, status: :forbidden }
       end
     end
 

app/controllers/email_confirmations_controller.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class EmailConfirmationsController < ApplicationController
+  skip_before_action :authenticate_user!
+  skip_after_action :verify_authorized
+  before_action :verify_confirmed_user
+
+  def show
+    resend_url = resend_email_confirmation_path({ email: user.email })
+    render :show, locals: { user:, resend_url: }
+  end
+
+  def resend
+    user.send_confirmation_instructions
+    flash[:notice] = t("confirmation.send_instructions", email: user.email)
+    redirect_to new_user_session_path
+  end
+
+  private
+
+    def verify_confirmed_user
+      if user.confirmed?
+        redirect_to root_path
+      end
+    end
+
+    def user
+      @_user ||= User.kept.find_by_email!(params[:email])
+    end
+end

app/controllers/internal_api/v1/clients_controller.rb

@@ -21,7 +21,7 @@ def create
   def show
     authorize client
     project_details = client.project_details(params[:time_frame])
-    client_details = { id: client.id, name: client.name, email: client.email }
+    client_details = { id: client.id, name: client.name, email: client.email, address: client.address }
     total_minutes = (project_details.map { |project| project[:minutes_spent] }).sum
     overdue_outstanding_amount = client.client_overdue_and_outstanding_calculation
     render json: { client_details:, project_details:, total_minutes:, overdue_outstanding_amount: }, status: :ok

app/controllers/internal_api/v1/companies_controller.rb

@@ -3,7 +3,11 @@
 class InternalApi::V1::CompaniesController < InternalApi::V1::ApplicationController
   def index
     authorize current_company
-    render json: { company: current_company }
+    if current_company.logo.attached?
+      render json: current_company.as_json.merge(logo_url: url_for(current_company.logo))
+    else
+      render json: current_company
+    end
   end
 
   def create
@@ -30,7 +34,7 @@ def update
     def company_params
       params.require(:company).permit(
         :name, :address, :business_phone, :country, :timezone, :base_currency,
-        :standard_price, :fiscal_year_end, :date_format
+        :standard_price, :fiscal_year_end, :date_format, :logo
       )
     end
 end

app/controllers/internal_api/v1/profile_controller.rb

@@ -0,0 +1,60 @@
+# frozen_string_literal: true
+
+class InternalApi::V1::ProfileController < InternalApi::V1::ApplicationController
+  def show
+    authorize :index, policy_class: ProfilePolicy
+    if current_user.avatar.attached?
+      avatar_url = url_for(current_user.avatar)
+    end
+    render json: { user: current_user.as_json.merge("avatar_url" => avatar_url) }, status: :ok
+  end
+
+  def remove_avatar
+    authorize :remove_avatar, policy_class: ProfilePolicy
+    current_user.avatar.destroy
+    render json: { notice: "Avatar deleted successfully" }, status: :ok
+  end
+
+  def update
+    authorize :update, policy_class: ProfilePolicy
+    if params[:user][:current_password].blank?
+      current_user.update_without_password(user_params.except(:current_password))
+      render json: { notice: "User updated" }, status: :ok
+    elsif validate_current_password && validate_password_length && validate_password_confirmation
+      current_user.update_with_password(user_params)
+      render json: { notice: "Password updated" }, status: :ok
+    else
+      render json: { error: "Something went wrong" }, status: :unprocessable_entity
+    end
+  rescue Exception => e
+    render json: { error: e.message }, status: :unprocessable_entity
+  end
+
+  private
+
+    def user_params
+      params.require(:user).permit(
+        :first_name, :last_name, :current_password, :password, :password_confirmation, :avatar
+      )
+    end
+
+    def validate_current_password
+      return true if current_user.valid_password?(params[:user][:current_password])
+
+      raise Exception.new("Current password is not correct")
+    end
+
+    def validate_password_confirmation
+      return true if params[:user][:password] == params[:user][:password_confirmation]
+
+      raise Exception.new("Password and password confirmation does not match")
+    end
+
+    def validate_password_length
+      return true if params[:user][:password].present? &&
+      params[:user][:password].length > 5 &&
+      params[:user][:password_confirmation].length > 5
+
+      raise Exception.new("Password and password confirmation should be of minimum 6 characters")
+    end
+end

app/controllers/internal_api/v1/profiles/bank_account_details_controller.rb

@@ -0,0 +1,65 @@
+# frozen_string_literal: true
+
+class InternalApi::V1::Profiles::BankAccountDetailsController < InternalApi::V1::ApplicationController
+  before_action :load_wise_account, only: [:index]
+  before_action :fetch_wise_account, only: [:update]
+
+  def index
+    authorize :index, policy_class: Profiles::BillingPolicy
+    render :index, locals: {
+      wise_account: @wise_account
+    }
+  end
+
+  def create
+    authorize :create, policy_class: Profiles::BillingPolicy
+
+    @wise_account = WiseAccount.create!(
+      recipient_id: params[:id],
+      profile_id: params[:profile],
+      target_currency: params[:currency],
+      source_currency: "USD",
+      company_id: current_company.id,
+      user_id: current_user.id
+    )
+
+    render :index, locals: {
+      wise_account: @wise_account
+    }
+  rescue => error
+    render json: {
+      error: error.message
+    }, status: 500
+  end
+
+  def update
+    authorize :update, policy_class: Profiles::BillingPolicy
+
+    @account.update!(
+      recipient_id: params[:id],
+      profile_id: params[:profile],
+      target_currency: params[:currency],
+      source_currency: "USD",
+      company_id: current_company.id,
+      user_id: current_user.id
+    )
+
+    render :index, locals: {
+      wise_account: @account
+    }
+  rescue => error
+    render json: {
+      error: error.message
+    }, status: 500
+  end
+
+  private
+
+    def load_wise_account
+      @wise_account ||= current_user.wise_account
+    end
+
+    def fetch_wise_account
+      @account = WiseAccount.find(params[:account_id])
+    end
+end