Family invites (#1397)

* Initial pass at household invites * Invitee setup * Clean up add member form * Lint and other tweaks * Security cleanup * Lint * i18n fixes * More i18n cleanup * Show pending invites * Don't use turbo on the form * Improved email design * Basic tests * Lint * Update onboardings_controller.rb * Registration + invite cleanup * Lint * Update brakeman.ignore * Update brakeman.ignore * Self host invite links * Test tweaks * Address missing param error
2025-08-03 12:35:21 +02:00 · 2024-11-01 10:23:27 -05:00 · 2024-11-01 10:23:27 -05:00 · 793bd852a0
commit 793bd852a0
parent 09b269273a
26 changed files with 502 additions and 45 deletions
--- a/config/brakeman.ignore
+++ b/config/brakeman.ignore
@ -38,7 +38,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -72,7 +72,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -91,6 +91,29 @@
      ],
      "note": ""
    },
+    {
+      "warning_type": "Mass Assignment",
+      "warning_code": 105,
+      "fingerprint": "aaccd8db0be34afdc88e5af08d91ae2e8b7765dfea2f3fc6e1c37db0adc7b991",
+      "check_name": "PermitAttributes",
+      "message": "Potentially dangerous key allowed for mass assignment",
+      "file": "app/controllers/invitations_controller.rb",
+      "line": 34,
+      "link": "https://brakemanscanner.org/docs/warning_types/mass_assignment/",
+      "code": "params.require(:invitation).permit(:email, :role)",
+      "render_path": null,
+      "location": {
+        "type": "method",
+        "class": "InvitationsController",
+        "method": "invitation_params"
+      },
+      "user_input": ":role",
+      "confidence": "Medium",
+      "cwe_id": [
+        915
+      ],
+      "note": ""
+    },
    {
      "warning_type": "Cross-Site Scripting",
      "warning_code": 2,
@ -140,7 +163,7 @@
          "type": "controller",
          "class": "AccountsController",
          "method": "show",
-          "line": 39,
+          "line": 36,
          "file": "app/controllers/accounts_controller.rb",
          "rendered": {
            "name": "accounts/show",
@ -194,6 +217,6 @@
      "note": ""
    }
  ],
-  "updated": "2024-10-17 11:30:15 -0400",
-  "brakeman_version": "6.2.1"
+  "updated": "2024-11-01 09:36:40 -0500",
+  "brakeman_version": "6.2.2"
 }