Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build: Release 4.36.0 #348

Merged
merged 31 commits into from
Sep 22, 2020
Merged

build: Release 4.36.0 #348

merged 31 commits into from
Sep 22, 2020

Conversation

tshuli
Copy link
Contributor

@tshuli tshuli commented Sep 22, 2020

Features

  • feat: automate critical bounce handling #318
  • feat: form ownership transfer feature #111

Improvements

  • feat: update copy for email fields, intranet, privacy #321
  • feat: Using neverthrow to explicitly handle errors in AuthController #332
  • refactor: remove unused key #325
  • test: remove storage mode attachment tests #336

Bug Fixes

  • fix(dev): fix hot reloading and Localstack port #324
  • fix: set nodeEnv to assigned variable if in dev environment #335
  • Fix more tests 0c6c8ac
  • Fix tests 6d0ffde

New Dependencies

  • chore: update spcp-auth-client library #346

  • chore: update travis.yml and pin localstack in docker-compose #337

  • chore(deps-dev): bump concurrently from 3.6.1 to 5.3.0 #308

  • chore(deps-dev): bump eslint from 7.8.1 to 7.9.0 #331

  • chore(deps-dev): bump eslint-plugin-import from 2.21.2 to 2.22.0 #330

  • chore(deps-dev): bump eslint-plugin-jest from 24.0.0 to 24.0.2 #341

  • chore(deps-dev): bump lint-staged from 10.2.11 to 10.4.0 #328

  • chore(deps-dev): bump ts-node from 8.10.2 to 9.0.0 #329

  • fix(deps): bump celebrate from 12.2.0 to 13.0.3 #338

  • fix(deps): bump csv-parse from 4.10.1 to 4.12.0 #340

  • fix(deps): bump csv-string from 3.2.0 to 4.0.1 #344

  • fix(deps): bump helmet from 3.23.1 to 4.1.0 #233

  • fix(deps): bump whatwg-fetch from 3.0.0 to 3.4.1 #300

  • fix(deps): bump winston from 3.2.1 to 3.3.3 #278

  • fix(deps): fix npm audit issues #322

  • fix(deps): uninstall async #309

  • fix(deps): uninstall node-jose #339

  • neverthrow^2.7.1 (from feat: Using neverthrow to explicitly handle errors in AuthController #332)

mantariksh and others added 28 commits September 15, 2020 17:44
build: [develop] Release 4.35.0
* fix(dev): fix server hot reloading

* fix(dev): switch to localstack edge port

* fix(dev): use default init method for localstack

* docs: add explanation for AWS entrypoint
* fix(deps): bump helmet from 3.23.1 to 4.1.0

Bumps [helmet](https://github.com/helmetjs/helmet) from 3.23.1 to 4.1.0.
- [Release notes](https://github.com/helmetjs/helmet/releases)
- [Changelog](https://github.com/helmetjs/helmet/blob/master/CHANGELOG.md)
- [Commits](helmetjs/helmet@v3.23.1...v4.1.0)

Signed-off-by: dependabot[bot] <[email protected]>
(cherry picked from commit 2437e8dd442a3ef071617b2fe396b667145c5dd9)

* chore: import nocache

* fix: merge conflicts

* fix: declare type of cspDirective

* test: check that helmet sets the correct headers

* fix: replace helmet.noCache with nocache

* docs: explain why if statement is necessary for optional directives

* chore: improve tests

* chore: update styleSrc in tests

* docs: link to helmetjs issue on falsey values

* chore: shift mock implementations to beforeEach

* refactor: use mockReturnValue instead of mockImplementation

* chore: remove unnecessary mock function implementation which returns undefined

* chore: simplify csp tests and make them stricter

* chore: use beforeAll and clearAllMocks

* refactor: mockReturnValue instead of mockImplementation

* fix: set correct mockFeatureManager.props for !cspReportUri

* refactor: shift cspCoreDirective constant up

* chore: add tests for hsts

* fix: use ContentSecurityPolicyOptions for type

* refactor: filter for hsts middleware instead of using array index

* chore: include param for expect mockHelmet.hsts to have been called

Co-authored-by: Antariksh Mahajan <[email protected]>

* refactor: use find() instead of filter()

* fix: set correct default value for secure

* chore: rename test folder

* chore: check that next() is called correctly by hstsMiddleware

* chore: remove unnecessary mockReturnValue for mockHelmet.hsts

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Antariksh Mahajan <[email protected]>
Bumps [concurrently](https://github.com/kimmobrunfeldt/concurrently) from 3.6.1 to 5.3.0.
- [Release notes](https://github.com/kimmobrunfeldt/concurrently/releases)
- [Commits](kimmobrunfeldt/concurrently@3.6.1...v5.3.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [whatwg-fetch](https://github.com/github/fetch) from 3.0.0 to 3.4.1.
- [Release notes](https://github.com/github/fetch/releases)
- [Commits](JakeChampion/fetch@v3.0.0...v3.4.1)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [winston](https://github.com/winstonjs/winston) from 3.2.1 to 3.3.3.
- [Release notes](https://github.com/winstonjs/winston/releases)
- [Changelog](https://github.com/winstonjs/winston/blob/master/CHANGELOG.md)
- [Commits](winstonjs/winston@3.2.1...v3.3.3)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(deps): bump async from 1.5.2 to 3.2.0

Bumps [async](https://github.com/caolan/async) from 1.5.2 to 3.2.0.
- [Release notes](https://github.com/caolan/async/releases)
- [Changelog](https://github.com/caolan/async/blob/master/CHANGELOG.md)
- [Commits](caolan/async@v1.5.2...v3.2.0)

Signed-off-by: dependabot[bot] <[email protected]>

* fix(deps): uninstall async

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Antariksh Mahajan <[email protected]>
Needed for test environment to remove console log spam during tests
chore: [develop] release 4.35.1 hotfix
* chore: update travis.yml

It will now install a pinned version of localstack and use the chrome addon instead of downloading from apt

* chore: pin localstack version

* chore: remove code related to localstack from travis.yml

* build: re-enable e2e tests

Co-authored-by: Antariksh Mahajan <[email protected]>
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 10.2.11 to 10.4.0.
- [Release notes](https://github.com/okonet/lint-staged/releases)
- [Commits](lint-staged/lint-staged@v10.2.11...v10.4.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [ts-node](https://github.com/TypeStrong/ts-node) from 8.10.2 to 9.0.0.
- [Release notes](https://github.com/TypeStrong/ts-node/releases)
- [Commits](TypeStrong/ts-node@v8.10.2...v9.0.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [eslint](https://github.com/eslint/eslint) from 7.8.1 to 7.9.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v7.8.1...v7.9.0)

Signed-off-by: dependabot[bot] <[email protected]>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(deps): bump celebrate from 12.2.0 to 13.0.3

Bumps [celebrate](https://github.com/arb/celebrate) from 12.2.0 to 13.0.3.
- [Release notes](https://github.com/arb/celebrate/releases)
- [Commits](arb/celebrate@v12.2.0...v13.0.3)

Signed-off-by: dependabot[bot] <[email protected]>

* fix: update how error message is extracted from celebrate errors

* feat: add return typing for errorHandlerMiddlewares

* feat: remove unused error message interpolation from rebase

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kar Rui Lau <[email protected]>
* fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

* fix: uninstall node-jose

Co-authored-by: Antariksh Mahajan <[email protected]>
* feat: Filter Storage Mode Responses by Submission Id (updated 2020-09-13)

* Update page design so that it is compatible with tablets and everything is on one row

* Update CSS for iPad
* fix(deps): bump csv-parse from 4.10.1 to 4.12.0

Bumps [csv-parse](https://github.com/wdavidw/node-csv-parse) from 4.10.1 to 4.12.0.
- [Release notes](https://github.com/wdavidw/node-csv-parse/releases)
- [Changelog](https://github.com/adaltas/node-csv-parse/blob/master/CHANGELOG.md)
- [Commits](adaltas/node-csv-parse@v4.10.1...v4.12.0)

Signed-off-by: dependabot[bot] <[email protected]>

* fix(deps-dev): move csv-parse to dev deps

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Antariksh Mahajan <[email protected]>
* fix(deps): bump csv-string from 3.2.0 to 4.0.1

Bumps [csv-string](https://github.com/Inist-CNRS/node-csv-string) from 3.2.0 to 4.0.1.
- [Release notes](https://github.com/Inist-CNRS/node-csv-string/releases)
- [Commits](Inist-CNRS/node-csv-string@v3.2.0...v4.0.1)

Signed-off-by: dependabot[bot] <[email protected]>

* fix: use correctly imported stringify function

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Kar Rui Lau <[email protected]>
#332)

* chore: add neverthrow package for explicit error handling

* feat: add core DatabaseError

* refactor(AuthService): rename and convert getAgencyWithEmail to Result

* test(Auth): update tests to use new validateEmailDomain function

* refactor(Auth): inline validate middleware into /checkuser endpoint

* refactor(Auth): inline validate middleware into /sendotp endpoint

* refactor(Auth): inline validate middleware into /verifyotp endpoint

* refactor(Auth): remove unused auth.middlewares

* refactor(Auth): remove unused imports/types after middleware removal

* refactor(AuthService): use validateEmailDomain with ResultAsync return

* refactor(AuthService): update createLoginOtp with ResultAsync return

* refactor(AuthService): update verifyLoginOtp with ResultAsync return

* fix: fix typo in logger action and remove unused imports

* refactor(MailUtils): update generateLoginOtpHtml to return ResultAsync

* refactor: update sendLoginOtp to return ResultAsync

* refactor: update handleLoginSendOtp to chain ResultAsync calls

* refactor(AuthController): update handleLoginVerifyOtp to chain

* fix: remove unused imports and remove null assertion

* feat: update comments and tests names to return error instead of throw

* chore: update travis.yml

It will now install a pinned version of localstack and use the chrome addon instead of downloading from apt

* feat(AuthController): add explicit undefined check for req.session

* refactor(UserService): update upsertUser function to ResultAsync

* refactor(AuthController): use updated UserService#retrieveUser fn

* feat(AuthController): add logging for unknown errors observed

* refactor(Auth): extract mapRouteError into auth.utils file
* transfer code from old repo

* some frontend changes

* refactor authActiveForm to add admin permission

* fix dropdown hidden in scroll

* add tests

* do not save form in schema transferOwner

* add logging when failed verifyPersmission

* fix logging; use Joi to validate email field

* update test

* update mobile css

* remove PERMISSION.ADMIN and use PERMISSION.DELETE

* fix lint

* fix lint and rebase

* update logging format

* remove duplicated code

* fix mobile view close button

* refactor frontend

* shift collaborator related code to collaborator-modal client controller

* cannot add ownself as owner

* refresh admin-form myform when collab myform changes

* shift success message to the top

* reset messages when saveCollabEmail

* set spacing between email and dropdown to 10px

* fix rebase

* remove letter spacing; fix mobile add collab button

* fix spelling; add typescript return type

* Update error message

* Fix positioning of cancel button

* Fix sizing of avatar

Co-authored-by: Arshad Ali <[email protected]>
* Update version of spcp client

* Update package-lock

Co-authored-by: Arshad Ali <[email protected]>
@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@karrui
Form transfer

  • Mobile view of collaborator modal works
  • Able to transfer ownership to collaborator for encrypt forms (existing owner should become collaborator and only have edit access)
  • Able to add a collaborator with read access to encrypt forms
  • Able to add a collaborator with edit access to encrypt forms
  • Able to add a collaborator with edit access to email forms

@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@arshadali172
Automate critical bounce handling

  • Create an email mode form where there are two email recipients, one valid and one invalid. Submit the form. The form should remain active and the valid admin should not receive any automated critical bounce emails. In the database, check that the document for this form in the Bounce collection has been updated correctly with hasBounced: true and bounceType: Permanent for the invalid email recipient.
  • Change the recipients such that all recipients are invalid. Add a collaborator with a valid email. Submit the form. The form should be deactivated, and both the admin and collaborator should receive an email following the permanent bounce template notifying them of the critical bounce.
  • In production, BOUNCE_LIFE_SPAN has been updated to 86400000 (24h in milliseconds).
  • In production CloudWatch queries and dashboard widgets, Critical bounce has been changed to Bounced submission.

@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@shuli-ogp
Filter Storage Mode Responses by Submission Id

  • Create a storage mode form. Submit 5 responses. Input a valid submission ID. Check that only the correct submission is shown now
  • Input a random submission ID. Check that no submissions are shown

@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@karrui
remove Localstack from end-to-end tests

  • Test that storage mode attachments work.

@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@mantariksh
Upgrade helmet to v4.1.0

  • Check that the following CSPs are present: defaultSrc, imgSrc, fontSrc, scriptSrc, connectSrc, frameSrc, objectSrc, styleSrc, formAction, upgradeInsecureRequests, reportUri
  • imgSrc / connectSrc: check that image can be uploaded correctly for form
  • fontSrc: check that SG government banner renders correctly
  • scriptSrc / frameSrc / styleSrc: check that captcha works and is rendered correctly

@tshuli
Copy link
Contributor Author

tshuli commented Sep 22, 2020

@arshadali172

  • General run through on IE and Intranet

@tshuli tshuli merged commit 211efe7 into release Sep 22, 2020
@tshuli tshuli deleted the release-4.36.0 branch September 22, 2020 08:22
@karrui karrui restored the release-4.36.0 branch September 29, 2020 03:27
@karrui karrui deleted the release-4.36.0 branch September 29, 2020 07:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants