Fixing emails to go through SendGrid in dev & production

Gemfile

@@ -103,6 +103,8 @@ group :development do
   gem 'asciidoctor'
   gem 'capistrano'
   # gem 'rack-mini-profiler'
+  gem 'better_errors'
+  gem 'binding_of_caller'
   gem 'web-console'
 end
 

Gemfile.lock

@@ -91,8 +91,14 @@ GEM
     awesome_print (1.9.2)
     base64 (0.2.0)
     bcrypt (3.1.20)
+    better_errors (2.10.1)
+      erubi (>= 1.0.0)
+      rack (>= 0.9.0)
+      rouge (>= 1.0.0)
     bigdecimal (3.1.7)
     bindex (0.8.1)
+    binding_of_caller (1.0.1)
+      debug_inspector (>= 1.2.0)
     bootsnap (1.18.3)
       msgpack (~> 1.2)
     brakeman (6.1.2)
@@ -129,6 +135,7 @@ GEM
     debug (1.9.2)
       irb (~> 1.10)
       reline (>= 0.3.8)
+    debug_inspector (1.2.0)
     devise (4.9.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -314,6 +321,7 @@ GEM
       actionpack (>= 5.2)
       railties (>= 5.2)
     rexml (3.2.6)
+    rouge (4.2.1)
     rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
@@ -450,6 +458,8 @@ DEPENDENCIES
   attribute_normalizer
   awesome_print
   bcrypt (~> 3.1.7)
+  better_errors
+  binding_of_caller
   bootsnap
   brakeman
   capistrano

app/controllers/application_controller.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'colorize'
+
 # General controller configuration and helpers.
 class ApplicationController < ActionController::Base
   protect_from_forgery with: :exception
@@ -11,27 +13,39 @@ class ApplicationController < ActionController::Base
   before_action :configure_permitted_parameters, if: :devise_controller?
 
   # By default, enable friendly forwarding if user is logged in
-  before_action :set_redirect_path, unless: :user_signed_in?
+  before_action :redirect_path, unless: :user_signed_in?
 
   add_flash_types :info, :error, :warning
 
   protected
 
-  def set_redirect_path
-    @redirect_path = request.path
+  def stripe_publishable_api_key
+    @stripe_publishable_api_key ||= ::Rails.application.credentials[Rails.env.to_sym].stripe.publishable_api_key
+  end
+
+  def stripe_secret_api_key
+    @stripe_secret_api_key ||= ::Rails.application.credentials[Rails.env.to_sym].stripe.secret_api_key
   end
 
   # Override a Devise method
   def after_sign_in_path_for(resource)
-    if params[:redirect_to].present?
-      store_location_for(resource, params[:redirect_to])
+    if redirect_to_param.present?
+      store_location_for(resource, redirect_to_param)
     elsif request.referer == Routing.routes.new_user_session_url
       super
     else
       stored_location_for(resource) || request.referer || root_path
     end
   end
 
+  def redirect_path
+    @redirect_path = redirect_to_param || request.path
+  end
+
+  def redirect_to_param
+    @redirect_to_param ||= params.permit(:redirect_to)[:redirect_to]
+  end
+
   def require_site_admin
     redirect_to root_path unless current_user.site_admin?
   end
@@ -71,9 +85,19 @@ def alert_log_level(alert_type)
     end
   end
 
+  def alert_log_color(alert_type)
+    case alert_type
+    when 'notice' then :blue
+    when 'error', 'alert' then :red
+    when 'warning' then :yellow
+    end
+  end
+
   def render_flash(flash)
     flash.each do |type, msg|
       log_level = alert_log_level(type) || :error
+      color = alert_log_color(type)
+      msg = msg.colorize(color).colorize(:bold) if color
       Rails.logger.send(log_level, msg)
     end
 

app/controllers/payments_controller.rb

@@ -4,17 +4,16 @@ class PaymentsController < ApplicationController
   before_action :authenticate_user!
 
   def show
-    @payment = Payment.find(params[:id])
+    @payment = Payment.find(permit_params[:id])
     @charge = Stripe::Charge.retrieve(@payment.stripe_charge_id) if @payment.stripe_charge_id
     @ticket_request = @payment.ticket_request
     @event = @ticket_request.event
     redirect_to root_path unless @payment.can_view?(current_user)
   end
 
   def new
-    @ticket_request = TicketRequest.find(params[:ticket_request_id])
+    @ticket_request = TicketRequest.find(permit_params[:ticket_request_id])
     return redirect_to root_path unless @ticket_request.can_view?(current_user)
-    return redirect_to payment_path(@ticket_request.payment) if @ticket_request.payment
 
     @event = @ticket_request.event
 
@@ -33,7 +32,7 @@ def new
   end
 
   def create
-    @payment = Payment.new(params[:payment])
+    @payment = Payment.new(permit_params[:payment])
     return redirect_to root_path unless @payment.can_view?(current_user)
 
     if @payment.save_and_charge!
@@ -49,19 +48,19 @@ def create
   end
 
   def other
-    @ticket_request = TicketRequest.find(params[:ticket_request_id])
+    @ticket_request = TicketRequest.find(permit_params[:ticket_request_id])
     return redirect_to root_path unless @ticket_request.can_view?(current_user)
     return redirect_to payment_path(@ticket_request.payment) if @ticket_request.payment
 
     @user = @ticket_request.user
   end
 
   def sent
-    @ticket_request = TicketRequest.find(params[:ticket_request_id])
+    @ticket_request = TicketRequest.find(permit_params[:ticket_request_id])
     return redirect_to root_path unless @ticket_request.can_view?(current_user)
 
     @payment = Payment.new(ticket_request_id: @ticket_request.id,
-                           explanation: params[:explanation],
+                           explanation: permit_params[:explanation],
                            status: Payment::STATUS_IN_PROGRESS)
     if @payment.save
       flash[:notice] = "We've recorded that your payment is en route"
@@ -73,7 +72,7 @@ def sent
   end
 
   def mark_received
-    @ticket_request = TicketRequest.find(params[:ticket_request_id])
+    @ticket_request = TicketRequest.find(permit_params[:ticket_request_id])
     return redirect_to root_path unless @ticket_request.can_view?(current_user)
 
     @payment = Payment.where(ticket_request_id: @ticket_request.id,
@@ -87,4 +86,22 @@ def mark_received
       redirect_to :back
     end
   end
+
+  private
+
+  def permit_params
+    params.permit(
+      :id,
+      :ticket_request_id,
+      payment: %i[
+        ticket_request_id
+        ticket_request_attributes
+        status
+        stripe_card_token
+        explanation
+      ]
+    )
+          .to_hash
+          .with_indifferent_access
+  end
 end

app/controllers/ticket_requests_controller.rb

@@ -153,18 +153,29 @@ def create
         redirect_to new_payment_url(ticket_request_id: @ticket_request)
       end
     rescue StandardError => e
-      Rails.logger.error("Error saving request: #{e.message}\n\n#{@ticket_request.errors.full_messages.join(', ')}")
-      flash.now[:error] = "Error saving request: #{e.message}<br ><ul>#{@ticket_request.errors.full_messages.join("\n<li>")}"
+      Rails.logger.error("Error Processing Ticket Send Request: #{e.message}\n\n#{@ticket_request.errors.full_messages.join(', ')}")
+      @ticket_request.destroy if @ticket_request.persisted?
+      flash.now[:error] =
+        "Error Processing Ticket Request — #{e.message}. Please contact the Event Admins and let them know — #{@event.admin_contacts.join(', ')}."
       render_flash(flash)
     end
   end
   # rubocop: enable Metrics/AbcSize
 
   def update
     # Allow ticket request to edit guests and nothing else
-    permitted_params[:ticket_request].slice!(:guests) unless @event.admin?(current_user)
+    ticket_request_params = permitted_params[:ticket_request]
 
-    if @ticket_request.update(permitted_params[:ticket_request])
+    guests = (Array(ticket_request_params[:guest_list]) || []).flatten
+    ticket_request_params.delete(:guest_list)
+
+    Rails.logger.info("guests: #{guests.inspect}")
+    Rails.logger.info("params: #{permitted_params.inspect}")
+
+    ticket_request_params[:guests] = guests
+    Rails.logger.info("ticket_request_params: #{ticket_request_params.inspect}")
+
+    if @ticket_request.update(ticket_request_params)
       redirect_to event_ticket_request_path(@event, @ticket_request)
     else
       render action: 'edit'
@@ -177,12 +188,12 @@ def approve
         user:   current_user,
         target: @ticket_request
       ).fire!
-      flash[:notice] = "#{@ticket_request.user.name}'s request was approved"
+      flash.now[:notice] = "#{@ticket_request.user.name}'s request was approved"
     else
-      flash[:error] = "Unable to approve #{@ticket_request.user.name}'s request"
+      flash.now[:error] = "Unable to approve #{@ticket_request.user.name}'s request"
     end
 
-    redirect_to event_ticket_requests_path(@event)
+    render_flash(flash) && redirect_to(event_ticket_requests_path(@event))
   end
 
   def decline
@@ -196,13 +207,18 @@ def decline
       flash[:error] = "Unable to decline #{@ticket_request.user.name}'s request"
     end
 
-    redirect_to event_ticket_requests_path(@event)
+    render_flash(flash) && redirect_to(event_ticket_requests_path(@event))
   end
 
   def resend_approval
-    TicketRequestMailer.request_approved(@ticket_request).deliver_now if @ticket_request.awaiting_payment?
+    unless @ticket_request.awaiting_payment?
+      flash.now[:error] = 'Ticket request does not qualify for a payment yet.'
+      return render_flash(flash)
+    end
 
-    redirect_to event_ticket_requests_path(@event)
+    TicketRequestMailer.request_approved(@ticket_request).deliver_now
+    flash.now[:notice] = 'Approval requests has been resent.'
+    render_flash(flash)
   end
 
   def revert_to_pending
@@ -224,7 +240,13 @@ def refund
   private
 
   def set_event
-    @event = Event.where(id: permitted_params[:event_id].to_i).first
+    event_id = permitted_params[:event_id].to_i
+    Rails.logger.debug { "#set_event() => event_id = #{event_id}, params[:event_id] => #{permitted_params[:event_id]}" }
+    @event = Event.where(id: event_id).first
+    if @event.nil?
+      flash.now[:error] = "Event with id #{event_id} was not found."
+      raise ArgumentError, flash.now[:error]
+    end
   end
 
   def set_ticket_request
@@ -241,33 +263,33 @@ def permitted_params
       :password,
       :authenticity_token,
       :commit,
-      ticket_request: %i[
-        user_id
-        adults
-        kids
-        cabins
-        needs_assistance
-        notes
-        special_price
-        event_id
-        user
-        donation
-        role
-        role_explanation
-        car_camping
-        car_camping_explanation
-        previous_contribution
-        address_line1
-        address_line2
-        city
-        state
-        zip_code
-        country_code
-        admin_notes
-        agrees_to_terms
-        early_arrival_passes
-        late_departure_passes
-        guests
+      ticket_request: [
+        :user_id,
+        :adults,
+        :kids,
+        :cabins,
+        :needs_assistance,
+        :notes,
+        :special_price,
+        :event_id,
+        :user,
+        :donation,
+        :role,
+        :role_explanation,
+        :car_camping,
+        :car_camping_explanation,
+        :previous_contribution,
+        :address_line1,
+        :address_line2,
+        :city,
+        :state,
+        :zip_code,
+        :country_code,
+        :admin_notes,
+        :agrees_to_terms,
+        :early_arrival_passes,
+        :late_departure_passes,
+        { guest_list: [] }
       ]
     )
           .to_hash

app/helpers/application_helper.rb

@@ -16,10 +16,6 @@ def help_mark(help_text, options = {})
     end
   end
 
-  def stripe_publishable_api_key
-    TicketBooth::Application.config.x.stripe.public_key
-  end
-
   def alert_class(alert_type)
     case alert_type
     when 'notice' then 'alert-info'

app/javascript/add_jquery.js

@@ -8,7 +8,15 @@ addEventListener("turbo:before-frame-render", (event) => {
   if (document.startViewTransition) {
     const originalRender = event.detail.render
     event.detail.render = (currentElement, newElement) => {
-      document.startViewTransition(()=> originalRender(currentElement, newElement))
+      document.startViewTransition(() => originalRender(currentElement, newElement))
     }
   }
 })
+
+
+// open a popup
+window.popupWindow = function(url, windowName, win, w, h) {
+  const y = win.top.outerHeight / 2 + win.top.screenY - (h / 2);
+  const x = win.top.outerWidth / 2 + win.top.screenX - (w / 2);
+  return win.open(url, windowName, `toolbar=no, location=no, directories=no, status=no, menubar=no, scrollbars=no, resizable=no, copyhistory=no, width=${w}, height=${h}, top=${y}, left=${x}`);
+};